Gros probleme message windows security alert

Résolu
obiwan222 Messages postés 129 Statut Membre -  
obiwan222 Messages postés 129 Statut Membre -
Bonjour,
Depuis hier soir, sur l'ecran apparait sans arret un message : windows security alert et dit : "Somebody's trying to infect your PC with spyware or harmful...". J'ai deja fait un nettoyage avec CCleaner a plusieurs reprise et scanné avec spybot et adware deux fois tous les deux. Quoiqu'il arrive le message revient. J'ai aussi une icone dans la barre des tache qui clignote : (un hexagone orange avec une croix blanches) et de nouvelles icones sur mon bureau : privacy protector, spyware and malware potection... Si vous pouviez m'aider!!!

Voici aussi mon rapport hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:55, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2008\OneClick.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: 62.75.224.159 www.bns1.net
O1 - Hosts: 62.75.224.159 www.bns2.net
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms1.net
O1 - Hosts: 62.75.224.159 www.cms2.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 www.cjt1.net
O1 - Hosts: 62.75.224.159 www.rgs1.net
O1 - Hosts: 62.75.224.159 www.rgs2.net
O1 - Hosts: 62.75.224.159 www.bns1.net
O1 - Hosts: 62.75.224.159 www.bns2.net
O1 - Hosts: 62.75.224.159 www.cms1.net
O1 - Hosts: 62.75.224.159 www.cms2.net
O1 - Hosts: 62.75.224.159 bns1.net
O1 - Hosts: 62.75.224.159 bns2.net
O1 - Hosts: 62.75.224.159 bns3.net
O1 - Hosts: 62.75.224.159 bns4.net
O1 - Hosts: 62.75.224.159 bns5.net
O1 - Hosts: 62.75.224.159 bns6.net
O1 - Hosts: 62.75.224.159 bns7.net
O1 - Hosts: 62.75.224.159 bns8.net
O1 - Hosts: 62.75.224.159 cms1.net
O1 - Hosts: 62.75.224.159 cms2.net
O1 - Hosts: 62.75.224.159 cms3.net
O1 - Hosts: 62.75.224.159 cms4.net
O1 - Hosts: 62.75.224.159 cms5.net
O1 - Hosts: 62.75.224.159 cms6.net
O1 - Hosts: 62.75.224.159 cms7.net
O1 - Hosts: 62.75.224.159 cms8.net
O1 - Hosts: 62.75.224.159 rg1.com
O1 - Hosts: 62.75.224.159 rg2.com
O1 - Hosts: 62.75.224.159 rg3.com
O1 - Hosts: 62.75.224.159 rg4.com
O1 - Hosts: 62.75.224.159 rg5.com
O1 - Hosts: 62.75.224.159 rg6.com
O1 - Hosts: 62.75.224.159 rg7.com
O1 - Hosts: 62.75.224.159 rg8.com
O1 - Hosts: 62.75.224.159 cjt1.net
O1 - Hosts: 62.75.224.159 rgs1.net
O1 - Hosts: 62.75.224.159 rgs2.net
O1 - Hosts: 62.75.224.159 bns1.net
O1 - Hosts: 62.75.224.159 bns2.net
O1 - Hosts: 62.75.224.159 cms1.net
O1 - Hosts: 62.75.224.159 cms2.net
O1 - Hosts: 62.75.224.159 j800banners.cjt1.net
O1 - Hosts: 62.75.224.159 jadlogix.cjt1.net
O1 - Hosts: 62.75.224.159 jadtegrity.cjt1.net
O1 - Hosts: 62.75.224.159 jaimmedia.cjt1.net
O1 - Hosts: 62.75.224.159 javatar.cjt1.net
O1 - Hosts: 62.75.224.159 jbeet.cjt1.net
O1 - Hosts: 62.75.224.159 jbigpops.cjt1.net
O1 - Hosts: 62.75.224.159 jbouncetek.cjt1.net
O1 - Hosts: 62.75.224.159 jbravenet.cjt1.net
O1 - Hosts: 62.75.224.159 jcdcover.cjt1.net
O1 - Hosts: 62.75.224.159 jclickspring.cjt1.net
O1 - Hosts: 62.75.224.159 jcollegehumor.cjt1.net
O1 - Hosts: 62.75.224.159 jdownloadacc.cjt1.net
O1 - Hosts: 62.75.224.159 jedonkey.cjt1.net
O1 - Hosts: 62.75.224.159 jeuniverse.cjt1.net
O1 - Hosts: 62.75.224.159 jhot.cjt1.net
O1 - Hosts: 62.75.224.159 jicmedia.cjt1.net
O1 - Hosts: 62.75.224.159 jicq.cjt1.net
O1 - Hosts: 62.75.224.159 jieplugin.cjt1.net
O1 - Hosts: 62.75.224.159 jinternetoptimizer.cjt1.net
O1 - Hosts: 62.75.224.159 jmediabuy1.cjt1.net
O1 - Hosts: 62.75.224.159 jmediabuyad.cjt1.net
O1 - Hosts: 62.75.224.159 jmindset.cjt1.net
O1 - Hosts: 62.75.224.159 jmindsettest.cjt1.net
O1 - Hosts: 62.75.224.159 jnictech.cjt1.net
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jpiolet.cjt1.net
O1 - Hosts: 62.75.224.159 jsanboxer.cjt1.net
O1 - Hosts: 62.75.224.159 jsercee.cjt1.net
O1 - Hosts: 62.75.224.159 jthedelfin.cjt1.net
O1 - Hosts: 62.75.224.159 jwarezp2p.cjt1.net
O1 - Hosts: 62.75.224.159 jwildmedia.cjt1.net
O1 - Hosts: 62.75.224.159 mediabuy-nic.cjt1.net
O1 - Hosts: 62.75.224.159 www.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcms.cydoor.com
O1 - Hosts: 62.75.224.159 cydoor.com
O1 - Hosts: 62.75.224.159 www.cydoor.com
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: QXK Olive - {0683B6A6-0FF9-4C6C-9240-B71CA010D48F} - C:\WINDOWS\nldfmtapndk.dll
O2 - BHO: (no name) - {1B55E1E5-3216-4F89-B243-C0DA572F878E} - C:\WINDOWS\system32\qoMdETLd.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: {805e6663-b7c7-5e88-72b4-b57a1a7ded93} - {39ded7a1-a75b-4b27-88e5-7c7b3666e508} - C:\WINDOWS\system32\eeahtbsg.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8294D83E-4F05-4783-BB7C-DE3EF0B79B64} - C:\WINDOWS\system32\opnonoOg.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {BD962BAB-F429-460F-805B-B137087AB623} - C:\WINDOWS\system32\ssqQifdA.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)
O3 - Toolbar: Google Bloc-notes - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: gktxaspm - {CA5FD8FF-2744-4E18-BDF2-07A02A98AF3A} - C:\WINDOWS\gktxaspm.dll
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\kutubmce.dll",b
O4 - HKLM\..\Run: [BM5796bdc3] Rundll32.exe "C:\WINDOWS\system32\gqfvutdt.dll",s
O4 - HKLM\..\RunOnce: [eISS_cleanup] "C:\DOCUME~1\Alexis\LOCALS~1\Temp\cacu_001.exe" /cleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [] "C:\Program Files\Internet Explorer\iexplore.exe" https://support.norton.com/sp/fr/fr/home/current/solutions/kb20090121104844EN?a=00000082.0000001f.0000005f&abproduct=SymNRT&abversion=2008.0.1.19&b=00000082.00000045.0000011b&build=Symantec&c=00000083.0000001a.000000c6&ced=true&d=00000083.00000030.0000010e&entsrc=CED_pubweb&error=0&module=2007&src=_mi
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Xavier WINDAL')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-1006\..\RunOnce: [^SetupICWDesktop] (User 'Xavier WINDAL')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Perrine')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-1008\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe" (User 'Perrine')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrateur')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe" (User 'Administrateur')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Page à noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll/gn_menu1.html
O8 - Extra context menu item: À noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ssqQifdA - C:\WINDOWS\SYSTEM32\ssqQifdA.dll
O21 - SSODL: gnowmebk - {36A732A7-0590-4960-975B-D846C72DA9EC} - C:\WINDOWS\gnowmebk.dll
O21 - SSODL: pxgdslro - {B76C1C4D-BDEE-4F5B-804C-C10BAF9DF47B} - C:\WINDOWS\pxgdslro.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 24874 bytes

SVP AIDER MOI
Configuration: Windows XP
Firefox 2.0.0.14

17 réponses

  1. eZula Messages postés 3509 Statut Contributeur 392
     
    Bonjour,

    télécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau

    dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

    Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    0
  2. obiwan222 Messages postés 129 Statut Membre 18
     
    OK c'est en cour
    0
  3. obiwan222 Messages postés 129 Statut Membre 18
     
    VOICI LE CONTENU

    Rapport GenProc 1.965 [1] effectué le 23/05/2008 à 18:29:09,14 - Windows XP

    Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

    # Etape 1/ Télécharge :

    - Navilog1 (IL-MAFIOSO) http://il.mafioso.pagesperso-orange.fr/Navifix/Navilog1.exe sur ton bureau. Double clique sur navilog1.exe pour lancer l'installation. Une fois l'installation terminée, le fix s'exécutera automatiquement (si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). Laisse-toi guider. Au menu principal, choisis 1 et valide.
    Patiente jusqu'au message " Analyse Termine le .....". Appuie sur une touche comme demandé, le blocnote va s'ouvrir, poste-le maintenant et passe à la suite.

    - VundoFix.exe (Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau

    - combofix.exe (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau

    - SmitfrauFix (S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    * double-clique sur le fichier "smitfraudfix.exe" et choisis l'option 1, il va lister tous les éléments nuisibles dans un rapport : poste le maintenant.

    - MSNFix.zip (!aur3n7) http://sosvirus.changelog.fr/MSNFix.zip et décompresse-le sur le Bureau.

    ***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ (choisis ta session courante "Alexis") *****

    # Etape 2/

    * Double clique sur le raccourci Navilog1, choisis l'option 2 et valide, patiente jusqu'au message : *** Nettoyage Termine le ..... ***, le blocnote va s'ouvrir ; sauvegarde le rapport de manière à le retrouver, referme le blocnote. Ton bureau va réapparaitre

    # Etape 3/

    * Double-clique VundoFix.exe afin de le lancer, puis clique sur le bouton "Scan for Vundo".
    Lorsque le scan est complété, clique sur le bouton "Fix Vundo", une invite te demandera si tu veux supprimer les fichiers, clique YES : le Bureau disparaîtra un moment lors de la suppression des fichiers
    Tu verras une invite qui t'annonce que ton PC va redémarrer : clique OK
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo

    * Double clique [b]combofix.exe/b.
    Tape sur la touche Y (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra

    # Etape 4/

    Double-clique sur le fichier "SmitfraudFix.exe" et choisis l'option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.

    # Etape 5/

    Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
    - Exécute l'option R.
    - Si l'infection est détectée, exécute l'option N.
    - Sauvegarde ce rapport sur ton bureau.

    # Etape 6/

    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    # Etape 7/

    Redémarre normalement et poste, dans la même réponse :
    - Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ;
    - Le contenu du rapport situé dans C:\vundofix.txt ;
    - Le contenu du rapport situé dans C:\Combofix.txt ;
    - Le rapport SmitfraudFix que tu as sauvegardé sur ton bureau ;
    - Le contenu du fichier cleannavi.txt qui se trouve dans Poste de travail C:\ ;
    - Le contenu du rapport MSNfix situé sur le Bureau ;

    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
    0
  4. eZula Messages postés 3509 Statut Contributeur 392
     
    suis la procédure
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. obiwan222 Messages postés 129 Statut Membre 18
     
    Merci je poste le rapport navilog dès que possible
    0
  7. obiwan222 Messages postés 129 Statut Membre 18
     
    Le voila je continue la suite

    Search Navipromo version 3.5.7 commencé le

    23/05/2008 à 18:39:25,84

    !!! Attention,ce rapport peut indiquer des

    fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire

    analyser !!!
    !!! Ne lancez pas la partie désinfection sans

    l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Alexis"

    Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans "C:\WINDOWS" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1

    \applic~1" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1

    \menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\Documents and

    Settings\Alexis\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1

    \applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1

    \Perrine\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\XAVIER~1

    \applic~1" ***

    *** Recherche dossiers dans "C:\Documents and

    Settings\Alexis\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1

    \locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1

    \Perrine\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\XAVIER~1

    \locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and

    Settings\Alexis\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1

    \menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1

    \Perrine\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\XAVIER~1

    \menudm~1\progra~1" ***

    *** Recherche avec Catchme-rootkit/stealth malware

    detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des

    fichiers légitimes !!!
    !!! A vérifier impérativement avant toute

    suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and

    Settings\Alexis\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1

    \applic~1" *

    * Recherche dans "C:\DOCUME~1\Perrine\locals~1

    \applic~1" *

    * Recherche dans "C:\DOCUME~1\XAVIER~1\locals~1

    \applic~1" *

    *** Recherche fichiers ***

    C:\WINDOWS\pack.epk trouvé !

    *** Recherche clés spécifiques dans le Registre

    ***

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    crfndygucq.dat trouvé !
    crfndygucq_nav.dat trouvé !
    crfndygucq_navps.dat trouvé !
    nxtfjki.dat trouvé !
    nxtfjki_nav.dat trouvé !
    nxtfjki_navps.dat trouvé !
    nxtfjki_navup.dat trouvé !

    * Dans "C:\Documents and Settings\Alexis\locals~1

    \applic~1" :

    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\Perrine\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\XAVIER~1\locals~1\applic~1" :

    3)Recherche Certificats :

    Certificat Egroup trouvé !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    C:\WINDOWS\system32\gOononpo.ini2 trouvé !

    infection Vundo possible non traitée par cet outil

    !
    C:\WINDOWS\system32\YybJlUtv.ini2 trouvé !

    infection Vundo possible non traitée par cet outil

    !

    *** Analyse terminée le 23/05/2008 à 18:47:31,99

    ***
    0
  8. obiwan222 Messages postés 129 Statut Membre 18
     
    Et le rapport SmitFraudFix v2.320

    Rapport fait à 18:49:52,70, 23/05/2008
    Executé à partir de C:\Documents and Settings\Alexis\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
    C:\WINDOWS\System32\TuneUpDefragService.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexis

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexis\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Alexis\Favoris

    C:\DOCUME~1\Alexis\Favoris\Error Cleaner.url PRESENT !
    C:\DOCUME~1\Alexis\Favoris\Privacy Protector.url PRESENT !
    C:\DOCUME~1\Alexis\Favoris\Spyware?Malware Protection.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    C:\DOCUME~1\Alexis\Bureau\Error Cleaner.url PRESENT !
    C:\DOCUME~1\Alexis\Bureau\Privacy Protector.url PRESENT !
    C:\DOCUME~1\Alexis\Bureau\Spyware?Malware Protection.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
    "LoadAppInit_DLLs"=dword:00000001

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Inventel Gateway #4 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    Description: Inventel Gateway #4 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{CDBD75EE-A158-4BE5-8882-51FA5B65951A}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E781E867-E1A3-4A9A-A175-6F409C09852B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A879C299-193F-4CA8-A8DF-59B122C5E41D}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{CDBD75EE-A158-4BE5-8882-51FA5B65951A}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E781E867-E1A3-4A9A-A175-6F409C09852B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{CDBD75EE-A158-4BE5-8882-51FA5B65951A}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{E781E867-E1A3-4A9A-A175-6F409C09852B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  9. obiwan222 Messages postés 129 Statut Membre 18
     
    Me revoila
    J'ai tout fait : fix vundo n'a rien trouvé et je n'ai pas pu demarrer en mode sans echec, je suis passé par le mode sans echec avec prise en charge réseau. Pour l'instant ça a l'aire d'avoir disparu.

    Voici les rapports demandés

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:20:49, on 23/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: QXK Olive - {0683B6A6-0FF9-4C6C-9240-B71CA010D48F} - C:\WINDOWS\nldfmtapndk.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: {805e6663-b7c7-5e88-72b4-b57a1a7ded93} - {39ded7a1-a75b-4b27-88e5-7c7b3666e508} - C:\WINDOWS\system32\eeahtbsg.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
    O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll
    O3 - Toolbar: (no name) - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)
    O3 - Toolbar: Google Bloc-notes - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: gktxaspm - {CA5FD8FF-2744-4E18-BDF2-07A02A98AF3A} - C:\WINDOWS\gktxaspm.dll (file missing)
    O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
    O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\kutubmce.dll",b
    O4 - HKLM\..\Run: [BM5796bdc3] Rundll32.exe "C:\WINDOWS\system32\gqfvutdt.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Page à noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll/gn_menu1.html
    O8 - Extra context menu item: À noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll/gn_menu2.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O21 - SSODL: gnowmebk - {36A732A7-0590-4960-975B-D846C72DA9EC} - C:\WINDOWS\gnowmebk.dll (file missing)
    O21 - SSODL: pxgdslro - {B76C1C4D-BDEE-4F5B-804C-C10BAF9DF47B} - C:\WINDOWS\pxgdslro.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    0
  10. eZula Messages postés 3509 Statut Contributeur 392
     
    ce n'est pas terminé. Stoppe tes téléchargements P2P. Il y a beaucoup d'applications qui ne sont pas crackées sur cet ordi ?

    ---------------

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\system32\kutubmce.dll
    C:\WINDOWS\system32\eeahtbsg.dll
    C:\WINDOWS\system32\gqfvutdt.dll
    C:\WINDOWS\system32\mtogwxlu.dll
    C:\WINDOWS\system32\tcjqhmtt.dll
    C:\WINDOWS\nldfmtapndk.dll
    C:\WINDOWS\eavx.exe
    C:\WINDOWS\mdtgkswr.exe 
    C:\WINDOWS\gktxaspm.dll
    C:\WINDOWS\system32\kutubmce.dll
    C:\WINDOWS\system32\gqfvutdt.dll
    C:\WINDOWS\gnowmebk.dll
    C:\WINDOWS\pxgdslro.dll
    
    Folder::
    C:\Documents and Settings\Alexis\ANTI-SPYWARE eTrust.PestPatrol. v8.0.0.6(with serial keys)
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0683B6A6-0FF9-4C6C-9240-B71CA010D48F}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39ded7a1-a75b-4b27-88e5-7c7b3666e508}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CA5FD8FF-2744-4E18-BDF2-07A02A98AF3A}"=-
    [-HKEY_CLASSES_ROOT\clsid\{ca5fd8ff-2744-4e18-bdf2-07a02a98af3a}]
    [-HKEY_CLASSES_ROOT\gktxaspm.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{1750A3CC-76BC-4C6A-895D-1904C65F71B5}]
    [-HKEY_CLASSES_ROOT\gktxaspm]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "54a58e5f"=-
    "BM5796bdc3"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]­
    "gnowmebk"=-
    "pxgdslro"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= "1"


    Enregistre ce fichier sous le nom CFScript

    [*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    [*]Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    [*]Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    [*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    [*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    En complément, vas sur ce site https://www.virustotal.com/gui/
    Colle dans la case à gauche de "parcourir" :
    C:\WINDOWS\system32\DRIVERS\GDXWDM.sys
    en cours de chargement ...mis en file d'attenteen attenteen cours d'analyse clique ensuite sur "Envoyer le fichier" puis patiente jusqu'à apparition du message "Situation actuelle: terminé " ; copie alors le rapport dans ta réponse.
    0
  11. obiwan222 Messages postés 129 Statut Membre 18
     
    VOILA LE PREMIER RAPPORT

    ComboFix 08-05-21.3 - Alexis 2008-05-23 21:03:04.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.411 [GMT 2:00]
    Endroit: C:\Documents and Settings\Alexis\Bureau\Reparation\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Alexis\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\eavx.exe
    C:\WINDOWS\gktxaspm.dll
    C:\WINDOWS\gnowmebk.dll
    C:\WINDOWS\mdtgkswr.exe
    C:\WINDOWS\nldfmtapndk.dll
    C:\WINDOWS\pxgdslro.dll
    C:\WINDOWS\system32\eeahtbsg.dll
    C:\WINDOWS\system32\gqfvutdt.dll
    C:\WINDOWS\system32\kutubmce.dll
    C:\WINDOWS\system32\mtogwxlu.dll
    C:\WINDOWS\system32\tcjqhmtt.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Alexis\ANTI-SPYWARE eTrust.PestPatrol. v8.0.0.6(with serial keys)
    C:\Documents and Settings\Alexis\ANTI-SPYWARE eTrust.PestPatrol. v8.0.0.6(with serial keys)\eTrust.PestPatrol.Anti-Spyware.v8.0.0.6.rar
    C:\Documents and Settings\Alexis\ANTI-SPYWARE eTrust.PestPatrol. v8.0.0.6(with serial keys)\eTrust.PestPatrol.Anti-Spyware.v8.0.0.6\pptrialr8.exe
    C:\Documents and Settings\Alexis\ANTI-SPYWARE eTrust.PestPatrol. v8.0.0.6(with serial keys)\eTrust.PestPatrol.Anti-Spyware.v8.0.0.6\READ ME!!!.txt
    C:\WINDOWS\eavx.exe
    C:\WINDOWS\mdtgkswr.exe
    C:\WINDOWS\nldfmtapndk.dll
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\eeahtbsg.dll
    C:\WINDOWS\system32\gqfvutdt.dll
    C:\WINDOWS\system32\kutubmce.dll
    C:\WINDOWS\system32\mtogwxlu.dll
    C:\WINDOWS\system32\tcjqhmtt.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-23 20:18 . 2008-05-23 21:03 354 ---hs---- C:\WINDOWS\system32\ecmbutuk.ini
    2008-05-23 20:18 . 2008-05-23 20:18 0 --a------ C:\WINDOWS\BM5796bdc3.xml
    2008-05-23 19:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-05-23 19:23 . 2008-05-23 19:23 <REP> d-------- C:\VundoFix Backups
    2008-05-23 18:50 . 2008-05-23 19:57 3,550 --a------ C:\WINDOWS\system32\tmp.reg
    2008-05-23 18:50 . 2008-05-23 19:57 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
    2008-05-23 18:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-05-23 18:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-05-23 18:49 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-05-23 18:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-05-23 18:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-05-23 18:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-05-23 18:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-05-23 18:36 . 2008-05-23 19:22 <REP> d-------- C:\Program Files\Navilog1
    2008-05-23 18:10 . 2008-05-23 18:10 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-22 23:39 . 2008-05-22 23:39 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\TmpRecentIcons
    2008-05-22 21:26 . 2008-05-22 21:26 <REP> d-------- C:\Documents and Settings\Incomplete\FTACHJK44J4ZXNUO3GN5VBRWRYDOELFZ
    2008-05-22 21:12 . 2008-05-22 21:12 0 --a------ C:\WINDOWS\pestpatrol5.INI
    2008-05-22 21:04 . 2008-05-22 21:04 <REP> d-------- C:\Program Files\CA
    2008-05-22 20:58 . 2008-05-22 20:58 <REP> d-------- C:\Documents and Settings\Alexis\Total Uninstall 4.8.0.562 Multilingual
    2008-05-22 20:57 . 2008-05-22 21:16 17,706,611 --a------ C:\Documents and Settings\Alexis\Agnitum Outpost Firewall Pro v4.0.1025.zip
    2008-05-22 19:37 . 2008-05-23 20:21 3,616 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
    2008-05-22 19:33 . 2008-05-23 19:55 <REP> d-------- C:\WINDOWS\system32\CatRoot2
    2008-05-22 19:31 . 2008-05-23 20:18 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
    2008-05-22 18:03 . 2008-05-22 18:03 143 --a------ C:\term.bat
    2008-05-22 17:35 . 2008-05-22 17:35 <REP> d-------- C:\Documents and Settings\Incomplete\JOR2K44V4QZDISGCTFQFUEX33JGWWBGR
    2008-05-22 17:32 . 2008-05-22 17:32 <REP> d-------- C:\Documents and Settings\Incomplete\CLWYQCLC7UG35RQEH2ARY3AOKITA55DD
    2008-05-21 20:09 . 2008-05-21 20:09 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\DVDFab
    2008-05-21 19:31 . 2008-05-21 19:31 <REP> d-------- C:\Program Files\DVDFab Platinum 4
    2008-05-21 19:31 . 2008-05-21 20:17 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Vso
    2008-05-21 19:31 . 2008-05-21 19:31 87,608 --a------ C:\Documents and Settings\Alexis\Application Data\inst.exe
    2008-05-21 19:31 . 2008-05-21 19:31 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2008-05-21 19:31 . 2008-05-21 19:31 47,360 --a------ C:\Documents and Settings\Alexis\Application Data\pcouffin.sys
    2008-05-21 19:29 . 2008-05-21 19:29 <REP> d-------- C:\Documents and Settings\Alexis\DVDFab Platinium 4.0.5.5 Full-Ghosthunter
    2008-05-18 18:42 . 2008-05-18 18:42 <REP> d-------- C:\Program Files\Nero
    2008-05-18 18:42 . 2008-05-18 18:44 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-05-10 12:27 . 2008-05-10 12:27 <REP> d--hs---- C:\found.000
    2008-05-08 10:40 . 2008-05-08 10:40 <REP> d-------- C:\Program Files\TagRename
    2008-05-08 10:11 . 2008-05-08 10:11 495,104 --a------ C:\WINDOWS\system32\mp3tsshx.dll
    2008-05-08 10:08 . 2008-05-08 10:08 <REP> d-------- C:\Program Files\Media Tagger
    2008-05-07 17:56 . 2005-02-22 12:36 765,952 --a------ C:\WINDOWS\system32\CDDBUI.dll
    2008-05-07 17:56 . 2005-02-22 12:37 589,824 --a------ C:\WINDOWS\system32\CDDBControl.dll
    2008-05-07 17:56 . 2006-09-05 08:49 503,808 --a------ C:\WINDOWS\system32\MLAG2.ocx
    2008-05-07 17:56 . 2000-12-05 20:00 415,176 --a------ C:\WINDOWS\system32\COMCT332.OCX
    2008-05-07 17:56 . 2001-07-09 02:18 141,408 --a------ C:\WINDOWS\system32\dXPSystm.dll
    2008-05-07 17:56 . 2004-03-09 01:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX
    2008-05-07 17:56 . 1998-06-17 20:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
    2008-05-07 16:50 . 2008-05-07 16:50 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\AQUATRA
    2008-05-04 11:32 . 2008-05-04 11:32 <REP> d-------- C:\WINDOWS\IP Changer
    2008-05-04 09:19 . 2008-05-04 09:19 <REP> d-------- C:\WINDOWS\Caps
    2008-05-03 10:38 . 2008-05-03 10:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-02 18:56 . 2007-07-19 22:42 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
    2008-05-01 20:36 . 2008-05-01 20:36 0 --a------ C:\WINDOWS\system32\SBRC.dat
    2008-05-01 20:36 . 2008-05-01 20:36 0 --a------ C:\WINDOWS\system32\SBFC.dat
    2008-05-01 20:32 . 2008-05-01 20:32 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Sunbelt Software
    2008-04-27 14:40 . 2008-04-27 14:40 <REP> d-------- C:\WINDOWS\system32\Akamai Technologies
    2008-04-27 12:08 . 2008-05-04 11:34 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\tor
    2008-04-27 12:07 . 2008-04-27 12:07 <REP> d-------- C:\Program Files\Vidalia Bundle
    2008-04-27 12:07 . 2008-05-04 11:35 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Vidalia

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-23 17:30 --------- d-----w C:\Program Files\Google
    2008-05-23 17:00 --------- d-----w C:\Program Files\Conduit
    2008-05-23 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-05-23 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-05-22 19:28 6,584 ----a-w C:\Documents and Settings\Incomplete\downloads.dat
    2008-05-22 18:55 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-05-22 16:53 --------- d-----w C:\Program Files\FreeCommander
    2008-05-22 16:40 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Orbit
    2008-05-21 19:05 --------- d-----w C:\Program Files\Notepad++
    2008-05-21 19:05 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Notepad++
    2008-05-21 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\UniversalisV13
    2008-05-18 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-05-10 11:50 --------- d-----w C:\Program Files\Opera
    2008-05-10 11:36 --------- d-----w C:\Program Files\Audible
    2008-05-10 08:45 --------- d-----w C:\Documents and Settings\Perrine\Application Data\Orbit
    2008-05-09 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-02 10:04 --------- d-----w C:\Program Files\LimeWire
    2008-04-29 11:10 --------- d-----w C:\Program Files\Creative
    2008-04-28 17:53 --------- d-----w C:\Program Files\ScanSoft
    2008-04-28 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-04-25 16:04 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-20 11:56 --------- d-----w C:\Program Files\iTunes
    2008-04-20 11:56 --------- d-----w C:\Program Files\iPod
    2008-04-20 11:53 --------- d-----w C:\Program Files\QuickTime
    2008-04-11 19:08 --------- d-----w C:\Program Files\Picasa2
    2008-04-08 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
    2008-04-08 17:32 --------- d-----w C:\Documents and Settings\Alexis\Application Data\TechSmith
    2008-04-08 16:15 --------- d-----w C:\Program Files\TechSmith
    2008-04-08 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
    2008-04-08 16:14 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-31 15:55 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-03-29 14:59 --------- d-----w C:\Program Files\Activision
    2008-03-29 14:47 --------- d-----w C:\Documents and Settings\Alexis\Application Data\FarStone
    2008-03-29 14:44 --------- d-----w C:\Program Files\FarStone
    2008-03-29 14:42 --------- d-----w C:\Program Files\temp
    2008-03-28 18:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-28 06:47 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-28 06:47 --------- d-----w C:\Documents and Settings\Alexis\Application Data\DAEMON Tools
    2008-03-26 15:52 --------- d-----w C:\Program Files\EasyPHP 2.0b1
    2008-03-24 10:42 --------- d-----w C:\Program Files\TuneUp Utilities 2008
    2008-03-24 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-03-24 10:42 --------- d-----w C:\Documents and Settings\Alexis\Application Data\TuneUp Software
    2008-03-23 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
    2008-03-23 20:39 --------- d-----w C:\Documents and Settings\Alexis\Application Data\iolo
    2008-03-23 19:55 --------- d-----w C:\Program Files\DupeEliminator
    2008-03-23 19:47 --------- d-----w C:\Program Files\RomStation
    2008-03-16 11:33 57,344 ----a-w C:\Documents and Settings\Alexis\lametritonus.dll
    2008-03-16 11:33 162,304 ----a-w C:\Documents and Settings\Alexis\lame_enc.dll
    2008-03-09 11:27 772 ----a-w C:\Documents and Settings\Alexis\Application Data\wklnhst.dat
    2008-03-07 17:46 461 ----a-w C:\Documents and Settings\Alexis\Jscript.reg
    2007-12-24 18:57 4,532,651 ----a-w C:\Program Files\EasyWMVDemo.dmg
    2007-12-24 17:56 54,330,664 ----a-w C:\Program Files\iTunesSetup.exe
    2007-09-29 10:23 498,552 ----a-w C:\Program Files\setup.exe
    2007-06-13 13:22 22,040 ---ha-w C:\Documents and Settings\Xavier WINDAL\Application Data\addon.dat
    2007-06-13 13:22 22,040 ---h--w C:\Documents and Settings\Perrine\Application Data\addon.dat
    2007-05-14 18:11 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2007-05-05 19:01 16,590,480 ----a-w C:\Program Files\jre-1_5_0_10-windows-i586-p-s.exe
    2007-05-05 18:31 6,943,028 ----a-w C:\Program Files\installpro.exe
    2007-04-19 10:50 53,062 ----a-w C:\Program Files\__def.rip2
    2007-04-19 10:46 493 ----a-w C:\Program Files\versions.xml
    2007-04-19 10:44 19,473,146 ----a-w C:\Program Files\RI4M_v501d_setup.exe
    2007-03-07 17:19 295 ----a-w C:\Program Files\iepatch.reg
    2007-03-02 12:06 8,344,627 ----a-w C:\Program Files\sfs6int.exe
    2007-02-23 09:23 535,512 ----a-w C:\Program Files\pllangs.exe
    2006-10-26 17:33 0 ----a-w C:\Documents and Settings\Perrine\Application Data\wklnhst.dat
    2006-10-21 19:20 0 ----a-w C:\Documents and Settings\Xavier WINDAL\Application Data\wklnhst.dat
    2006-03-20 13:47 0 ----a-w C:\Documents and Settings\Alexis\CONFIG.SYS
    2006-03-20 13:47 0 ----a-w C:\Documents and Settings\Alexis\AUTOEXEC.BAT
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2008-02-16 13:49 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-23_19.55.56.64 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-23 17:40:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-23 19:11:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-23 19:13:16 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_a04.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 13:11 176128]
    "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-13 23:43 217088]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34 64512]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
    "WD Button Manager"="WDBtnMgr.exe" [2008-01-31 19:26 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
    "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 13:47 118784]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "gnowmebk"= {36A732A7-0590-4960-975B-D846C72DA9EC} - C:\WINDOWS\gnowmebk.dll [ ]
    "pxgdslro"= {B76C1C4D-BDEE-4F5B-804C-C10BAF9DF47B} - C:\WINDOWS\pxgdslro.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    "vidc.DIV3"= DivXc32.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Alexis^Menu Démarrer^Programmes^Démarrage^Memeo AutoSync Launcher.lnk]
    backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Alexis^Menu Démarrer^Programmes^Démarrage^WD Anywhere Backup Launcher.lnk]
    backup=C:\WINDOWS\pss\WD Anywhere Backup Launcher.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Orbit.lnk]
    backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Orbit.lnk

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk]
    backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54a58e5f]
    --a------ 2004-08-10 14:00 33792 C:\WINDOWS\system32\rundll32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
    C:\Program Files\Norton Password Manager\AcctMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    --a------ 2008-01-30 20:36 2476408 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2006-10-23 01:48 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    --a------ 2007-06-08 10:18 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-10 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
    --a------ 2007-12-23 01:03 916240 C:\Program Files\Eraser\eraser.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2008-04-26 00:13 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2004-02-12 14:38 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    --a------ 2004-03-23 10:05 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
    --a------ 2004-02-20 15:12 32768 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    --a------ 2007-02-08 01:12 488984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    --a------ 2007-02-08 01:13 774168 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
    --a------ 2002-03-14 17:46 45056 C:\WINDOWS\system32\ico.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2004-08-10 14:00 33792 C:\WINDOWS\system32\rundll32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]
    -ra------ 2004-07-06 15:15 40960 C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFS6]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    --a------ 2003-09-29 17:00 155648 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 Agent]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 File Redirection Starter]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 HotKeys]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 PasswordManagerFFAutoFill]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-04-06 19:38 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]
    --a------ 2008-03-03 10:41 197888 C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -u

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
    --a------ 2005-12-27 14:58 69632 C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    --a------ 2008-01-30 14:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMConsole.exe]
    --a------ 2005-12-21 13:26 339968 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-11-03 10:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    --a------ 2004-08-23 14:50 122880 C:\Program Files\Wanadoo\Shell.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --------- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "usnjsvc"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 1

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
    "C:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
    R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 15:07]
    R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 18:55]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-10 14:00]
    R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-01-24 14:46]
    S0 gdxwdm;GDXWDM;C:\WINDOWS\system32\DRIVERS\GDXWDM.sys []
    S3 AdWatchDrv;AW Realtime Driver;C:\WINDOWS\system32\drivers\AWRTPD.sys [2007-07-11 14:37]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-24 19:53]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 00:13]
    S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 20:10]
    S3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2005-12-27 08:22]
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 18:23]
    S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-03-27 17:03]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-24 12:42]
    S4 AutoSyncService;Memeo AutoSync service;"C:\Program Files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 18:28]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-20 15:01:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-05-23 19:00:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    "2008-05-23 18:16:17 C:\WINDOWS\Tasks\RegCure Program Check.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2008-05-22 15:18:36 C:\WINDOWS\Tasks\RegCure.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2008-05-23 18:32:32 C:\WINDOWS\Tasks\User_Feed_Synchronization-{84670574-7F27-4867-93B0-670B7ECFB683}.job"
    - C:\WINDOWS\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-23 21:11:54
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPROXY.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Apoint\ApntEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-23 21:21:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-23 19:21:51
    ComboFix2.txt 2008-05-23 17:56:13

    Pre-Run: 8,550,924,288 octets libres
    Post-Run: 8,520,335,360 octets libres

    415 --- E O F --- 2008-05-16 04:48:39
    0
  12. obiwan222 Messages postés 129 Statut Membre 18
     
    Et désolé mais GDWXM.sys n'est pas présent dans le dossier?
    Maintenant que dois je faire??
    Merci
    0
  13. eZula Messages postés 3509 Statut Contributeur 392
     
    1.Passe ce nouveau CFScript :

    File::
    C:\WINDOWS\system32\ecmbutuk.ini
    C:\WINDOWS\BM5796bdc3.xml
    
    Folder::
    C:\VundoFix Backups
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000


    2.Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et poste un rapport Panda https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm (il faut utiliser internet explorer)
    0
  14. obiwan222 Messages postés 129 Statut Membre 18
     
    OK VOILA LE RAPPORT COMBO FIX
    Et merci d'être rester fidèle!

    ComboFix 08-05-21.3 - Alexis 2008-05-24 9:43:11.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.452 [GMT 2:00]
    Endroit: C:\Documents and Settings\Alexis\Bureau\Reparation\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Alexis\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\BM5796bdc3.xml
    C:\WINDOWS\system32\ecmbutuk.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Alexis\Application Data\inst.exe
    C:\Documents and Settings\Perrine\Application Data\addon.dat
    C:\Documents and Settings\Xavier\Application Data\addon.dat
    C:\VundoFix Backups
    C:\WINDOWS\BM5796bdc3.xml
    C:\WINDOWS\system32\ecmbutuk.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-23 19:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-05-23 18:50 . 2008-05-23 19:57 3,550 --a------ C:\WINDOWS\system32\tmp.reg
    2008-05-23 18:50 . 2008-05-23 19:57 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
    2008-05-23 18:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-05-23 18:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-05-23 18:49 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-05-23 18:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-05-23 18:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-05-23 18:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-05-23 18:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-05-23 18:36 . 2008-05-23 19:22 <REP> d-------- C:\Program Files\Navilog1
    2008-05-23 18:10 . 2008-05-23 18:10 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-22 23:39 . 2008-05-22 23:39 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\TmpRecentIcons
    2008-05-22 21:26 . 2008-05-22 21:26 <REP> d-------- C:\Documents and Settings\Incomplete\FTACHJK44J4ZXNUO3GN5VBRWRYDOELFZ
    2008-05-22 21:12 . 2008-05-22 21:12 0 --a------ C:\WINDOWS\pestpatrol5.INI
    2008-05-22 21:04 . 2008-05-22 21:04 <REP> d-------- C:\Program Files\CA
    2008-05-22 20:58 . 2008-05-22 20:58 <REP> d-------- C:\Documents and Settings\Alexis\Total Uninstall 4.8.0.562 Multilingual
    2008-05-22 20:57 . 2008-05-22 21:16 17,706,611 --a------ C:\Documents and Settings\Alexis\Agnitum Outpost Firewall Pro v4.0.1025.zip
    2008-05-22 19:37 . 2008-05-24 09:40 3,616 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
    2008-05-22 19:33 . 2008-05-23 21:56 <REP> d-------- C:\WINDOWS\system32\CatRoot2
    2008-05-22 19:31 . 2008-05-24 09:36 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
    2008-05-22 18:03 . 2008-05-22 18:03 143 --a------ C:\term.bat
    2008-05-22 17:35 . 2008-05-22 17:35 <REP> d-------- C:\Documents and Settings\Incomplete\JOR2K44V4QZDISGCTFQFUEX33JGWWBGR
    2008-05-22 17:32 . 2008-05-22 17:32 <REP> d-------- C:\Documents and Settings\Incomplete\CLWYQCLC7UG35RQEH2ARY3AOKITA55DD
    2008-05-21 20:09 . 2008-05-21 20:09 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\DVDFab
    2008-05-21 19:31 . 2008-05-21 19:31 <REP> d-------- C:\Program Files\DVDFab Platinum 4
    2008-05-21 19:31 . 2008-05-21 20:17 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Vso
    2008-05-21 19:31 . 2008-05-21 19:31 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2008-05-21 19:31 . 2008-05-21 19:31 47,360 --a------ C:\Documents and Settings\Alexis\Application Data\pcouffin.sys
    2008-05-21 19:29 . 2008-05-21 19:29 <REP> d-------- C:\Documents and Settings\Alexis\DVDFab Platinium 4.0.5.5 Full-Ghosthunter
    2008-05-18 18:42 . 2008-05-18 18:42 <REP> d-------- C:\Program Files\Nero
    2008-05-10 12:27 . 2008-05-10 12:27 <REP> d--hs---- C:\found.000
    2008-05-08 10:40 . 2008-05-08 10:40 <REP> d-------- C:\Program Files\TagRename
    2008-05-08 10:11 . 2008-05-08 10:11 495,104 --a------ C:\WINDOWS\system32\mp3tsshx.dll
    2008-05-08 10:08 . 2008-05-08 10:08 <REP> d-------- C:\Program Files\Media Tagger
    2008-05-07 17:56 . 2005-02-22 12:36 765,952 --a------ C:\WINDOWS\system32\CDDBUI.dll
    2008-05-07 17:56 . 2005-02-22 12:37 589,824 --a------ C:\WINDOWS\system32\CDDBControl.dll
    2008-05-07 17:56 . 2006-09-05 08:49 503,808 --a------ C:\WINDOWS\system32\MLAG2.ocx
    2008-05-07 17:56 . 2000-12-05 20:00 415,176 --a------ C:\WINDOWS\system32\COMCT332.OCX
    2008-05-07 17:56 . 2001-07-09 02:18 141,408 --a------ C:\WINDOWS\system32\dXPSystm.dll
    2008-05-07 17:56 . 2004-03-09 01:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX
    2008-05-07 17:56 . 1998-06-17 20:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
    2008-05-07 16:50 . 2008-05-07 16:50 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\AQUATRA
    2008-05-04 11:32 . 2008-05-04 11:32 <REP> d-------- C:\WINDOWS\IP Changer
    2008-05-04 09:19 . 2008-05-04 09:19 <REP> d-------- C:\WINDOWS\Caps
    2008-05-03 10:38 . 2008-05-03 10:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-02 18:56 . 2007-07-19 22:42 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
    2008-05-01 20:36 . 2008-05-01 20:36 0 --a------ C:\WINDOWS\system32\SBRC.dat
    2008-05-01 20:36 . 2008-05-01 20:36 0 --a------ C:\WINDOWS\system32\SBFC.dat
    2008-05-01 20:32 . 2008-05-01 20:32 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Sunbelt Software
    2008-04-27 14:40 . 2008-04-27 14:40 <REP> d-------- C:\WINDOWS\system32\Akamai Technologies
    2008-04-27 12:08 . 2008-05-04 11:34 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\tor
    2008-04-27 12:07 . 2008-04-27 12:07 <REP> d-------- C:\Program Files\Vidalia Bundle
    2008-04-27 12:07 . 2008-05-04 11:35 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Vidalia

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-23 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-05-23 17:30 --------- d-----w C:\Program Files\Google
    2008-05-23 17:00 --------- d-----w C:\Program Files\Conduit
    2008-05-23 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-05-23 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-05-22 19:28 6,584 ----a-w C:\Documents and Settings\Incomplete\downloads.dat
    2008-05-22 18:55 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-05-22 16:53 --------- d-----w C:\Program Files\FreeCommander
    2008-05-22 16:40 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Orbit
    2008-05-21 19:05 --------- d-----w C:\Program Files\Notepad++
    2008-05-21 19:05 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Notepad++
    2008-05-21 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\UniversalisV13
    2008-05-10 11:50 --------- d-----w C:\Program Files\Opera
    2008-05-10 11:36 --------- d-----w C:\Program Files\Audible
    2008-05-10 08:45 --------- d-----w C:\Documents and Settings\Perrine\Application Data\Orbit
    2008-05-09 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-02 10:04 --------- d-----w C:\Program Files\LimeWire
    2008-04-29 11:10 --------- d-----w C:\Program Files\Creative
    2008-04-28 17:53 --------- d-----w C:\Program Files\ScanSoft
    2008-04-28 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-04-25 16:04 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-20 11:56 --------- d-----w C:\Program Files\iTunes
    2008-04-20 11:56 --------- d-----w C:\Program Files\iPod
    2008-04-20 11:53 --------- d-----w C:\Program Files\QuickTime
    2008-04-11 19:08 --------- d-----w C:\Program Files\Picasa2
    2008-04-08 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
    2008-04-08 17:32 --------- d-----w C:\Documents and Settings\Alexis\Application Data\TechSmith
    2008-04-08 16:15 --------- d-----w C:\Program Files\TechSmith
    2008-04-08 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
    2008-04-08 16:14 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-31 15:55 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-03-29 14:59 --------- d-----w C:\Program Files\Activision
    2008-03-29 14:47 --------- d-----w C:\Documents and Settings\Alexis\Application Data\FarStone
    2008-03-29 14:44 5,501 ----a-w C:\WINDOWS\system32\dptlcg32.dll
    2008-03-29 14:44 --------- d-----w C:\Program Files\FarStone
    2008-03-29 14:42 --------- d-----w C:\Program Files\temp
    2008-03-28 18:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-28 06:47 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-28 06:47 --------- d-----w C:\Documents and Settings\Alexis\Application Data\DAEMON Tools
    2008-03-26 15:52 --------- d-----w C:\Program Files\EasyPHP 2.0b1
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-24 10:42 307,968 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-03-24 10:42 --------- d-----w C:\Program Files\TuneUp Utilities 2008
    2008-03-24 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-03-24 10:42 --------- d-----w C:\Documents and Settings\Alexis\Application Data\TuneUp Software
    2008-03-23 20:39 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-16 11:33 57,344 ----a-w C:\Documents and Settings\Alexis\lametritonus.dll
    2008-03-16 11:33 162,304 ----a-w C:\Documents and Settings\Alexis\lame_enc.dll
    2008-03-09 11:27 772 ----a-w C:\Documents and Settings\Alexis\Application Data\wklnhst.dat
    2008-03-07 17:46 461 ----a-w C:\Documents and Settings\Alexis\Jscript.reg
    2008-03-01 12:58 826,368 ------w C:\WINDOWS\system32\wininet.dll
    2008-02-27 12:15 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll
    2007-12-24 18:57 4,532,651 ----a-w C:\Program Files\EasyWMVDemo.dmg
    2007-12-24 17:56 54,330,664 ----a-w C:\Program Files\iTunesSetup.exe
    2007-09-29 10:23 498,552 ----a-w C:\Program Files\setup.exe
    2007-05-14 18:11 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2007-05-05 19:01 16,590,480 ----a-w C:\Program Files\jre-1_5_0_10-windows-i586-p-s.exe
    2007-05-05 18:31 6,943,028 ----a-w C:\Program Files\installpro.exe
    2007-04-19 10:50 53,062 ----a-w C:\Program Files\__def.rip2
    2007-04-19 10:46 493 ----a-w C:\Program Files\versions.xml
    2007-04-19 10:44 19,473,146 ----a-w C:\Program Files\RI4M_v501d_setup.exe
    2007-03-07 17:19 295 ----a-w C:\Program Files\iepatch.reg
    2007-03-02 12:06 8,344,627 ----a-w C:\Program Files\sfs6int.exe
    2007-02-23 09:23 535,512 ----a-w C:\Program Files\pllangs.exe
    2006-10-26 17:33 0 ----a-w C:\Documents and Settings\Perrine\Application Data\wklnhst.dat
    2006-10-21 19:20 0 ----a-w C:\Documents and Settings\Xavier\Application Data\wklnhst.dat
    2006-03-20 13:47 0 ----a-w C:\Documents and Settings\Alexis\CONFIG.SYS
    2006-03-20 13:47 0 ----a-w C:\Documents and Settings\Alexis\AUTOEXEC.BAT
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2008-02-16 13:49 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-23_19.55.56.64 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-23 17:40:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-24 07:34:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-24 07:35:53 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_898.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 13:11 176128]
    "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-13 23:43 217088]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34 64512]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
    "WD Button Manager"="WDBtnMgr.exe" [2008-01-31 19:26 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
    "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 13:47 118784]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "gnowmebk"= {36A732A7-0590-4960-975B-D846C72DA9EC} - C:\WINDOWS\gnowmebk.dll [ ]
    "pxgdslro"= {B76C1C4D-BDEE-4F5B-804C-C10BAF9DF47B} - C:\WINDOWS\pxgdslro.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    "vidc.DIV3"= DivXc32.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Alexis^Menu Démarrer^Programmes^Démarrage^Memeo AutoSync Launcher.lnk]
    backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Alexis^Menu Démarrer^Programmes^Démarrage^WD Anywhere Backup Launcher.lnk]
    backup=C:\WINDOWS\pss\WD Anywhere Backup Launcher.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Orbit.lnk]
    backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Orbit.lnk

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk]
    backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54a58e5f]
    --a------ 2004-08-10 14:00 33792 C:\WINDOWS\system32\rundll32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
    C:\Program Files\Norton Password Manager\AcctMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    --a------ 2008-01-30 20:36 2476408 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2005-06-23 21:33 57344 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2006-10-23 01:48 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    --a------ 2007-06-08 10:18 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-10 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
    --a------ 2007-12-23 01:03 916240 C:\Program Files\Eraser\eraser.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2008-04-26 00:13 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2004-02-12 14:38 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    --a------ 2004-03-23 10:05 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
    --a------ 2004-02-20 15:12 32768 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    --a------ 2007-02-08 01:12 488984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    --a------ 2007-02-08 01:13 774168 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
    --a------ 2002-03-14 17:46 45056 C:\WINDOWS\system32\ico.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2004-08-10 14:00 33792 C:\WINDOWS\system32\rundll32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]
    -ra------ 2004-07-06 15:15 40960 C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFS6]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    --a------ 2003-09-29 17:00 155648 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 Agent]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 File Redirection Starter]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 HotKeys]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 PasswordManagerFFAutoFill]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-04-06 19:38 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]
    --a------ 2008-03-03 10:41 197888 C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -u

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
    --a------ 2005-12-27 14:58 69632 C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    --a------ 2008-01-30 14:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMConsole.exe]
    --a------ 2005-12-21 13:26 339968 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-11-03 10:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    --a------ 2004-08-23 14:50 122880 C:\Program Files\Wanadoo\Shell.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --------- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "usnjsvc"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 1

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
    "C:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
    R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 15:07]
    R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 18:55]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-10 14:00]
    R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-01-24 14:46]
    S0 gdxwdm;GDXWDM;C:\WINDOWS\system32\DRIVERS\GDXWDM.sys []
    S3 AdWatchDrv;AW Realtime Driver;C:\WINDOWS\system32\drivers\AWRTPD.sys [2007-07-11 14:37]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-24 19:53]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 00:13]
    S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 20:10]
    S3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2005-12-27 08:22]
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 18:23]
    S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-03-27 17:03]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-24 12:42]
    S4 AutoSyncService;Memeo AutoSync service;"C:\Program Files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 18:28]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-20 15:01:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-05-24 07:35:42 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    "2008-05-24 07:35:42 C:\WINDOWS\Tasks\RegCure Program Check.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2008-05-22 15:18:36 C:\WINDOWS\Tasks\RegCure.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2008-05-23 18:32:32 C:\WINDOWS\Tasks\User_Feed_Synchronization-{84670574-7F27-4867-93B0-670B7ECFB683}.job"
    - C:\WINDOWS\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-24 09:47:00
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-24 9:50:10
    ComboFix-quarantined-files.txt 2008-05-24 07:50:00
    ComboFix2.txt 2008-05-23 19:22:00
    ComboFix3.txt 2008-05-23 17:56:13

    Pre-Run: 8,518,787,072 octets libres
    Post-Run: 8,501,657,600 octets libres

    360 --- E O F --- 2008-05-16 04:48:39
    0
  15. spy
     
    slt je me demande si spyboot et c cleaner ne font pas plus de mal que du bien je les utilise plus essais de faire une restauration systeme a une date inferieure mais ayant deja utilse c cleaner que ca ne soit pas possible.
    0
    1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
       
      Bonjour spy

      Vue le travail qui a été fait, la désinfection qui aboutit, la seule chose que tu proposes c'est de RESTAURER LES VÉROLES...

      Donc aie l'amabilité de lire le topik AVANT de lancer une ineptie...

      A+
      0
  16. obiwan222 Messages postés 129 Statut Membre 18
     
    Bonjour,

    VOILA le rapport du scan de panda security.
    Si quelqu'un pouvait me dire ce que je dois faire!
    VRAIMENT MERCI POUR TOUT !!!!!

    ;*****************************************************************************************­******************************************************************************************­
    ANALYSIS: 2008-05-24 14:55:58
    PROTECTIONS: 1
    MALWARE: 13
    SUSPECTS: 1
    ;*****************************************************************************************­******************************************************************************************­
    PROTECTIONS
    Description Version Active Updated
    ;=========================================================================================­==========================================================================================­
    Norton 360 2007 Yes Yes
    ;=========================================================================================­==========================================================================================­
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;=========================================================================================­==========================================================================================­
    00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Alexis\Bureau\Reparation\MSNFix\incl\Process.exe
    00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Navilog1\Process.exe
    00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP561\A0138126.exe
    00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Alexis\Bureau\Reparation\MSNFix.zip[MSNFix/incl/Process.exe]
    00139535 Application/Processor HackTools No 0 Yes No D:\MSNFix.zip[MSNFix/incl/Process.exe]
    00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Alexis\Bureau\Reparation\SmitfraudFix\Process.exe
    00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\v7m7ygij.default\cookies.txt[.xiti.com/]
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Alexis\Application Data\Universalis V13\OMMozilla\Profiles\default\0yv61uyq.slt\cookies.txt[.xiti.com/]
    00185663 HackTool/NetCat.A HackTools No 0 Yes No D:\Logiciel\CryptLoad_1.0.4\router\FRITZ!Box\nc.exe
    01176994 Bck/VB.XB Virus/Trojan No 0 No No D:\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
    01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Alexis\Bureau\Reparation\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
    01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP561\A0139171.EXE
    01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP562\A0139288.EXE
    02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Program Files\Navilog1\reboot.exe
    02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Alexis\Bureau\Reparation\SmitfraudFix\Reboot.exe
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP562\A0139276.sys
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP561\A0138164.sys
    02941681 Trj/WmaDownloader.G Virus/Trojan No 0 Yes No D:\Musique\The Cramberries\-.wma
    02989765 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136673.dll
    02989814 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136675.exe
    02989829 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136688.exe
    02989836 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136676.exe
    02989836 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136684.exe
    02989843 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136677.exe
    ;=========================================================================================­==========================================================================================­
    SUSPECTS
    Sent Location

    ;=========================================================================================­==========================================================================================­
    No C:\Program Files\ISP\AOL9\comps\qt\qt.exe

    ;=========================================================================================­==========================================================================================­
    VULNERABILITIES
    Id Severity Description

    ;=========================================================================================­==========================================================================================­
    108742 MEDIUM MS06-006

    ;=========================================================================================­==========================================================================================­

    Configuration: Windows XP
    Firefox 2.0.0.14
    0
  17. eZula Messages postés 3509 Statut Contributeur 392
     
    * Pour terminer, utilise ToolsCleaner! (de A.Rothstein) http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe pour nettoyer les utilitaires téléchargés, désactiver la restauration système et la réactiver après un redémarrage.

    * Visite régulièrement le site http://www.update.microsoft.com/windowsupdate/v6/default.aspx afin d'avoir un système toujours actualisé.

    * Utilise hebdomadairement ce petit programme http://filehippo.com/updatechecker/UpdateChecker.exe pour effectuer tes mises à jour logicielles. Il suffit de le lancer (aucune installation n'est requise). Les liens des mises à jour disponibles apparaitront alors dans une page web. Conseil : n'installe pas les version "beta".

    * N'installe jamais un programme sans avoir entièrement lu et compris les termes de son contrat d'utilisation, ou sans être définitivement certain qu'il n'installe pas discrètement un logiciel publicitaire (renseigne-toi sur Google ou sur les forums)

    * A ce moment là, tu pourras marquer ton sujet "résolu" si tu estimes que c'est le cas http://forum.telecharger.01net.com/forum/high-tech/ARCHIVE-MICRO-HEBDO/Regles-et-mode-d-emploi/forum-micro-hebdo-sujet_8324_1.htm#post40

    * Note importante : il est fortement conseillé d'utiliser un compte limité pour une utilisation classique d'un ordinateur afin de minimiser très siginificativement les risques d'infection.
    Mode d'emploi : https://www.microsoft.com/de-ch

    à+
    0
  18. obiwan222 Messages postés 129 Statut Membre 18
     
    merci pour tout ce que tu as fait
    @+
    0