Sujet Précédent Sujet Suivant

Virus (bagle)

Résolu/Fermé
kwon Messages postés 75 Date d'inscription dimanche 15 juillet 2007 Statut Membre Dernière intervention 18 mai 2009 - 22 mai 2008 à 19:50
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 13 déc. 2008 à 18:29
Bonjour,
j'ai un très gros problème, il y une semaine j'ai eu un virus dont je ne suis pas sûre mai je crois qui s'appelle "bagle" à se qu'il paraît. Du coup, j'ai eu un problème de wifi (871122) que j'ai réussi à réparer en allant sur des forums. Mais le gros problème c'est que mon antivirus ne marchait pas après que ordi soit atteint de ce virus, donc je l'ai désinstaller et mnt la réinstallation ne marche plus et le virus propage tjrs sur mon ordi. J'aimerai savoir comment est-ce que je pourrai détruire ce satané virus?

Merci d'avance pour vos réponses.

76 réponses

Précédent
Réponse 41 / 76
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
28 mai 2008 à 00:09
ok

on le retirera avec combofix demain

excuse mais la faut que je dorme

bonne nuit

@ demain :)
0
Réponse 42 / 76
kwon Messages postés 75 Date d'inscription dimanche 15 juillet 2007 Statut Membre Dernière intervention 18 mai 2009 1
2 juin 2008 à 22:53
bon bein, je te remercie pour toute cette aide que tu m'as fourni ,car j'étais vraiment dans la merde avec ce virus.
Et puisque tu ne me repond plu, j'en conclu que l'affaire est résolu ,et mon ordinateur remarche à la perfection grâce à ton aide.^^ Merci encore.
0
Réponse 43 / 76
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
2 juin 2008 à 22:56
Salut know,

je t´aurais zappé ?!

desolé

tes nouvelles en tout cas sont bonnes ;-)

peux tu me montrer encore un rapport hijack this stp

@+
0
Réponse 44 / 76
kwon Messages postés 75 Date d'inscription dimanche 15 juillet 2007 Statut Membre Dernière intervention 18 mai 2009 1
3 juin 2008 à 22:16
Salut g!rly ;

voilà le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14, on 2008-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\ESM2\Stms.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\ESM2\EBRR.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe
C:\Program Files\NTR global\NTRconnect\ntrconnect.exe
C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4C907918-2338-4FC3-A890-4D7A72E1B00C} - C:\WINDOWS\system32\audiodfv.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\TANVIR_2\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\TANVIR_2\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/UPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S8D1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-740320996-2131964287-317547509-1007\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-740320996-2131964287-317547509-1007\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User '?')
O4 - HKUS\S-1-5-21-740320996-2131964287-317547509-1007\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User '?')
O4 - HKUS\S-1-5-21-740320996-2131964287-317547509-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-740320996-2131964287-317547509-1007\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe (User '?')
O4 - HKUS\S-1-5-21-740320996-2131964287-317547509-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-740320996-2131964287-317547509-1007 Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User '?')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://www.ntrconnect.com/main/mod/setup/ntractivex118_24.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NTRconnect (ntrconnect) - Net Transmit & Receive - C:\Program Files\NTR global\NTRconnect\ntrconnect.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Odyssey Client for ZyXEL (odClientService) - Funk Software, Inc. - C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 76
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
3 juin 2008 à 23:05
salut kwon,

on va tenté de mettre de l´ordre la dedans :

dans un premier temps :

a l´aide de hijack this coche et fix :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: (no name) - {4C907918-2338-4FC3-A890-4D7A72E1B00C} - C:\WINDOWS\system32\audiodfv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-740320996-2131964287-317547509-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

puis

important :

regarde ce tutorial pour mettre ta console java a jour :

https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou oublie completement acrobat reader et instales foxit plus léger a la place:

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

pour voir si il n´y a plus de trace de bagle :

Ouvre le menu démarrer et clic sur 'Exécuter' puis tape cmd et valide
Dans la fenêtre de l'invite de commande copie et colle ceci:
findstr /S /I /M /L "Themida" C:\*.exe>>C:\Startvir.txt
Une fois que la commande aura finie de s'exécuter, copie et colle sur le forum le contenu de C:\Startvir.txt.
Le fichier peut être vide si rien n'a été détecté, auquel cas tu me le précisera dans ta prochaine réponse.

@+
0
Réponse 46 / 76
kwon Messages postés 75 Date d'inscription dimanche 15 juillet 2007 Statut Membre Dernière intervention 18 mai 2009 1
4 juin 2008 à 16:26
Salut,

C:\Startvir.txt. est vide.
0
Réponse 47 / 76
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
4 juin 2008 à 18:38
salut,

ok c´est cool ;-)

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

zone alarm aussi tu peux le troquer contre :

Comodo 3 pro plus performant

http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

tuto : https://www.malekal.com/tutorial-comodo-firewall/

des antispywares residents :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : https://www.malekal.com/tutorial-spywareblaster/

et

spyware gard :

https://www.zebulon.fr/dossiers/securite/47-spywareguard.html

puis

pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

http://www.mozilla-europe.org/fr/

plugins : ad block plus, no script ect...

https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

voila

@+
0
Réponse 48 / 76
kwon Messages postés 75 Date d'inscription dimanche 15 juillet 2007 Statut Membre Dernière intervention 18 mai 2009 1
7 juin 2008 à 11:46
ok,merci pr ton aide, et pour les antivirus,antyspyware que tu m'as sugeré je préfère les installer plu tard (ds 2 semaines), car ces derniers temps je sui assez occupé avec les examens de fin d'année^^.
Et merci pour tout.
0
Réponse 49 / 76
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 juin 2008 à 11:53
ok kwon`
tu passes le bac !?
bonne chance > merde !
;-)
0
Réponse 50 / 76
kwon Messages postés 75 Date d'inscription dimanche 15 juillet 2007 Statut Membre Dernière intervention 18 mai 2009 1
30 juin 2008 à 16:12
salut g!rly je viens de finir les examens et j'ai deja des problemes...
Et bien il y deux jours je voulais installer google earth 4.2 sur un site : http://xwarezzz.com/utilities/422/google-earth-4202055730-keygen-crack-serial-patch.html
et bien je l'ai installé ,et je pense qu'il y avait avec un spyware. Et mon fond d'ecran a changé tout seul ( c'est un fond écran bleu et dessus c'est marqué "Warning spyware detected on your computer! install an antivirus or spayware remover to clean your computer") et après le téléchargement il y avait ossi deux (faux) antivirus qui s'était installé"antivirus XP 2008" et " malware Protector 2008" voilà et je sais pas koi faire. J'AI BESOIN DE TON AAAAIIIIIIIIIDDE!
0
Réponse 51 / 76
kwon Messages postés 75 Date d'inscription dimanche 15 juillet 2007 Statut Membre Dernière intervention 18 mai 2009 1
30 juin 2008 à 16:22
et il y a souvent une fenêtre qui s'ouvre:

"System Error!

Attention! Some dangerous trojan horses detected in your system. microsoft Windows XP files corrupted.
This may lead to the destruction of important files in C:\WINDOWS. download protection software now!

Click OK to download the antispyware. (Recommended) "

et losrque j'allume l'ordinateur il y plusieur fenêtre du console qui s'ouvrent.
0
Réponse 52 / 76
kwon Messages postés 75 Date d'inscription dimanche 15 juillet 2007 Statut Membre Dernière intervention 18 mai 2009 1
30 juin 2008 à 20:15
et voilà aussi un rapport hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14, on 2008-06-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NTR global\NTRconnect\ntrconnect.exe
C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe
C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\lphc3f8j0eaaa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\ESM2\Stms.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Apoint\Apntex.exe
C:\ESM2\EBRR.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [lphc3f8j0eaaa] C:\WINDOWS\system32\lphc3f8j0eaaa.exe
O4 - HKLM\..\Run: [Sys41.exe] C:\Windows\Sys41.exe
O4 - HKLM\..\Run: [Sys42.exe] C:\Windows\Sys42.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SMshc5f8j0eaaa] C:\Program Files\shc5f8j0eaaa\shc5f8j0eaaa.exe
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\spurkcpw.dll",b
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\TANVIR_2\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\TANVIR_2\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/UPREBOOT /temp /patched"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9056] command /c del "C:\WINDOWS\system32\awtuspqo.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S8D1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Sys41.exe] C:\Windows\Sys41.exe
O4 - HKCU\..\Run: [Sys42.exe] C:\Windows\Sys42.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4546] command /c del "C:\WINDOWS\system32\awtuspqo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5837] cmd /c del "C:\WINDOWS\system32\awtuspqo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4825] command /c del "C:\WINDOWS\pntqkflv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD120] cmd /c del "C:\WINDOWS\pntqkflv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6734] command /c del "C:\WINDOWS\gxvpsafm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3627] cmd /c del "C:\WINDOWS\gxvpsafm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5521] command /c del "C:\WINDOWS\qegbdmwf.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9832] cmd /c del "C:\WINDOWS\qegbdmwf.dll_old"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://www.ntrconnect.com/main/mod/setup/ntractivex118_24.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O21 - SSODL: SetupSys - {4d8c94ee-75a2-4e9d-ae97-8f854c7e6164} - C:\WINDOWS\Resources\SetupSys.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NTRconnect (ntrconnect) - Net Transmit & Receive - C:\Program Files\NTR global\NTRconnect\ntrconnect.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Odyssey Client for ZyXEL (odClientService) - Funk Software, Inc. - C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
0
Réponse 53 / 76
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
30 juin 2008 à 20:19
oulalala...

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Post un nouveau rapport hijack this aussi

@+
0
Réponse 54 / 76
kwon Messages postés 75 Date d'inscription dimanche 15 juillet 2007 Statut Membre Dernière intervention 18 mai 2009 1
30 juin 2008 à 22:24
voilà le rapport de ComFix:

ComboFix 08-06-20.4 - TANVIR_2 2008-06-30 21:50:19.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.116 [GMT 2:00]
Endroit: C:\Documents and Settings\TANVIR_2\Bureau\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\TANVIR_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk
C:\Program Files\Bodrag
C:\Program Files\Bodrag\Wipe Expert\WipeExpert.log
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Program Files\Spn
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\WINDOWS\_wi57.tmp
C:\WINDOWS\erwg.exe
C:\WINDOWS\resources\SetupSys.dll
C:\WINDOWS\ST6UNST.002
C:\WINDOWS\system32\931928
C:\WINDOWS\system32\931928\931928.dll
C:\WINDOWS\system32\byXOfeeD.dll
C:\WINDOWS\system32\DeefOXyb.ini
C:\WINDOWS\system32\DeefOXyb.ini2
C:\WINDOWS\system32\jlcrkeua.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nalsnwka.ini
C:\WINDOWS\system32\oqpsutwa.ini
C:\WINDOWS\system32\oqpsutwa.ini2
C:\WINDOWS\system32\wpckrups.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
.

2008-06-30 15:44 . 2008-06-30 15:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-30 15:42 . 2008-06-30 15:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\shc5f8j0eaaa
2008-06-30 14:58 . 2008-06-30 14:58 91,520 --a------ C:\WINDOWS\system32\auekrclj.dll
2008-06-30 14:12 . 2008-06-30 14:12 158 --a------ C:\runner.bat
2008-06-29 13:26 . 2008-06-29 13:26 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\shc5f8j0eaaa
2008-06-28 23:27 . 2008-06-28 23:27 26,624 --a------ C:\WINDOWS\system32\oggview.dll
2008-06-28 20:41 . 2008-06-28 20:41 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\AXPFixer
2008-06-28 09:01 . 2008-06-28 09:01 <REP> d-------- C:\Program Files\ESET
2008-06-28 09:01 . 2008-06-28 09:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-28 08:16 . 2008-06-28 08:16 28,800 --a------ C:\WINDOWS\system32\vtUoMcYo.dll
2008-06-28 08:12 . 2008-06-28 10:32 <REP> d-------- C:\Program Files\PCHealthCenter
2008-06-28 08:09 . 2008-06-28 08:09 28,800 --a------ C:\WINDOWS\system32\qoMdBUNh.dll
2008-06-28 08:07 . 2008-06-28 08:07 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\rhc7f8j0eaaa
2008-06-28 08:07 . 2008-06-28 08:07 94,208 --a------ C:\WINDOWS\system32\pphc3f8j0eaaa.exe
2008-06-28 08:06 . 2008-06-28 04:49 303,104 --a------ C:\WINDOWS\gfetqaxssde.dll
2008-06-28 08:06 . 2008-06-28 08:06 109,056 --a------ C:\WINDOWS\system32\lphc3f8j0eaaa.exe
2008-06-28 08:06 . 2008-06-30 21:46 90,838 --a------ C:\WINDOWS\system32\phc3f8j0eaaa.bmp
2008-06-28 08:06 . 2008-06-28 04:49 81,920 --a------ C:\WINDOWS\tovafrnm.exe
2008-06-28 08:06 . 2008-06-30 21:46 60,928 --a------ C:\WINDOWS\system32\blphc3f8j0eaaa.scr
2008-06-27 20:07 . 2008-06-27 20:09 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Juce VST Host
2008-06-26 17:03 . 2008-06-27 20:40 <REP> d-------- C:\Program Files\VstPlugins
2008-06-26 17:03 . 2008-06-26 17:03 <REP> d-------- C:\Program Files\ASIO4ALL v2
2008-06-26 17:03 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-06-26 17:00 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-06-26 16:16 . 2008-06-26 16:16 <REP> d-------- C:\Program Files\Outsim
2008-06-26 15:12 . 2008-06-26 17:04 <REP> d-------- C:\Program Files\Image-Line
2008-06-25 23:23 . 2008-06-25 23:24 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\MyLogoMaker
2008-06-25 23:18 . 2008-06-25 23:18 <REP> d-------- C:\Program Files\MySoftware
2008-06-23 15:54 . 2008-06-27 22:46 <REP> d-------- C:\Program Files\Notepad++
2008-06-23 15:54 . 2008-06-24 00:33 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Notepad++
2008-06-22 16:40 . 2008-06-22 16:40 <REP> d-------- C:\Program Files\CCleaner
2008-06-16 19:09 . 2008-06-16 22:39 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Dev-Cpp
2008-06-16 19:07 . 2008-06-16 19:08 <REP> d-------- C:\Dev-Cpp
2008-06-16 15:54 . 2008-06-22 19:40 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\codeblocks
2008-06-16 15:53 . 2008-06-16 15:54 <REP> d-------- C:\Program Files\CodeBlocks
2008-06-15 12:54 . 2008-06-15 12:54 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\dvdcss
2008-06-14 15:29 . 2008-06-14 15:31 <REP> d-------- C:\Program Files\Everest Ultimate Edition 2007
2008-06-14 09:44 . 2008-06-14 09:44 <REP> d-------- C:\Program Files\Ares
2008-06-12 23:10 . 2008-06-12 23:10 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Nero
2008-06-12 23:03 . 2008-06-12 23:07 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-06-12 23:03 . 2008-06-12 23:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-12 22:54 . 2008-06-13 15:13 <REP> d-------- C:\Program Files\AskTBar
2008-06-11 13:50 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:50 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 14:42 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 23:00 . 2008-06-12 15:39 893 --a------ C:\WINDOWS\system32\apexconverter.exe.stackdump
2008-05-27 12:35 . 2008-05-27 12:35 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Malwarebytes
2008-05-27 12:35 . 2008-05-27 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-24 13:03 . 2008-06-30 21:42 24,051,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-24 13:03 . 2008-06-30 21:42 257,312 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-24 12:57 . 2008-05-24 12:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-24 12:57 . 2008-05-24 13:01 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-24 12:56 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-05-24 12:56 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-05-24 12:56 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-05-24 12:56 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-05-24 12:55 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-05-24 12:53 . 2008-05-24 12:56 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-24 12:53 . 2008-05-24 12:53 <REP> d-------- C:\Program Files\Zone Labs
2008-05-24 12:53 . 2008-04-02 21:07 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-05-24 12:53 . 2008-06-30 21:45 358,382 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-05-24 12:52 . 2008-06-30 21:44 <REP> d-------- C:\WINDOWS\Internet Logs
2008-05-24 12:43 . 2008-06-30 21:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-24 12:43 . 2008-06-30 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-24 10:51 . 2008-05-24 10:51 <REP> d-------- C:\Program Files\Alwil Software
2008-05-23 21:02 . 2008-05-23 21:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2008-05-23 21:01 . 2005-07-13 13:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-05-23 21:01 . 2005-07-13 13:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-23 21:01 . 2005-07-13 12:01 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-05-23 21:01 . 2005-07-21 16:38 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-23 21:01 . 2005-07-13 15:35 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-05-23 21:01 . 2005-07-21 16:38 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-05-23 21:01 . 2005-07-13 15:46 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-23 21:01 . 2005-07-13 15:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-05-23 21:01 . 2005-07-13 15:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Corporation
2008-05-23 21:01 . 2008-05-23 21:01 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-22 22:09 . 2008-05-23 20:56 396,288 --a------ C:\HijackThis.exe
2008-05-22 21:00 . 2008-05-22 21:00 <REP> d-------- C:\Program Files\Trend Micro
2008-05-21 16:24 . 2008-05-21 16:24 303 --a------ C:\WINDOWS\ST6UNST.004
2008-05-20 19:12 . 2008-05-20 19:12 <REP> d-------- C:\Program Files\Windows Sidebar
2008-05-20 19:12 . 2008-05-20 19:12 <REP> d-------- C:\Program Files\Norton AntiVirus
2008-05-20 18:10 . 2008-05-21 16:24 4,236 --a------ C:\WINDOWS\SETUP.LST
2008-05-20 18:10 . 2008-05-20 18:10 303 --a------ C:\WINDOWS\ST6UNST.003
2008-05-20 18:03 . 2008-06-04 14:42 <REP> d-------- C:\Program Files\Java
2008-05-19 22:55 . 2008-05-19 22:55 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Symantec
2008-05-19 22:27 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-05-19 16:50 . 2004-08-05 14:00 23,040 --a------ C:\WINDOWS\system32\lpdsvc.dll
2008-05-19 16:50 . 2004-08-05 14:00 23,040 --a--c--- C:\WINDOWS\system32\dllcache\lpdsvc.dll
2008-05-19 16:50 . 2004-08-05 14:00 19,456 --a------ C:\WINDOWS\system32\lprmon.dll
2008-05-19 16:50 . 2004-08-05 14:00 19,456 --a--c--- C:\WINDOWS\system32\dllcache\lprmon.dll
2008-05-15 20:52 . 2008-06-26 13:25 <REP> d-------- C:\Program Files\Incomplete
2008-05-15 20:13 . 2008-05-15 20:13 <REP> d-------- C:\Program Files\Sun
2008-05-08 19:34 . 2008-05-08 19:34 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Ethereal
2008-05-08 19:02 . 2008-05-27 23:49 <REP> d-------- C:\Program Files\Conduit
2008-05-08 18:53 . 2008-05-27 23:49 <REP> d-------- C:\Program Files\Best_Security_Tips
2008-05-08 18:47 . 2008-05-16 17:46 <REP> d-------- C:\Program Files\LimeWire Turbo Accelerator
2008-05-08 18:01 . 2008-05-08 18:01 <REP> d-------- C:\Program Files\XviD
2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\Apex

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 19:47 --------- d-----w C:\Program Files\Steam
2008-06-30 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-28 07:58 --------- d-----w C:\Program Files\LimeWire
2008-06-18 11:04 1,036,768 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-14 13:20 --------- d-----w C:\Documents and Settings\TANVIR_2\Application Data\LimeWire
2008-06-12 21:03 --------- d-----w C:\Program Files\Nero
2008-06-10 14:31 --------- d-----w C:\Program Files\Zattoo
2008-06-10 11:55 --------- d-----w C:\Program Files\eMule
2008-06-04 13:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-28 21:42 84,992 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-05-26 20:58 361,984 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-23 15:28 --------- d-----w C:\Program Files\Google
2008-05-23 15:14 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-21 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-21 14:38 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-21 14:38 10,652 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-19 15:12 --------- d-----w C:\Program Files\RTQDownloader
2008-05-08 16:00 --------- d-----w C:\Program Files\Apex
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 16:04 --------- d-----w C:\Program Files\Neoretix
2008-04-28 17:46 --------- d-----w C:\Program Files\SlySoft
2008-04-28 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-04-28 17:22 --------- d-----w C:\Documents and Settings\TANVIR_2\Application Data\SlySoft
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2007-05-18 14:48 87,608 ----a-w C:\Documents and Settings\TANVIR_2\Application Data\ezpinst.exe
2007-05-18 14:48 47,360 ----a-w C:\Documents and Settings\TANVIR_2\Application Data\pcouffin.sys
2007-04-25 17:20 144,464 ----a-w C:\Documents and Settings\TANVIR_2\Application Data\GDIPFONTCACHEV1.DAT
2006-11-24 17:10 0 ---ha-w C:\Documents and Settings\TANVIR_2\hpothb07.dat
2006-11-24 17:06 627 ---ha-w C:\Documents and Settings\Tanvir\hpothb07.dat
2006-03-28 12:00 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
.

((((((((((((((((((((((((((((( snapshot@2008-05-26_20.10.16.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-26 17:58:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 19:42:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 12:58:06 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 16:28:10 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 12:58:10 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 12:58:10 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 12:58:11 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2008-06-28 07:02:40 10,134 ----a-r C:\WINDOWS\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\callmsi.exe
+ 2008-06-28 07:02:40 136,448 ----a-r C:\WINDOWS\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\egui.exe
+ 2008-06-04 13:58:59 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81200000003}\SC_Reader.exe
- 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:39 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2005-12-05 16:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll
+ 2006-03-31 10:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
- 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:39 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 12:58:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:39 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 12:58:06 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:39 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 12:58:06 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:39 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:39 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:41:08 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:39 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:39 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:39 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:39 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:39 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:39 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:39 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:41:30 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 12:58:08 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:40 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-26 12:00:31 294,912 -c----w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:40 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:40 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 16:28:10 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 20:16:42 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 12:58:09 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:40 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 12:58:10 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:40 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 12:58:10 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:40 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:40 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 12:58:10 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:40 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:32 1,293,824 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:15:36 1,293,824 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c----w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:40 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 12:58:10 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:40 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:40 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 12:58:11 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:40 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-02-20 09:01:30 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
+ 2008-02-20 09:02:22 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
+ 2008-02-20 09:11:16 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
+ 2007-11-21 15:31:48 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
+ 2007-11-21 15:31:48 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
- 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:39 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:39 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:39 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:39 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:41:08 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:39 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:39 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:39 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:39 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:39 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:39 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:39 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2006-03-17 09:45:52 1,757,184 ----a-w C:\WINDOWS\system32\imagX7.dll
+ 2006-03-17 09:45:54 497,296 ----a-w C:\WINDOWS\system32\imagXpr7.dll
+ 2006-03-17 09:45:54 258,048 ----a-w C:\WINDOWS\system32\imagXR7.dll
+ 2006-03-17 09:45:54 802,816 ----a-w C:\WINDOWS\system32\imagXRA7.dll
- 2007-05-22 15:08:39 45,161 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 23:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-05-22 15:08:43 45,163 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 23:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 00:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:40 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-05 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 12:00:31 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:40 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:40 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 20:16:42 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:40 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:40 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-12-03 16:04:12 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
- 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-11-17 14:14:32 15,664 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-03-17 12:49:46 368,640 ----a-w C:\WINDOWS\system32\TwnLib4.dll
- 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:40 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-30 19:43:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b0.dat
+ 2007-03-20 18:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
+ 2007-12-13 17:09:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
+ 2007-02-28 13:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
+ 2007-03-21 18:02:12 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
+ 2007-12-04 07:59:22 972,072 ----a-w C:\WINDOWS\UNRecode.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DEB1F64-25E2-4555-BDB1-085B2B7EBF43}]
C:\WINDOWS\system32\awtuspqo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FC6B132-EA18-4D69-86E0-423E7B940BDC}]
2008-06-28 08:09 28800 --a------ C:\WINDOWS\system32\qoMdBUNh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE578E0-6DF5-41E0-869F-F65A32D2F6BD}]
2008-06-28 23:27 26624 --a------ C:\WINDOWS\system32\oggview.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" [2006-09-21 05:01 139264]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:08 1271032]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 16:33 963072]
"Sys41.exe"="C:\Windows\Sys41.exe" [ ]
"Sys42.exe"="C:\Windows\Sys42.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 10:21 114688]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 09:56 6746112]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-29 07:33 114688]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 05:51 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 13:43 151552]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-29 07:33 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-29 07:33 77824]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
"OdTray.exe"="C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe" [2004-03-15 18:26 626746]
"NWEReboot"="" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 12:39 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 10:16 49152]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 06:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 07:56 45056]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-25 20:16 1838592]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-19 10:06 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"lphc3f8j0eaaa"="C:\WINDOWS\system32\lphc3f8j0eaaa.exe" [2008-06-28 08:06 109056]
"Sys41.exe"="C:\Windows\Sys41.exe" [ ]
"Sys42.exe"="C:\Windows\Sys42.exe" [ ]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"SMshc5f8j0eaaa"="C:\Program Files\shc5f8j0eaaa\shc5f8j0eaaa.exe" [ ]
"54a58e5f"="C:\WINDOWS\system32\spurkcpw.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\TANVIR_2\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-26 18:04 687976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [ ]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-10-28 23:47:04 778240]

C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-10-28 23:47:04 778240]

C:\Documents and Settings\Tanvir\Menu D‚marrer\Programmes\D‚marrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-10-28 23:47:04 778240]

C:\Documents and Settings\TANVIR_2\Menu D‚marrer\Programmes\D‚marrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-10-28 23:47:04 778240]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Background Monitor.lnk - C:\ESM2\Stms.exe [2007-11-11 21:16:48 224768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7FC6B132-EA18-4D69-86E0-423E7B940BDC}"= C:\WINDOWS\system32\qoMdBUNh.dll [2008-06-28 08:09 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMdBUNh]
qoMdBUNh.dll 2008-06-28 08:09 28800 C:\WINDOWS\system32\qoMdBUNh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55]
R2 ntrconnect;NTRconnect;C:\Program Files\NTR global\NTRconnect\ntrconnect.exe [2006-11-17 17:12]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 17:43]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 06:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 17:27]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afd151f2-0b7d-11dd-ae1b-0014a415cd88}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - system.exe
\Shell\Open\command - system.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-30 16:43:19 C:\WINDOWS\Tasks\User_Feed_Synchronization-{44684F64-8B35-4E53-A30D-204E94DA27E9}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-06-30 19:52:12 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 22:00:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\qoMdBUNh.dll
.
Temps d'accomplissement: 2008-06-30 22:07:28
ComboFix-quarantined-files.txt 2008-06-30 20:06:48
ComboFix2.txt 2008-05-26 19:14:10

Pre-Run: 7,021,477,888 octets libres
Post-Run: 7,007,563,776 octets libres

514 --- E O F --- 2008-06-20 23:49:52

et de HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:44, on 30.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NTR global\NTRconnect\ntrconnect.exe
C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\lphc3f8j0eaaa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4DEB1F64-25E2-4555-BDB1-085B2B7EBF43} - C:\WINDOWS\system32\awtuspqo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7FC6B132-EA18-4D69-86E0-423E7B940BDC} - C:\WINDOWS\system32\qoMdBUNh.dll
O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\oggview.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [lphc3f8j0eaaa] C:\WINDOWS\system32\lphc3f8j0eaaa.exe
O4 - HKLM\..\Run: [Sys41.exe] C:\Windows\Sys41.exe
O4 - HKLM\..\Run: [Sys42.exe] C:\Windows\Sys42.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SMshc5f8j0eaaa] C:\Program Files\shc5f8j0eaaa\shc5f8j0eaaa.exe
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\spurkcpw.dll",b
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\TANVIR_2\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\TANVIR_2\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/UPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S8D1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Sys41.exe] C:\Windows\Sys41.exe
O4 - HKCU\..\Run: [Sys42.exe] C:\Windows\Sys42.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://www.ntrconnect.com/main/mod/setup/ntractivex118_24.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: qoMdBUNh - C:\WINDOWS\SYSTEM32\qoMdBUNh.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NTRconnect (ntrconnect) - Net Transmit & Receive - C:\Program Files\NTR global\NTRconnect\ntrconnect.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Odyssey Client for ZyXEL (odClientService) - Funk Software, Inc. - C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
0
Réponse 55 / 76
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
30 juin 2008 à 22:53
bon franchement il va falloir que tu apprennes a pas faire n´importe quoi avec ton pc, après l´infection bagle, tu as une pire infection a nouveau !?!

désinstalle spybot

puis

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\spurkcpw.dll
C:\Program Files\shc5f8j0eaaa\shc5f8j0eaaa.exe
C:\WINDOWS\system32\lphc3f8j0eaaa.exe
C:\WINDOWS\system32\oggview.dll
C:\WINDOWS\system32\qoMdBUNh.dll
C:\WINDOWS\system32\awtuspqo.dll
C:\Windows\Sys41.exe
C:\Windows\Sys42.exe
C:\WINDOWS\system32\auekrclj.dll
C:\runner.bat
C:\WINDOWS\system32\vtUoMcYo.dll
C:\WINDOWS\system32\pphc3f8j0eaaa.exe
C:\WINDOWS\gfetqaxssde.dll
C:\WINDOWS\system32\lphc3f8j0eaaa.exe
C:\WINDOWS\system32\phc3f8j0eaaa.bmp
C:\WINDOWS\tovafrnm.exe
C:\WINDOWS\system32\blphc3f8j0eaaa.scr

Folder::
C:\Documents and Settings\TANVIR_2\Application Data\rhc7f8j0eaaa
C:\Documents and Settings\TANVIR_2\Application Data\shc5f8j0eaaa
C:\Program Files\AskTBar
C:\Documents and Settings\Administrateur\Application Data\shc5f8j0eaaa

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DEB1F64-25E2-4555-BDB1-085B2B7EBF43}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FC6B132-EA18-4D69-86E0-423E7B940BDC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE578E0-6DF5-41E0-869F-F65A32D2F6BD}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sys41.exe"=-
"Sys42.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphc3f8j0eaaa"=-
"Sys41.exe"=-
"Sys42.exe"=-
"SMshc5f8j0eaaa"=-
"54a58e5f"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7FC6B132-EA18-4D69-86E0-423E7B940BDC}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMdBUNh]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 56 / 76
kwon Messages postés 75 Date d'inscription dimanche 15 juillet 2007 Statut Membre Dernière intervention 18 mai 2009 1
1 juil. 2008 à 15:46
salut,

j'ai mis le fichier CFScript dans combofix , sa a lancé combofix , mais il n'y a pas eu de messages comme tu dis :
"Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. "
ensuite sa commencé a scanné et sa a redémaré mais après le redémarage combofix disait d'attendre et de ne lancer aucun programme , mais lors du chargement de mon ordinateur il y avai mon antivirus et mon firmware qui se sont allumé et ce "antivirus XP 2008" qui a commencé a scanné. Et donc après il n'y avait pas de rapport dans C:\comboFix.txt :( .

et voilà hijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45, on 2008-07-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NTR global\NTRconnect\ntrconnect.exe
C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\system32\pphc3f8j0eaaa.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SMrhc7f8j0eaaa] C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\TANVIR_2\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\TANVIR_2\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/UPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S8D1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://www.ntrconnect.com/main/mod/setup/ntractivex118_24.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NTRconnect (ntrconnect) - Net Transmit & Receive - C:\Program Files\NTR global\NTRconnect\ntrconnect.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Odyssey Client for ZyXEL (odClientService) - Funk Software, Inc. - C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
0
Réponse 57 / 76
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
1 juil. 2008 à 20:09
salut know,

meme si tu n´as pas le rapport combofix a bien bossé...

peux tu le repasser mais sans script et me poster son rapport stp

@+
0
Réponse 58 / 76
kwon Messages postés 75 Date d'inscription dimanche 15 juillet 2007 Statut Membre Dernière intervention 18 mai 2009 1
2 juil. 2008 à 00:07
salut ,voilà le rapport:

ComboFix 08-06-20.4 - TANVIR_2 2008-07-01 23:51:11.11 - NTFSx86
Endroit: C:\Documents and Settings\TANVIR_2\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Administrateur\Application Data\shc5f8j0eaaa
C:\Documents and Settings\TANVIR_2\Application Data\rhc7f8j0eaaa
C:\Documents and Settings\TANVIR_2\Application Data\shc5f8j0eaaa
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar\Cache\[u]0/u042AB71
C:\Program Files\AskTBar\bar\Cache\[u]0/u042D35C
C:\Program Files\AskTBar\bar\Cache\[u]0/u042D531.bin
C:\Program Files\AskTBar\bar\Cache\[u]0/u042D792.bin
C:\Program Files\AskTBar\bar\Cache\[u]0/u042D909.bin
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskTBar\PopSwatr\History\allowed
C:\Program Files\AskTBar\PopSwatr\History\notallow
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\runner.bat
C:\WINDOWS\gfetqaxssde.dll
C:\WINDOWS\system32\3.tmp
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\auekrclj.dll
C:\WINDOWS\system32\blphc3f8j0eaaa.scr
C:\WINDOWS\system32\lphc3f8j0eaaa.exe
C:\WINDOWS\system32\oggview.dll
C:\WINDOWS\system32\phc3f8j0eaaa.bmp
C:\WINDOWS\system32\pphc3f8j0eaaa.exe
C:\WINDOWS\system32\qoMdBUNh.dll
C:\WINDOWS\system32\vtUoMcYo.dll
C:\WINDOWS\tovafrnm.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))))))))
.

2008-07-01 14:57 . 2008-07-01 14:57 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\rhc7f8j0eaaa
2008-07-01 14:57 . 2008-07-01 14:57 94,208 --a------ C:\WINDOWS\system32\pphc3f8j0eaaa.exe
2008-07-01 13:51 . 2008-07-01 14:10 94,208 --a------ C:\WINDOWS\system32\3B.tmp
2008-07-01 13:51 . 2008-07-01 13:53 94,208 --a------ C:\WINDOWS\system32\3A.tmp
2008-07-01 00:32 . 2008-07-01 13:23 94,208 --a------ C:\WINDOWS\system32\2C0.tmp
2008-07-01 00:02 . 2008-07-01 00:02 94,208 --a------ C:\WINDOWS\system32\83.tmp
2008-06-30 22:49 . 2008-06-30 22:49 <REP> d-------- C:\Program Files\rhc7f8j0eaaa
2008-06-30 15:44 . 2008-06-30 15:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-28 20:41 . 2008-06-28 20:41 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\AXPFixer
2008-06-28 09:01 . 2008-06-28 09:01 <REP> d-------- C:\Program Files\ESET
2008-06-28 09:01 . 2008-06-28 09:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-28 08:12 . 2008-06-28 10:32 <REP> d-------- C:\Program Files\PCHealthCenter
2008-06-27 20:07 . 2008-06-27 20:09 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Juce VST Host
2008-06-26 17:03 . 2008-06-27 20:40 <REP> d-------- C:\Program Files\VstPlugins
2008-06-26 17:03 . 2008-06-26 17:03 <REP> d-------- C:\Program Files\ASIO4ALL v2
2008-06-26 17:03 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-06-26 17:00 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-06-26 16:16 . 2008-06-26 16:16 <REP> d-------- C:\Program Files\Outsim
2008-06-26 15:12 . 2008-06-26 17:04 <REP> d-------- C:\Program Files\Image-Line
2008-06-25 23:23 . 2008-06-25 23:24 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\MyLogoMaker
2008-06-25 23:18 . 2008-06-25 23:18 <REP> d-------- C:\Program Files\MySoftware
2008-06-23 15:54 . 2008-07-01 18:32 <REP> d-------- C:\Program Files\Notepad++
2008-06-23 15:54 . 2008-06-24 00:33 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Notepad++
2008-06-22 16:40 . 2008-06-22 16:40 <REP> d-------- C:\Program Files\CCleaner
2008-06-16 19:09 . 2008-06-16 22:39 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Dev-Cpp
2008-06-16 19:07 . 2008-06-16 19:08 <REP> d-------- C:\Dev-Cpp
2008-06-16 15:54 . 2008-06-22 19:40 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\codeblocks
2008-06-16 15:53 . 2008-06-16 15:54 <REP> d-------- C:\Program Files\CodeBlocks
2008-06-15 12:54 . 2008-06-15 12:54 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\dvdcss
2008-06-14 15:29 . 2008-06-14 15:31 <REP> d-------- C:\Program Files\Everest Ultimate Edition 2007
2008-06-14 09:44 . 2008-06-14 09:44 <REP> d-------- C:\Program Files\Ares
2008-06-12 23:10 . 2008-06-12 23:10 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Nero
2008-06-12 23:03 . 2008-06-12 23:07 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-06-12 23:03 . 2008-06-12 23:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-11 13:50 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:50 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 14:42 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 23:00 . 2008-06-12 15:39 893 --a------ C:\WINDOWS\system32\apexconverter.exe.stackdump

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 20:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-01 12:58 --------- d-----w C:\Program Files\Steam
2008-07-01 12:14 260,168 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-01 12:14 24,051,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-30 19:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-30 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-28 07:58 --------- d-----w C:\Program Files\LimeWire
2008-06-26 11:25 --------- d-----w C:\Program Files\Incomplete
2008-06-18 11:04 1,036,768 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-14 13:20 --------- d-----w C:\Documents and Settings\TANVIR_2\Application Data\LimeWire
2008-06-12 21:03 --------- d-----w C:\Program Files\Nero
2008-06-10 14:31 --------- d-----w C:\Program Files\Zattoo
2008-06-10 11:55 --------- d-----w C:\Program Files\eMule
2008-06-04 13:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-04 12:42 --------- d-----w C:\Program Files\Java
2008-05-28 21:42 84,992 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-05-27 21:49 --------- d-----w C:\Program Files\Conduit
2008-05-27 21:49 --------- d-----w C:\Program Files\Best_Security_Tips
2008-05-27 10:35 --------- d-----w C:\Documents and Settings\TANVIR_2\Application Data\Malwarebytes
2008-05-27 10:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-26 20:58 361,984 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-24 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-24 10:53 --------- d-----w C:\Program Files\Zone Labs
2008-05-24 08:51 --------- d-----w C:\Program Files\Alwil Software
2008-05-23 19:02 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\vlc
2008-05-23 18:56 396,288 ----a-w C:\HijackThis.exe
2008-05-23 15:28 --------- d-----w C:\Program Files\Google
2008-05-23 15:14 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-22 19:00 --------- d-----w C:\Program Files\Trend Micro
2008-05-21 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-21 14:38 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-21 14:38 10,652 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-20 17:12 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-20 17:12 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-19 20:55 --------- d-----w C:\Documents and Settings\TANVIR_2\Application Data\Symantec
2008-05-19 15:12 --------- d-----w C:\Program Files\RTQDownloader
2008-05-16 15:46 --------- d-----w C:\Program Files\LimeWire Turbo Accelerator
2008-05-15 18:13 --------- d-----w C:\Program Files\Sun
2008-05-08 17:34 --------- d-----w C:\Documents and Settings\TANVIR_2\Application Data\Ethereal
2008-05-08 16:01 --------- d-----w C:\Program Files\XviD
2008-05-08 16:00 --------- d-----w C:\Program Files\Apex
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-02 19:08 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-02 19:08 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2008-04-02 19:08 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-02 19:08 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-02 19:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-04-02 19:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-05-18 14:48 87,608 ----a-w C:\Documents and Settings\TANVIR_2\Application Data\ezpinst.exe
2007-05-18 14:48 47,360 ----a-w C:\Documents and Settings\TANVIR_2\Application Data\pcouffin.sys
2007-04-25 17:20 144,464 ----a-w C:\Documents and Settings\TANVIR_2\Application Data\GDIPFONTCACHEV1.DAT
2006-11-24 17:10 0 ---ha-w C:\Documents and Settings\TANVIR_2\hpothb07.dat
2006-11-24 17:06 627 ---ha-w C:\Documents and Settings\Tanvir\hpothb07.dat
2006-03-28 12:00 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
.

((((((((((((((((((((((((((((( snapshot_2008-06-30_22.05.46.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-30 19:42:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 12:15:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 12:16:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_11c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" [2006-09-21 05:01 139264]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:08 1271032]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 16:33 963072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 10:21 114688]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 09:56 6746112]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-29 07:33 114688]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 05:51 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 13:43 151552]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-29 07:33 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-29 07:33 77824]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
"OdTray.exe"="C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe" [2004-03-15 18:26 626746]
"NWEReboot"="" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 12:39 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 10:16 49152]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 06:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 07:56 45056]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-25 20:16 1838592]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-19 10:06 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"SMrhc7f8j0eaaa"="C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe" [2008-06-30 17:27 335360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\TANVIR_2\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-26 18:04 687976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [ ]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-10-28 23:47:04 778240]

C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-10-28 23:47:04 778240]

C:\Documents and Settings\Tanvir\Menu D‚marrer\Programmes\D‚marrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-10-28 23:47:04 778240]

C:\Documents and Settings\TANVIR_2\Menu D‚marrer\Programmes\D‚marrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-10-28 23:47:04 778240]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Background Monitor.lnk - C:\ESM2\Stms.exe [2007-11-11 21:16:48 224768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55]
R2 ntrconnect;NTRconnect;C:\Program Files\NTR global\NTRconnect\ntrconnect.exe [2006-11-17 17:12]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 17:43]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 06:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 17:27]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afd151f2-0b7d-11dd-ae1b-0014a415cd88}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - system.exe
\Shell\Open\command - system.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-01 18:20:24 C:\WINDOWS\Tasks\User_Feed_Synchronization-{44684F64-8B35-4E53-A30D-204E94DA27E9}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-07-01 21:52:11 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 23:56:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-01 23:59:14
ComboFix-quarantined-files.txt 2008-07-01 21:58:38
ComboFix2.txt 2008-06-30 20:07:32
ComboFix3.txt 2008-05-26 19:14:10

Pre-Run: 6,747,996,160 octets libres
Post-Run: 6,756,999,168 octets libres

268 --- E O F --- 2008-06-20 23:49:52

et puis en faite, j'ai bien été infecté par un spyware ?
0
Réponse 59 / 76
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
2 juil. 2008 à 00:46
salut know,

la suite :

nettoie tes fichiers temporaires avec ceci : atf cleaner, regarde le tuto...

http://www.infosecu.fr/atf.html

telecharge le ici :

http://serveur1.archive-host.com/membres/up/1366464061/ATF-Cleaner.rar

puis

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\pphc3f8j0eaaa.exe
C:\WINDOWS\system32\3B.tmp
C:\WINDOWS\system32\3A.tmp
C:\WINDOWS\system32\2C0.tmp
C:\WINDOWS\system32\83.tmp
C:\Program Files\rhc7f8j0eaaa

Folder::
C:\Documents and Settings\TANVIR_2\Application Data\rhc7f8j0eaaa
C:\Program Files\rhc7f8j0eaaa

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMrhc7f8j0eaaa"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

ps : oui tu as ete infecté mais pas que par spyware, c´est claire...

@+
0
Réponse 60 / 76
kwon Messages postés 75 Date d'inscription dimanche 15 juillet 2007 Statut Membre Dernière intervention 18 mai 2009 1
2 juil. 2008 à 01:13
Je n'ai pas QUE été infecté par un spyware! je commence à vraiment m inquiété là...
est-ce tu sais de quoi d'autres j'ai été infecté?

j'ai supprimé les fichiers temporaire avec atf cleaner.

et voilà le rapport de comboFix:

ComboFix 08-06-20.4 - TANVIR_2 2008-07-02 0:59:47.12 - NTFSx86
Endroit: C:\Documents and Settings\TANVIR_2\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\TANVIR_2\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Program Files\rhc7f8j0eaaa
C:\WINDOWS\system32\2C0.tmp
C:\WINDOWS\system32\3A.tmp
C:\WINDOWS\system32\3B.tmp
C:\WINDOWS\system32\83.tmp
C:\WINDOWS\system32\pphc3f8j0eaaa.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\TANVIR_2\Application Data\rhc7f8j0eaaa
C:\Program Files\rhc7f8j0eaaa
C:\Program Files\rhc7f8j0eaaa\database.dat
C:\Program Files\rhc7f8j0eaaa\license.txt
C:\Program Files\rhc7f8j0eaaa\MFC71.dll
C:\Program Files\rhc7f8j0eaaa\MFC71ENU.DLL
C:\Program Files\rhc7f8j0eaaa\msvcp71.dll
C:\Program Files\rhc7f8j0eaaa\msvcr71.dll
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe.local
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaaSkin.dll
C:\Program Files\rhc7f8j0eaaa\Uninstall.exe
C:\WINDOWS\system32\2C0.tmp
C:\WINDOWS\system32\3A.tmp
C:\WINDOWS\system32\3B.tmp
C:\WINDOWS\system32\83.tmp
C:\WINDOWS\system32\pphc3f8j0eaaa.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))))))))
.

2008-06-30 15:44 . 2008-06-30 15:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-28 20:41 . 2008-06-28 20:41 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\AXPFixer
2008-06-28 09:01 . 2008-06-28 09:01 <REP> d-------- C:\Program Files\ESET
2008-06-28 09:01 . 2008-06-28 09:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-28 08:12 . 2008-06-28 10:32 <REP> d-------- C:\Program Files\PCHealthCenter
2008-06-27 20:07 . 2008-06-27 20:09 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Juce VST Host
2008-06-26 17:03 . 2008-06-27 20:40 <REP> d-------- C:\Program Files\VstPlugins
2008-06-26 17:03 . 2008-06-26 17:03 <REP> d-------- C:\Program Files\ASIO4ALL v2
2008-06-26 17:03 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-06-26 17:00 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-06-26 16:16 . 2008-06-26 16:16 <REP> d-------- C:\Program Files\Outsim
2008-06-26 15:12 . 2008-06-26 17:04 <REP> d-------- C:\Program Files\Image-Line
2008-06-25 23:23 . 2008-06-25 23:24 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\MyLogoMaker
2008-06-25 23:18 . 2008-06-25 23:18 <REP> d-------- C:\Program Files\MySoftware
2008-06-23 15:54 . 2008-07-01 18:32 <REP> d-------- C:\Program Files\Notepad++
2008-06-23 15:54 . 2008-06-24 00:33 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Notepad++
2008-06-22 16:40 . 2008-06-22 16:40 <REP> d-------- C:\Program Files\CCleaner
2008-06-16 19:09 . 2008-06-16 22:39 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Dev-Cpp
2008-06-16 19:07 . 2008-06-16 19:08 <REP> d-------- C:\Dev-Cpp
2008-06-16 15:54 . 2008-06-22 19:40 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\codeblocks
2008-06-16 15:53 . 2008-06-16 15:54 <REP> d-------- C:\Program Files\CodeBlocks
2008-06-15 12:54 . 2008-06-15 12:54 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\dvdcss
2008-06-14 15:29 . 2008-06-14 15:31 <REP> d-------- C:\Program Files\Everest Ultimate Edition 2007
2008-06-14 09:44 . 2008-06-14 09:44 <REP> d-------- C:\Program Files\Ares
2008-06-12 23:10 . 2008-06-12 23:10 <REP> d-------- C:\Documents and Settings\TANVIR_2\Application Data\Nero
2008-06-12 23:03 . 2008-06-12 23:07 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-06-12 23:03 . 2008-06-12 23:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-11 13:50 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:50 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 14:42 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 23:00 . 2008-06-12 15:39 893 --a------ C:\WINDOWS\system32\apexconverter.exe.stackdump

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 20:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-01 12:58 --------- d-----w C:\Program Files\Steam
2008-07-01 12:14 260,168 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-01 12:14 24,051,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-30 19:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-30 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-28 07:58 --------- d-----w C:\Program Files\LimeWire
2008-06-26 11:25 --------- d-----w C:\Program Files\Incomplete
2008-06-18 11:04 1,036,768 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-14 13:20 --------- d-----w C:\Documents and Settings\TANVIR_2\Application Data\LimeWire
2008-06-12 21:03 --------- d-----w C:\Program Files\Nero
2008-06-10 14:31 --------- d-----w C:\Program Files\Zattoo
2008-06-10 11:55 --------- d-----w C:\Program Files\eMule
2008-06-04 13:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-04 12:42 --------- d-----w C:\Program Files\Java
2008-05-28 21:42 84,992 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-05-27 21:49 --------- d-----w C:\Program Files\Conduit
2008-05-27 21:49 --------- d-----w C:\Program Files\Best_Security_Tips
2008-05-27 10:35 --------- d-----w C:\Documents and Settings\TANVIR_2\Application Data\Malwarebytes
2008-05-27 10:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-26 20:58 361,984 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-24 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-24 10:53 --------- d-----w C:\Program Files\Zone Labs
2008-05-24 08:51 --------- d-----w C:\Program Files\Alwil Software
2008-05-23 19:02 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\vlc
2008-05-23 18:56 396,288 ----a-w C:\HijackThis.exe
2008-05-23 15:28 --------- d-----w C:\Program Files\Google
2008-05-23 15:14 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-22 19:00 --------- d-----w C:\Program Files\Trend Micro
2008-05-21 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-21 14:38 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-21 14:38 10,652 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-20 17:12 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-20 17:12 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-19 20:55 --------- d-----w C:\Documents and Settings\TANVIR_2\Application Data\Symantec
2008-05-19 15:12 --------- d-----w C:\Program Files\RTQDownloader
2008-05-16 15:46 --------- d-----w C:\Program Files\LimeWire Turbo Accelerator
2008-05-15 18:13 --------- d-----w C:\Program Files\Sun
2008-05-08 17:34 --------- d-----w C:\Documents and Settings\TANVIR_2\Application Data\Ethereal
2008-05-08 16:01 --------- d-----w C:\Program Files\XviD
2008-05-08 16:00 --------- d-----w C:\Program Files\Apex
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-02 19:08 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-02 19:08 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2008-04-02 19:08 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-02 19:08 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-02 19:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-04-02 19:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-05-18 14:48 87,608 ----a-w C:\Documents and Settings\TANVIR_2\Application Data\ezpinst.exe
2007-05-18 14:48 47,360 ----a-w C:\Documents and Settings\TANVIR_2\Application Data\pcouffin.sys
2007-04-25 17:20 144,464 ----a-w C:\Documents and Settings\TANVIR_2\Application Data\GDIPFONTCACHEV1.DAT
2006-11-24 17:10 0 ---ha-w C:\Documents and Settings\TANVIR_2\hpothb07.dat
2006-11-24 17:06 627 ---ha-w C:\Documents and Settings\Tanvir\hpothb07.dat
2006-03-28 12:00 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
.

((((((((((((((((((((((((((((( snapshot_2008-06-30_22.05.46.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-30 19:42:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 12:15:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 12:16:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_11c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" [2006-09-21 05:01 139264]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:08 1271032]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 16:33 963072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 10:21 114688]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 09:56 6746112]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-29 07:33 114688]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 05:51 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 13:43 151552]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-29 07:33 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-29 07:33 77824]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
"OdTray.exe"="C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe" [2004-03-15 18:26 626746]
"NWEReboot"="" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 12:39 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 10:16 49152]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 06:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 07:56 45056]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-25 20:16 1838592]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-19 10:06 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\TANVIR_2\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-26 18:04 687976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [ ]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-10-28 23:47:04 778240]

C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-10-28 23:47:04 778240]

C:\Documents and Settings\Tanvir\Menu D‚marrer\Programmes\D‚marrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-10-28 23:47:04 778240]

C:\Documents and Settings\TANVIR_2\Menu D‚marrer\Programmes\D‚marrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-10-28 23:47:04 778240]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Background Monitor.lnk - C:\ESM2\Stms.exe [2007-11-11 21:16:48 224768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55]
R2 ntrconnect;NTRconnect;C:\Program Files\NTR global\NTRconnect\ntrconnect.exe [2006-11-17 17:12]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 17:43]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 06:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 17:27]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afd151f2-0b7d-11dd-ae1b-0014a415cd88}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - system.exe
\Shell\Open\command - system.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-01 18:20:24 C:\WINDOWS\Tasks\User_Feed_Synchronization-{44684F64-8B35-4E53-A30D-204E94DA27E9}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-07-01 22:52:07 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 01:04:14
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-02 1:07:34
ComboFix-quarantined-files.txt 2008-07-01 23:07:26
ComboFix2.txt 2008-07-01 21:59:15
ComboFix3.txt 2008-06-30 20:07:32
ComboFix4.txt 2008-05-26 19:14:10

Pre-Run: 6,739,714,048 octets libres
Post-Run: 6,717,378,560 octets libres

251 --- E O F --- 2008-06-20 23:49:52
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus MSN Tinyurl
djkifkif -
matt56430 -

8 réponses