Sujet Précédent Sujet Suivant

RAPPORT HiJACKthis

Résolu
valdal79 Messages postés 24 Statut Membre -  
valdal79 Messages postés 24 Statut Membre -
Bonjour,j'ai eu un problème concernant mon dd : j'ai perdu 47Go d'espace libre (la totalité de mon espace libre restant)
j'ai fait a un rapport avec HiJackThis donc voila le résultat :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:18:18, on 28/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
C:\Program Files\IM-History\im-history.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Valentin\Desktop\trackmania_united_united_forever_-_extension_gratuite_multi-lang­ues_240514.exe
C:\Users\Valentin\AppData\Local\Temp\is-4TSLP.tmp\trackmania_united_united_forever_-_exten­sion_gratuite_multi-langues_240514.tmp
C:\Users\Valentin\Desktop\trackmania_united_united_forever_-_extension_gratuite_multi-lang­ues_240514.exe
C:\Users\Valentin\AppData\Local\Temp\is-TPVMS.tmp\trackmania_united_united_forever_-_exten­sion_gratuite_multi-langues_240514.tmp
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Valentin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CAC1511-EB16-4AED-99F2-A560D9378CD3} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {5A0F5614-640D-4438-85C8-39F4A21D535D} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BCEBACCE-0163-462E-ABE0-F714543B41AE} - C:\Windows\system32\cbayv.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: {3d61fac7-3ff5-45b9-24a4-080925ccd81e} - {e18dcc52-9080-4a42-9b54-5ff37caf16d3} - C:\Windows\system32\ikakrhko.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [EPSON Product Rappel concernant l'enregistrement] C:\Windows\Temp\RegModule.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Startup: IM-History.lnk = C:\Program Files\IM-History\im-history.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\Windows\system32\windows (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

aider au plus vite svp car je n'est plus de place sur mon dd merci !
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

Je ne comprends pas comment ca se fait que tu as perdu la capacité de ton disque dur mais tu as quelques infections :

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread

= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse

Puis redémarrer le pc !!

ensuite :

Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

déconnecte internet et désactive ton antivirus le temps de la manipulation

=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau

ensuite :

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Et ensuite refais un nouveau rapport hijackthis pour vérifier stp
0
rglf91 Messages postés 153 Statut Membre 6
 
geoffrey en plus de ne jamais dormir; tu ne lis jamais tes messages perso???LOL
0
Réponse 2 / 22
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
lol...quel message perso??
0
rglf91 Messages postés 153 Statut Membre 6
 
celui que je t'ai envoyé
0
Réponse 3 / 22
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Valdal : je vois aussi que tu n as pas d antivirus :s pas bien ca ! lol

télécharge antivir à cette adresse : http://www.commentcamarche.net/download/telecharger-55-antivir

voici un tuto pour bien le configurer : https://www.malekal.com/avira-free-security-antivirus-gratuit/
0
Réponse 4 / 22
valdal79 Messages postés 24 Statut Membre
 
tout d'abord un grand MERCI problème résolu !
voici quand même les rapports:
-malwarebyte:
Malwarebytes' Anti-Malware 1.18
Version de la base de données: 897

14:09:59 28/06/2008
mbam-log-6-28-2008 (14-09-58).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 294437
Temps écoulé: 1 hour(s), 38 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 40
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingenhancer.pornpro_bho (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingenhancer.pornpro_bho.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingenhancer.precachebrowserhost (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingenhancer.precachebrowserhost.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingenhancer.browserwatcher (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingenhancer.browserwatcher.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db0b918e-a0a8-482b-8d75-a682816b0c7b} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.DLL (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSControlService (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{db0b918e-a0a8-482b-8d75-a682816b0c7b} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Windows\System32\windows.vir (Trojan.Zapchast) -> Quarantined and deleted successfully.
C:\Windows\System32\khfFUMdB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Valentin\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

- Virtumundo :

[06/28/2008, 14:19:34] - VirtumundoBeGone v1.5 ( "C:\Users\Valentin\Desktop\VirtumundoBeGone.exe" )
[06/28/2008, 14:19:44] - Detected System Information:
[06/28/2008, 14:19:44] - Windows Version: 6.0.6001, Service Pack 1
[06/28/2008, 14:19:44] - Current Username: Valentin (Admin)
[06/28/2008, 14:19:44] - Windows is in NORMAL mode.
[06/28/2008, 14:19:44] - Searching for Browser Helper Objects:
[06/28/2008, 14:19:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/28/2008, 14:19:44] - BHO 2: {1CAC1511-EB16-4AED-99F2-A560D9378CD3} ()
[06/28/2008, 14:19:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 14:19:44] - Checking for HKLM\...\Winlogon\Notify\efcya
[06/28/2008, 14:19:44] - Key not found: HKLM\...\Winlogon\Notify\efcya, continuing.
[06/28/2008, 14:19:44] - BHO 3: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} (VMN Toolbar)
[06/28/2008, 14:19:44] - BHO 4: {5A0F5614-640D-4438-85C8-39F4A21D535D} ()
[06/28/2008, 14:19:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 14:19:44] - Checking for HKLM\...\Winlogon\Notify\efcya
[06/28/2008, 14:19:44] - Key not found: HKLM\...\Winlogon\Notify\efcya, continuing.
[06/28/2008, 14:19:44] - BHO 5: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[06/28/2008, 14:19:44] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/28/2008, 14:19:44] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/28/2008, 14:19:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 14:19:44] - No filename found. Continuing.
[06/28/2008, 14:19:44] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/28/2008, 14:19:44] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/28/2008, 14:19:44] - BHO 10: {BCEBACCE-0163-462E-ABE0-F714543B41AE} ()
[06/28/2008, 14:19:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 14:19:44] - Checking for HKLM\...\Winlogon\Notify\cbayv
[06/28/2008, 14:19:44] - Key not found: HKLM\...\Winlogon\Notify\cbayv, continuing.
[06/28/2008, 14:19:44] - BHO 11: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[06/28/2008, 14:19:44] - BHO 12: {e18dcc52-9080-4a42-9b54-5ff37caf16d3} ()
[06/28/2008, 14:19:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 14:19:44] - Checking for HKLM\...\Winlogon\Notify\ikakrhko
[06/28/2008, 14:19:44] - Key not found: HKLM\...\Winlogon\Notify\ikakrhko, continuing.
[06/28/2008, 14:19:44] - BHO 13: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/28/2008, 14:19:44] - Finished Searching Browser Helper Objects
[06/28/2008, 14:19:44] - Finishing up...
[06/28/2008, 14:19:44] - Nothing found! Exiting...

[06/28/2008, 14:20:07] - VirtumundoBeGone v1.5 ( "C:\Users\Valentin\Desktop\VirtumundoBeGone.exe" )
[06/28/2008, 14:20:08] - Detected System Information:
[06/28/2008, 14:20:08] - Windows Version: 6.0.6001, Service Pack 1
[06/28/2008, 14:20:08] - Current Username: Valentin (Admin)
[06/28/2008, 14:20:08] - Windows is in NORMAL mode.
[06/28/2008, 14:20:08] - Searching for Browser Helper Objects:
[06/28/2008, 14:20:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/28/2008, 14:20:08] - BHO 2: {1CAC1511-EB16-4AED-99F2-A560D9378CD3} ()
[06/28/2008, 14:20:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 14:20:08] - Checking for HKLM\...\Winlogon\Notify\efcya
[06/28/2008, 14:20:08] - Key not found: HKLM\...\Winlogon\Notify\efcya, continuing.
[06/28/2008, 14:20:08] - BHO 3: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} (VMN Toolbar)
[06/28/2008, 14:20:09] - BHO 4: {5A0F5614-640D-4438-85C8-39F4A21D535D} ()
[06/28/2008, 14:20:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 14:20:09] - Checking for HKLM\...\Winlogon\Notify\efcya
[06/28/2008, 14:20:09] - Key not found: HKLM\...\Winlogon\Notify\efcya, continuing.
[06/28/2008, 14:20:09] - BHO 5: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[06/28/2008, 14:20:09] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/28/2008, 14:20:09] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/28/2008, 14:20:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 14:20:09] - No filename found. Continuing.
[06/28/2008, 14:20:09] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/28/2008, 14:20:09] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/28/2008, 14:20:09] - BHO 10: {BCEBACCE-0163-462E-ABE0-F714543B41AE} ()
[06/28/2008, 14:20:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 14:20:09] - Checking for HKLM\...\Winlogon\Notify\cbayv
[06/28/2008, 14:20:09] - Key not found: HKLM\...\Winlogon\Notify\cbayv, continuing.
[06/28/2008, 14:20:09] - BHO 11: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[06/28/2008, 14:20:09] - BHO 12: {e18dcc52-9080-4a42-9b54-5ff37caf16d3} ()
[06/28/2008, 14:20:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 14:20:09] - Checking for HKLM\...\Winlogon\Notify\ikakrhko
[06/28/2008, 14:20:09] - Key not found: HKLM\...\Winlogon\Notify\ikakrhko, continuing.
[06/28/2008, 14:20:09] - BHO 13: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/28/2008, 14:20:09] - Finished Searching Browser Helper Objects
[06/28/2008, 14:20:09] - Finishing up...
[06/28/2008, 14:20:09] - Nothing found! Exiting...

- ComboFix :
ComboFix 08-06-20.4 - Valentin 2008-06-28 14:22:33.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1299 [GMT 2:00]
Endroit: C:\Users\Valentin\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\BMd3a7e6a7.xml
C:\Windows\pskt.ini
C:\Windows\System32\aycfe.ini
C:\Windows\System32\aycfe.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YETYEZZD

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-28 ))))))))))))))))))))))))))))))))))))
.

2008-06-28 12:24 . 2008-06-28 12:24 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Malwarebytes
2008-06-28 12:24 . 2008-06-28 12:24 <REP> d-------- C:\ProgramData\Malwarebytes
2008-06-28 12:24 . 2008-06-28 12:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 12:24 . 2008-06-19 17:48 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-28 12:24 . 2008-06-19 17:47 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-28 01:29 . 2008-06-28 01:42 <REP> d-------- C:\Program Files\TmUnitedForever
2008-06-27 18:27 . 2008-06-27 19:22 <REP> d-------- C:\ProgramData\TrackMania United
2008-06-27 17:29 . 2008-06-27 17:34 <REP> d-------- C:\Program Files\TrackMania United
2008-06-26 17:01 . 2008-06-26 17:01 <REP> d-------- C:\Users\Valentin\AppData\Roaming\DonationCoder
2008-06-26 17:00 . 2008-06-26 17:00 <REP> d-------- C:\ProgramData\DonationCoder
2008-06-26 17:00 . 2008-06-26 17:00 <REP> d-------- C:\Program Files\ScreenshotCaptor
2008-06-26 16:59 . 2008-06-26 16:59 <REP> d-------- C:\Program Files\DebugMode
2008-06-26 16:50 . 2008-06-26 16:50 <REP> d-------- C:\Program Files\vmntoolbar
2008-06-26 16:50 . 2008-06-28 12:43 <REP> d-------- C:\Program Files\Visicom Media
2008-06-24 01:23 . 2008-06-24 13:31 <REP> d-------- C:\Users\Valentin\AppData\Roaming\uTorrent
2008-06-24 01:23 . 2008-06-24 01:23 <REP> d-------- C:\Program Files\uTorrent
2008-06-24 00:42 . 2008-06-28 14:19 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Xfire
2008-06-24 00:42 . 2008-06-25 12:11 <REP> d-------- C:\ProgramData\Xfire
2008-06-24 00:42 . 2008-06-24 00:42 <REP> d-------- C:\Program Files\Xfire
2008-06-23 23:02 . 2008-06-23 23:02 50 --a------ C:\im.ini
2008-06-23 21:06 . 2008-06-23 21:06 <REP> d-------- C:\Program Files\IVT Corporation
2008-06-23 21:06 . 2008-06-23 23:02 32 --a------ C:\Windows\[u]0/u
2008-06-23 21:06 . 2008-06-23 21:06 0 --a------ C:\Windows\System32\[u]0/u
2008-06-23 13:35 . 2008-06-23 13:35 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Blender Foundation
2008-06-23 13:35 . 2008-06-23 13:35 <REP> d-------- C:\Program Files\Blender Foundation
2008-06-22 00:51 . 1999-05-10 01:00 1,384,448 --a------ C:\Windows\System32\temp.001
2008-06-22 00:51 . 1999-05-10 01:00 1,384,448 --a------ C:\Windows\System32\temp.000
2008-06-20 14:22 . 2008-06-20 14:24 <REP> d-------- C:\Program Files\StuffPlug3
2008-06-20 14:17 . 2008-06-20 14:17 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Download Manager
2008-06-20 14:05 . 2008-06-20 14:10 <REP> d-------- C:\Users\Valentin\AppData\Roaming\IM-History
2008-06-20 14:05 . 2008-06-20 14:05 <REP> d-------- C:\Program Files\IM-History
2008-06-15 15:58 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 15:58 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 15:58 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 15:58 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-13 16:42 . 2008-06-27 14:33 <REP> d-------- C:\ProgramData\TrackMania
2008-06-12 23:28 . 2008-06-24 13:39 <REP> d-------- C:\Program Files\Safari
2008-06-12 22:10 . 2008-06-12 22:14 <REP> d-------- C:\Program Files\Folding@Home
2008-06-12 22:10 . 2002-04-19 00:50 73,728 --a------ C:\Windows\System32\GkSui18.EXE
2008-06-12 22:10 . 2002-01-16 09:27 69,632 --a------ C:\Windows\System32\Copy of GkSui18.EXE
2008-06-12 20:49 . 2008-06-18 13:09 <REP> d-------- C:\Program Files\MessengerDiscovery
2008-06-12 01:53 . 2008-06-12 01:53 41,296 --a------ C:\Windows\System32\xfcodec.dll
2008-06-11 22:29 . 2008-06-11 22:31 <REP> d-------- C:\Program Files\wamp
2008-06-11 22:10 . 2008-06-11 22:21 <REP> d-------- C:\wamp
2008-06-06 19:55 . 2008-06-06 19:55 <REP> d-------- C:\Program Files\LaBoiteACouleurs
2008-06-03 19:21 . 2008-06-03 19:21 <REP> d-------- C:\Program Files\KSOFT
2008-06-02 23:44 . 2008-06-03 00:06 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Notepad++
2008-06-02 23:44 . 2008-06-02 23:44 <REP> d-------- C:\Program Files\Notepad++
2008-06-02 23:38 . 2008-06-02 23:38 <REP> d-------- C:\Users\Valentin\.idlerc
2008-06-02 23:00 . 2008-06-02 23:00 <REP> d-------- C:\Python25
2008-06-02 21:13 . 2008-06-02 21:13 <REP> d-------- C:\Users\Valentin\AppData\Roaming\EPSON
2008-06-02 20:59 . 2008-06-02 21:03 <REP> d-------- C:\ProgramData\UDL
2008-06-02 20:57 . 2008-06-02 20:57 25 --a------ C:\Windows\CDE DX3800EFGIPSD.ini
2008-05-31 13:56 . 2008-05-31 14:07 <REP> d-------- C:\Users\Valentin\.xmoto
2008-05-31 00:15 . 2008-05-31 00:16 <REP> d-------- C:\Perl
2008-05-28 15:17 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 15:17 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 10:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 22:11 --------- d-----w C:\Program Files\Microsoft Games
2008-06-27 21:58 --------- d-----w C:\Users\Valentin\AppData\Roaming\Dev-Cpp
2008-06-27 11:49 --------- d-----w C:\ProgramData\Google Updater
2008-06-26 10:50 --------- d-----w C:\Program Files\Paint.NET
2008-06-25 00:20 --------- d-----w C:\Users\Valentin\AppData\Roaming\Skype
2008-06-24 22:01 --------- d-----w C:\Users\Valentin\AppData\Roaming\skypePM
2008-06-24 01:40 --------- d-----w C:\Users\Valentin\AppData\Roaming\U3
2008-06-21 20:41 --------- d-----w C:\Users\Valentin\AppData\Roaming\gtk-2.0
2008-06-18 21:46 --------- d---a-w C:\ProgramData\TEMP
2008-06-18 11:09 --------- d-----w C:\Program Files\MSN Messenger
2008-06-16 16:22 --------- d-----w C:\Users\Valentin\AppData\Roaming\teamspeak2
2008-06-12 15:13 --------- d-----w C:\Program Files\TmNationsForever
2008-06-12 01:04 --------- d-----w C:\Program Files\Windows Mail
2008-06-09 21:52 --------- d-----w C:\Program Files\Java
2008-06-05 05:36 --------- d-----w C:\Program Files\ENJOY Plus!
2008-06-02 19:01 --------- d-----w C:\Program Files\EPSON
2008-05-27 19:19 253,952 ------w C:\Windows\Setup1.exe
2008-05-27 19:05 --------- d-----w C:\Program Files\thinBasic
2008-05-27 18:45 --------- d-----w C:\Users\Valentin\AppData\Roaming\StarOffice8
2008-05-27 18:41 --------- d-----w C:\Program Files\Sun
2008-05-27 18:24 --------- d-----w C:\Program Files\Google
2008-05-17 10:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-16 17:48 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-02 21:29 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-04-29 18:34 --------- d-----w C:\Program Files\SourceTec
2008-04-29 18:34 --------- d-----w C:\Program Files\Common Files\SourceTec
2008-04-29 17:07 88,532 ----a-w C:\Users\Valentin\AppData\Roaming\nvModes.dat
2008-04-28 18:08 --------- d-----w C:\Program Files\Globe7
2008-04-28 17:49 --------- d-----w C:\Users\Valentin\AppData\Roaming\Globe7
2008-04-28 16:14 --------- d-----w C:\ProgramData\eMule
2008-04-28 16:12 --------- d-----w C:\Program Files\Prison Tycoon 2
2008-04-28 16:12 --------- d-----w C:\Program Files\MotoRacer3
2008-04-28 05:40 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-03 15:06 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-22 02:08 174 --sha-w C:\Program Files\desktop.ini
2007-11-21 08:46 22,328 ----a-w C:\Users\Valentin\AppData\Roaming\PnkBstrK.sys
2007-11-17 18:24 159,232 ----a-w C:\Users\Valentin\fff-ea160.exe
2007-10-21 14:48 98 ----a-w C:\Users\Valentin\AppData\Roaming\wklnhst.dat
2007-09-24 15:24 305,664 ----a-w C:\Users\Valentin\Xtremsplit.exe
2008-01-16 16:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-16 16:03 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-16 16:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CAC1511-EB16-4AED-99F2-A560D9378CD3}]
C:\Windows\system32\efcya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A0F5614-640D-4438-85C8-39F4A21D535D}]
C:\Windows\system32\efcya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCEBACCE-0163-462E-ABE0-F714543B41AE}]
C:\Windows\system32\cbayv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e18dcc52-9080-4a42-9b54-5ff37caf16d3}]
C:\Windows\system32\ikakrhko.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 00:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ENJOY Plus!.lnk - C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe [2007-09-16 10:30:27 1323520]
IM-History.lnk - C:\Program Files\IM-History\im-history.exe [2008-05-07 20:19:56 1482752]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-12 01:53:54 3017040]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 21:38:14 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-02-13 15:19 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Users^Valentin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Banshee Screamer Alarm.lnk]
path=C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk
backup=C:\Windows\pss\Banshee Screamer Alarm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeeEnEs]
C:\Users\Valentin\AppData\Local\Temp\Rar$EX00.607\DeeEnEs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4327BA31-3F45-4A47-921B-D39198F01368}"= Disabled:UDP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{74DA2DD8-59AE-446E-9376-C6CD7D8AF65E}"= Disabled:TCP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{E02C7198-C8E3-4495-88A1-7C48F33E1787}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{799C41A8-B723-441B-8191-DFAEAC97F160}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{0AA302C6-F4FC-4952-A2AB-CE78B00F6AE9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7E4673EA-BA65-49F0-8E3D-051F50B297C7}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3256734A-9D76-4FC8-A26D-D42F990A5F41}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8F55FC92-D573-4768-9230-E7D738A05054}"= UDP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{561F70C6-1CD1-4DAC-AAB0-7A03C5C7C289}"= TCP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{1BC932CE-3E89-4ED4-9B95-9383633368D5}"= UDP:C:\Users\Valentin\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{4AAAED8F-DC83-4D54-A8A5-EFE44EF89C46}"= TCP:C:\Users\Valentin\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{90573FCE-1248-415A-916F-281E7348C443}"= Disabled:UDP:C:\Program Files\ServerMania\ServerMania.exe:ServerMania
"{1A1D03F5-0D09-4FFE-B049-BA3D8C61CACA}"= Disabled:TCP:C:\Program Files\ServerMania\ServerMania.exe:ServerMania
"{68770070-F912-465B-A74C-2EFC64E5989F}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{678C0289-B27E-4E63-8A25-8A6261DF80BA}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{ED8DB6DB-12A5-404F-99FD-F2A7938CE47D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{EA1D0A28-609C-48E4-9B1D-3E4447BE5BAF}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{1D77D333-9399-4029-882D-A5B167D8B8C6}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{26AB9A82-1A70-4B26-BC32-BD0A608B226C}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C756640B-8DDA-4681-9E00-A539DCC9ED93}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{20B70FD0-D4AA-4BF2-BF8A-267C5ED2A4E2}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{1D0D2D37-0730-42D4-84EC-5B090A0C003F}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{5EE07992-21BB-4E7D-9FFF-2B4950C07A86}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{60BAF4BD-A979-4676-89D0-E0A92241B446}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{CA1E4AA7-366B-4E32-B2EE-444C03D69C89}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{B1F51005-DA8F-414D-B5A9-65C5DA50E2F6}C:\\users\\valentin\\documents\\trackmaniaserver.exe"= UDP:C:\users\valentin\documents\trackmaniaserver.exe:trackmaniaserver.exe
"UDP Query User{8BC0D8E4-A70D-414E-ACD3-9D9BEFF01C60}C:\\users\\valentin\\documents\\trackmaniaserver.exe"= TCP:C:\users\valentin\documents\trackmaniaserver.exe:trackmaniaserver.exe
"{5A0BB00F-2431-4EDD-9315-36FE48B5227A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2896E2D7-9192-4585-9C7E-04ADAD3E2A39}C:\\program files\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{070501E1-B1C6-4372-AE51-3448F5AAD06D}C:\\program files\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"TCP Query User{926E162D-72D2-48D7-A284-82BACAB62BE3}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{BEB01FD7-923C-48F3-A079-7EE2EE270A59}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"TCP Query User{502FF669-E04C-4F0D-BE34-0D88A805B16E}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{30E63C6C-5CDF-4EEE-9564-6E63F89BDA6D}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"{951594ED-80FE-46B4-8827-7854ADAD4519}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E81710F2-C4AE-4588-8188-473221C6F16D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{459BA9D3-F761-4676-8B89-251E700A7FBD}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5933FCC4-D883-468C-BCAA-994299C1C860}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{048FDD6F-E3FB-48A6-9C0B-83AAC620B701}"= UDP:C:\Users\Valentin\jeux\PES2008.exe:Pro Evolution Soccer 2008
"{B330AE1D-A5FD-488F-ADA1-F6FEE9B6632A}"= TCP:C:\Users\Valentin\jeux\PES2008.exe:Pro Evolution Soccer 2008
"TCP Query User{09BBA26E-C34D-4B02-A0D1-17052C8D219B}C:\\program files\\gimp-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= UDP:C:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe:script-fu
"UDP Query User{E748BF51-27BF-498E-8560-4EF2CC5F9DEC}C:\\program files\\gimp-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= TCP:C:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe:script-fu
"{CF776962-4925-452A-A9CE-7C8E25E03B30}"= UDP:C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:VoipDiscount
"{1D089B18-3C03-4914-BE6B-82E8A4794061}"= TCP:C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:VoipDiscount
"{E65E00EA-5093-4047-BAE8-3F864D24574F}"= UDP:C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:VoipDiscount
"{13FE6E3F-B21B-4D35-842F-7B6996AD217F}"= TCP:C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:VoipDiscount
"TCP Query User{28C4E569-A86A-4039-9D7C-50F62A3E3D27}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= UDP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
"UDP Query User{8A85847D-C51A-4A83-8D31-D2B76A0673F3}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= TCP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
"{142E0005-1539-4B26-9F08-E70E700ABFD0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A210FE5C-077E-41AB-AC7F-E5E48F63FCD1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FF018434-185B-4B44-B89A-6024187C86C8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{4C2D6DAC-C812-4DB9-8263-7DED56B13C48}C:\\users\\valentin\\documents\\serveur\\trackmaniaserver.exe"= UDP:C:\users\valentin\documents\serveur\trackmaniaserver.exe:trackmaniaserver.exe
"UDP Query User{290302E7-1CCC-4936-B12F-E91FDAB1A2CC}C:\\users\\valentin\\documents\\serveur\\trackmaniaserver.exe"= TCP:C:\users\valentin\documents\serveur\trackmaniaserver.exe:trackmaniaserver.exe
"{D28BCC10-98B8-4518-ABD7-F2DE91F4E3F5}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{688C3C29-50A4-4BEB-AF63-3B4B11D2644D}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{020CAD13-B7E3-40EA-A237-AAF66A5359D8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{3DB57B14-BCF5-488F-B3F0-1ECD9480B028}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{F2D5DB7A-40B9-48ED-90F2-EDF8659B16C7}"= UDP:C:\Program Files\Cyanide\Pro Cycling Manager 2007\PCM.exe:Pro Cycling Manager 2007
"{7F61DC9C-BBBE-412F-B68D-3AF3BD2E7038}"= TCP:C:\Program Files\Cyanide\Pro Cycling Manager 2007\PCM.exe:Pro Cycling Manager 2007
"{B617D9E1-3CBD-4173-9FFC-51C5AEB2D370}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{0A6D9435-C35D-4710-BB71-D6FC5D76E5B5}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B1D76280-B292-4A36-9892-FBCD196C27DD}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8D2921B0-CEC8-4BCF-A856-7B241E3B0354}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{53446838-7E83-434C-8FBB-8EEBA181B164}"= UDP:C:\Program Files\TmNationsForever\TmForeverLauncher.exe:Jouer à TmNationsForever
"{8B706143-636C-48E7-A340-C377493C90D9}"= TCP:C:\Program Files\TmNationsForever\TmForeverLauncher.exe:Jouer à TmNationsForever
"{3B2205AE-305D-4140-A6C7-43291CFD0B4F}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{BC473392-3284-4771-93AC-6093FF3360E0}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{BE19AA38-54BD-4487-AEDD-96D67C06A32C}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{42585C83-3492-4069-8A5E-80B7797ECC37}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{B768BFAA-DDB1-433F-9A09-8D4A5EAC2B93}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{689D14EA-535F-420E-9ED8-DBA5FE3964A4}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB []
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 20:09]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-03-15 21:19]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-03-15 21:19]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 03:03]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-04-23 13:29]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-08 05:10]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 16:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 14:05]
S3 wampapache;wampapache;"C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;"C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe" wampmysqld []
S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-02-14 14:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36f44ee0-360a-11dd-8e00-001bfb19d99a}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554d75dd-6374-11dc-98af-806e6f6e6963}]
\shell\AutoRun\command - F:\_SETIMG\EPSSWT.EXE /NODISP:"ALL" /NOWIZ:"..\EPSETUP.EXE" /ST:"3500,WIN98,WINME"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9555444c-63b3-11dc-aea9-001bfb19d99a}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 14:29:13
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\conime.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\stacsv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
C:\Windows\System32\RacAgent.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-28 14:43:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-28 12:42:39

Pre-Run: 21,815,828,480 octets libres
Post-Run: 76,745,527,296 octets libres

323 --- E O F --- 2008-06-28 12:12:15

et enfin la rapport Hijackthis après tous sa :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:09, on 28/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Valentin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CAC1511-EB16-4AED-99F2-A560D9378CD3} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {5A0F5614-640D-4438-85C8-39F4A21D535D} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BCEBACCE-0163-462E-ABE0-F714543B41AE} - C:\Windows\system32\cbayv.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: {3d61fac7-3ff5-45b9-24a4-080925ccd81e} - {e18dcc52-9080-4a42-9b54-5ff37caf16d3} - C:\Windows\system32\ikakrhko.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Startup: IM-History.lnk = C:\Program Files\IM-History\im-history.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

End of file - 11747 bytes

j'ai aussi installé l'anti virus cependant est ce qu'il me faut un antispywar ou autre si oui le quel est le mieu ?
PS: dsl pour le roman ^^
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
tu peux garder malwarebytes, il est tres bon...

tu peux aussi prendre spybot et ad-aware :

spybot : https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

ad-aware : https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html

Fais les mises à jour et analyses au moins une fois par semaine.

Tu dis résolu mais pourtant y a encore pleins d infections :s

télécharge OtMoveIt

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

c:\windows\system32\ikakrhko.dll

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

ensuite :

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e18dcc52-9080-4a42-9b54-5ff37caf16d3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e18dcc52-9080-4a42-9b54-5ff37caf16d3}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

ensuite : refais un nouveau rapport hijack pour vérifier stp
0
Réponse 6 / 22
valdal79 Messages postés 24 Statut Membre
 
avec OTMoveIt j'ai obtenu ce rapport :

File/Folder c:\windows\system32\ikakrhko.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06292008_020022

et voici mon nouveau rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:33, on 29/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\TmUnitedForever\TmForever.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Valentin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CAC1511-EB16-4AED-99F2-A560D9378CD3} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5A0F5614-640D-4438-85C8-39F4A21D535D} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BCEBACCE-0163-462E-ABE0-F714543B41AE} - C:\Windows\system32\cbayv.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 7 / 22
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

ok maintenant :

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

c:\windows\config\csrss.exe

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

Et ensuite refais un rapport hijack pour vérifier stp
0
Réponse 8 / 22
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
tu as bien fais le fix.reg ??
0
Réponse 9 / 22
valdal79
 
oui il m'a mis que le registre avait bien été modiff
0
Réponse 10 / 22
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok...j attends tes 2 rapports pour vérifier
0
Réponse 11 / 22
valdal79 Messages postés 24 Statut Membre
 
lorsque je click sur Movelt! il me met sa :

File/Folder c:\windows\config\csrss.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06292008_141017
0
Réponse 12 / 22
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
c est normal...refais un hijack
0
Réponse 13 / 22
valdal79 Messages postés 24 Statut Membre
 
et voila mon rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:20, on 29/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\TmUnitedForever\TmForever.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Valentin\Desktop\OTMoveIt2.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Valentin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CAC1511-EB16-4AED-99F2-A560D9378CD3} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5A0F5614-640D-4438-85C8-39F4A21D535D} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BCEBACCE-0163-462E-ABE0-F714543B41AE} - C:\Windows\system32\cbayv.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 14 / 22
valdal79 Messages postés 24 Statut Membre
 
comment on fait pour supprimer un mess pcq j'ai fait un double post :(
0
Réponse 15 / 22
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
recommence la manip :

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

c:\windows\config\csrss.exe

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

Et ensuite refais un rapport hijack pour vérifier stp
0
Réponse 16 / 22
valdal79 Messages postés 24 Statut Membre
 
voila maintenant j'ai un autre problème quand j'allume mon pc il se démarre puis j'ai un fond noir et une fenêtre (mes document) si je la ferme l'écran et tout noir donc je suis obliger d'ouvrir le gestionnaire des tâches, nouvelle tâche, explorer je valide et la mon bureau apparait

voila mes rapport :
File/Folder c:\windows\config\csrss.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06292008_141727

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:50, on 29/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\explorer.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\Valentin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CAC1511-EB16-4AED-99F2-A560D9378CD3} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5A0F5614-640D-4438-85C8-39F4A21D535D} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BCEBACCE-0163-462E-ABE0-F714543B41AE} - C:\Windows\system32\cbayv.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 17 / 22
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
on va essayer autrement :

Copie le texte en gras ci-dessous :

File::
c:\windows\pskt.ini
c:\program files\advantage\advantage.exe

Folder::

Registry::

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

ensuite refais un hijack
0
Réponse 18 / 22
valdal79 Messages postés 24 Statut Membre
 
ComboFix 08-06-20.4 - Valentin 2008-06-29 15:20:14.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1119 [GMT 2:00]
Endroit: C:\Users\Valentin\Desktop\ComboFix.exe
Command switches used :: C:\Users\Valentin\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
c:\program files\advantage\advantage.exe
c:\windows\pskt.ini
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))
.

2008-06-29 02:05 . 2008-06-29 02:07 <REP> d-------- C:\ProgramData\Lavasoft
2008-06-29 02:05 . 2008-06-29 02:05 <REP> d-------- C:\Program Files\Lavasoft
2008-06-29 02:04 . 2008-06-29 13:12 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-29 02:04 . 2008-06-29 02:04 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-29 02:00 . 2008-06-29 02:00 <REP> d-------- C:\_OTMoveIt
2008-06-28 16:13 . 2008-06-28 16:13 <REP> d-------- C:\ProgramData\Avira
2008-06-28 16:13 . 2008-06-28 16:13 <REP> d-------- C:\Program Files\Avira
2008-06-28 12:24 . 2008-06-28 12:24 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Malwarebytes
2008-06-28 12:24 . 2008-06-28 12:24 <REP> d-------- C:\ProgramData\Malwarebytes
2008-06-28 12:24 . 2008-06-28 12:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 12:24 . 2008-06-19 17:48 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-28 12:24 . 2008-06-19 17:47 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-28 01:29 . 2008-06-28 01:42 <REP> d-------- C:\Program Files\TmUnitedForever
2008-06-27 18:27 . 2008-06-27 19:22 <REP> d-------- C:\ProgramData\TrackMania United
2008-06-27 17:29 . 2008-06-27 17:34 <REP> d-------- C:\Program Files\TrackMania United
2008-06-26 17:01 . 2008-06-26 17:01 <REP> d-------- C:\Users\Valentin\AppData\Roaming\DonationCoder
2008-06-26 17:00 . 2008-06-26 17:00 <REP> d-------- C:\ProgramData\DonationCoder
2008-06-26 17:00 . 2008-06-26 17:00 <REP> d-------- C:\Program Files\ScreenshotCaptor
2008-06-26 16:59 . 2008-06-26 16:59 <REP> d-------- C:\Program Files\DebugMode
2008-06-26 16:50 . 2008-06-26 16:50 <REP> d-------- C:\Program Files\vmntoolbar
2008-06-26 16:50 . 2008-06-28 12:43 <REP> d-------- C:\Program Files\Visicom Media
2008-06-24 01:23 . 2008-06-29 02:35 <REP> d-------- C:\Users\Valentin\AppData\Roaming\uTorrent
2008-06-24 01:23 . 2008-06-24 01:23 <REP> d-------- C:\Program Files\uTorrent
2008-06-24 00:42 . 2008-06-29 15:18 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Xfire
2008-06-24 00:42 . 2008-06-25 12:11 <REP> d-------- C:\ProgramData\Xfire
2008-06-24 00:42 . 2008-06-24 00:42 <REP> d-------- C:\Program Files\Xfire
2008-06-23 23:02 . 2008-06-23 23:02 50 --a------ C:\im.ini
2008-06-23 21:06 . 2008-06-23 21:06 <REP> d-------- C:\Program Files\IVT Corporation
2008-06-23 21:06 . 2008-06-23 23:02 32 --a------ C:\Windows\[u]0/u
2008-06-23 21:06 . 2008-06-23 21:06 0 --a------ C:\Windows\System32\[u]0/u
2008-06-23 13:35 . 2008-06-23 13:35 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Blender Foundation
2008-06-23 13:35 . 2008-06-23 13:35 <REP> d-------- C:\Program Files\Blender Foundation
2008-06-22 00:51 . 1999-05-10 01:00 1,384,448 --a------ C:\Windows\System32\temp.001
2008-06-22 00:51 . 1999-05-10 01:00 1,384,448 --a------ C:\Windows\System32\temp.000
2008-06-20 14:22 . 2008-06-20 14:24 <REP> d-------- C:\Program Files\StuffPlug3
2008-06-20 14:17 . 2008-06-20 14:17 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Download Manager
2008-06-20 14:05 . 2008-06-28 22:49 <REP> d-------- C:\Users\Valentin\AppData\Roaming\IM-History
2008-06-15 15:58 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 15:58 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 15:58 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 15:58 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-13 16:42 . 2008-06-28 17:29 <REP> d-------- C:\ProgramData\TrackMania
2008-06-12 23:28 . 2008-06-24 13:39 <REP> d-------- C:\Program Files\Safari
2008-06-12 22:10 . 2008-06-12 22:14 <REP> d-------- C:\Program Files\Folding@Home
2008-06-12 22:10 . 2002-04-19 00:50 73,728 --a------ C:\Windows\System32\GkSui18.EXE
2008-06-12 22:10 . 2002-01-16 09:27 69,632 --a------ C:\Windows\System32\Copy of GkSui18.EXE
2008-06-12 20:49 . 2008-06-18 13:09 <REP> d-------- C:\Program Files\MessengerDiscovery
2008-06-12 01:53 . 2008-06-12 01:53 41,296 --a------ C:\Windows\System32\xfcodec.dll
2008-06-11 22:29 . 2008-06-11 22:31 <REP> d-------- C:\Program Files\wamp
2008-06-11 22:10 . 2008-06-11 22:21 <REP> d-------- C:\wamp
2008-06-06 19:55 . 2008-06-06 19:55 <REP> d-------- C:\Program Files\LaBoiteACouleurs
2008-06-03 19:21 . 2008-06-03 19:21 <REP> d-------- C:\Program Files\KSOFT
2008-06-02 23:44 . 2008-06-03 00:06 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Notepad++
2008-06-02 23:44 . 2008-06-02 23:44 <REP> d-------- C:\Program Files\Notepad++
2008-06-02 23:38 . 2008-06-02 23:38 <REP> d-------- C:\Users\Valentin\.idlerc
2008-06-02 23:00 . 2008-06-02 23:00 <REP> d-------- C:\Python25
2008-06-02 21:13 . 2008-06-02 21:13 <REP> d-------- C:\Users\Valentin\AppData\Roaming\EPSON
2008-06-02 20:59 . 2008-06-02 21:03 <REP> d-------- C:\ProgramData\UDL
2008-06-02 20:57 . 2008-06-02 20:57 25 --a------ C:\Windows\CDE DX3800EFGIPSD.ini
2008-05-31 13:56 . 2008-05-31 14:07 <REP> d-------- C:\Users\Valentin\.xmoto
2008-05-31 00:15 . 2008-05-31 00:16 <REP> d-------- C:\Perl

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 00:35 --------- d-----w C:\Program Files\AdVantage
2008-06-29 00:20 --------- d---a-w C:\ProgramData\TEMP
2008-06-28 16:42 --------- d-----w C:\Users\Valentin\AppData\Roaming\gtk-2.0
2008-06-28 12:49 --------- d-----w C:\ProgramData\Google Updater
2008-06-28 10:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 22:11 --------- d-----w C:\Program Files\Microsoft Games
2008-06-27 21:58 --------- d-----w C:\Users\Valentin\AppData\Roaming\Dev-Cpp
2008-06-26 10:50 --------- d-----w C:\Program Files\Paint.NET
2008-06-25 00:20 --------- d-----w C:\Users\Valentin\AppData\Roaming\Skype
2008-06-24 22:01 --------- d-----w C:\Users\Valentin\AppData\Roaming\skypePM
2008-06-24 01:40 --------- d-----w C:\Users\Valentin\AppData\Roaming\U3
2008-06-18 11:09 --------- d-----w C:\Program Files\MSN Messenger
2008-06-16 16:22 --------- d-----w C:\Users\Valentin\AppData\Roaming\teamspeak2
2008-06-12 15:13 --------- d-----w C:\Program Files\TmNationsForever
2008-06-12 01:04 --------- d-----w C:\Program Files\Windows Mail
2008-06-09 21:52 --------- d-----w C:\Program Files\Java
2008-06-05 05:36 --------- d-----w C:\Program Files\ENJOY Plus!
2008-06-02 19:01 --------- d-----w C:\Program Files\EPSON
2008-05-27 19:19 253,952 ------w C:\Windows\Setup1.exe
2008-05-27 19:05 --------- d-----w C:\Program Files\thinBasic
2008-05-27 18:45 --------- d-----w C:\Users\Valentin\AppData\Roaming\StarOffice8
2008-05-27 18:41 --------- d-----w C:\Program Files\Sun
2008-05-27 18:24 --------- d-----w C:\Program Files\Google
2008-05-17 10:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-16 17:48 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-05-10 03:35 885,248 ----a-w C:\Windows\System32\RacEngn.dll
2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-02 21:29 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-04-29 18:34 --------- d-----w C:\Program Files\SourceTec
2008-04-29 18:34 --------- d-----w C:\Program Files\Common Files\SourceTec
2008-04-29 17:07 88,532 ----a-w C:\Users\Valentin\AppData\Roaming\nvModes.dat
2008-04-28 18:08 --------- d-----w C:\Program Files\Globe7
2008-04-28 17:49 --------- d-----w C:\Users\Valentin\AppData\Roaming\Globe7
2008-04-28 16:14 --------- d-----w C:\ProgramData\eMule
2008-04-28 16:12 --------- d-----w C:\Program Files\MotoRacer3
2008-04-28 05:40 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-03 15:06 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-22 02:08 174 --sha-w C:\Program Files\desktop.ini
2007-11-21 08:46 22,328 ----a-w C:\Users\Valentin\AppData\Roaming\PnkBstrK.sys
2007-11-17 18:24 159,232 ----a-w C:\Users\Valentin\fff-ea160.exe
2007-10-21 14:48 98 ----a-w C:\Users\Valentin\AppData\Roaming\wklnhst.dat
2007-09-24 15:24 305,664 ----a-w C:\Users\Valentin\Xtremsplit.exe
2008-01-16 16:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-16 16:03 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-16 16:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CAC1511-EB16-4AED-99F2-A560D9378CD3}]
C:\Windows\system32\efcya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A0F5614-640D-4438-85C8-39F4A21D535D}]
C:\Windows\system32\efcya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCEBACCE-0163-462E-ABE0-F714543B41AE}]
C:\Windows\system32\cbayv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 00:06 2321600]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ENJOY Plus!.lnk - C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe [2007-09-16 10:30:27 1323520]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-12 01:53:54 3017040]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 21:38:14 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-02-13 15:19 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Users^Valentin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Banshee Screamer Alarm.lnk]
path=C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk
backup=C:\Windows\pss\Banshee Screamer Alarm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeeEnEs]
C:\Users\Valentin\AppData\Local\Temp\Rar$EX00.607\DeeEnEs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4327BA31-3F45-4A47-921B-D39198F01368}"= Disabled:UDP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{74DA2DD8-59AE-446E-9376-C6CD7D8AF65E}"= Disabled:TCP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{E02C7198-C8E3-4495-88A1-7C48F33E1787}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{799C41A8-B723-441B-8191-DFAEAC97F160}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{0AA302C6-F4FC-4952-A2AB-CE78B00F6AE9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7E4673EA-BA65-49F0-8E3D-051F50B297C7}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3256734A-9D76-4FC8-A26D-D42F990A5F41}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8F55FC92-D573-4768-9230-E7D738A05054}"= UDP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{561F70C6-1CD1-4DAC-AAB0-7A03C5C7C289}"= TCP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{90573FCE-1248-415A-916F-281E7348C443}"= Disabled:UDP:C:\Program Files\ServerMania\ServerMania.exe:ServerMania
"{1A1D03F5-0D09-4FFE-B049-BA3D8C61CACA}"= Disabled:TCP:C:\Program Files\ServerMania\ServerMania.exe:ServerMania
"{68770070-F912-465B-A74C-2EFC64E5989F}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{678C0289-B27E-4E63-8A25-8A6261DF80BA}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{ED8DB6DB-12A5-404F-99FD-F2A7938CE47D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{EA1D0A28-609C-48E4-9B1D-3E4447BE5BAF}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{1D77D333-9399-4029-882D-A5B167D8B8C6}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{26AB9A82-1A70-4B26-BC32-BD0A608B226C}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C756640B-8DDA-4681-9E00-A539DCC9ED93}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{20B70FD0-D4AA-4BF2-BF8A-267C5ED2A4E2}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{1D0D2D37-0730-42D4-84EC-5B090A0C003F}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{5EE07992-21BB-4E7D-9FFF-2B4950C07A86}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{B1F51005-DA8F-414D-B5A9-65C5DA50E2F6}C:\\users\\valentin\\documents\\trackmaniaserver.exe"= UDP:C:\users\valentin\documents\trackmaniaserver.exe:trackmaniaserver.exe
"UDP Query User{8BC0D8E4-A70D-414E-ACD3-9D9BEFF01C60}C:\\users\\valentin\\documents\\trackmaniaserver.exe"= TCP:C:\users\valentin\documents\trackmaniaserver.exe:trackmaniaserver.exe
"{5A0BB00F-2431-4EDD-9315-36FE48B5227A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2896E2D7-9192-4585-9C7E-04ADAD3E2A39}C:\\program files\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{070501E1-B1C6-4372-AE51-3448F5AAD06D}C:\\program files\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"TCP Query User{926E162D-72D2-48D7-A284-82BACAB62BE3}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{BEB01FD7-923C-48F3-A079-7EE2EE270A59}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"TCP Query User{502FF669-E04C-4F0D-BE34-0D88A805B16E}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{30E63C6C-5CDF-4EEE-9564-6E63F89BDA6D}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"{951594ED-80FE-46B4-8827-7854ADAD4519}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E81710F2-C4AE-4588-8188-473221C6F16D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{459BA9D3-F761-4676-8B89-251E700A7FBD}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5933FCC4-D883-468C-BCAA-994299C1C860}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{048FDD6F-E3FB-48A6-9C0B-83AAC620B701}"= UDP:C:\Users\Valentin\jeux\PES2008.exe:Pro Evolution Soccer 2008
"{B330AE1D-A5FD-488F-ADA1-F6FEE9B6632A}"= TCP:C:\Users\Valentin\jeux\PES2008.exe:Pro Evolution Soccer 2008
"TCP Query User{09BBA26E-C34D-4B02-A0D1-17052C8D219B}C:\\program files\\gimp-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= UDP:C:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe:script-fu
"UDP Query User{E748BF51-27BF-498E-8560-4EF2CC5F9DEC}C:\\program files\\gimp-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= TCP:C:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe:script-fu
"{E65E00EA-5093-4047-BAE8-3F864D24574F}"= UDP:C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:VoipDiscount
"{13FE6E3F-B21B-4D35-842F-7B6996AD217F}"= TCP:C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:VoipDiscount
"{142E0005-1539-4B26-9F08-E70E700ABFD0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A210FE5C-077E-41AB-AC7F-E5E48F63FCD1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FF018434-185B-4B44-B89A-6024187C86C8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F2D5DB7A-40B9-48ED-90F2-EDF8659B16C7}"= UDP:C:\Program Files\Cyanide\Pro Cycling Manager 2007\PCM.exe:Pro Cycling Manager 2007
"{7F61DC9C-BBBE-412F-B68D-3AF3BD2E7038}"= TCP:C:\Program Files\Cyanide\Pro Cycling Manager 2007\PCM.exe:Pro Cycling Manager 2007
"{B617D9E1-3CBD-4173-9FFC-51C5AEB2D370}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{0A6D9435-C35D-4710-BB71-D6FC5D76E5B5}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B1D76280-B292-4A36-9892-FBCD196C27DD}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8D2921B0-CEC8-4BCF-A856-7B241E3B0354}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{53446838-7E83-434C-8FBB-8EEBA181B164}"= UDP:C:\Program Files\TmNationsForever\TmForeverLauncher.exe:Jouer à TmNationsForever
"{8B706143-636C-48E7-A340-C377493C90D9}"= TCP:C:\Program Files\TmNationsForever\TmForeverLauncher.exe:Jouer à TmNationsForever
"{3B2205AE-305D-4140-A6C7-43291CFD0B4F}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{BC473392-3284-4771-93AC-6093FF3360E0}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{BE19AA38-54BD-4487-AEDD-96D67C06A32C}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{42585C83-3492-4069-8A5E-80B7797ECC37}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{B768BFAA-DDB1-433F-9A09-8D4A5EAC2B93}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{689D14EA-535F-420E-9ED8-DBA5FE3964A4}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{020CAD13-B7E3-40EA-A237-AAF66A5359D8}"= Disabled:UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{3DB57B14-BCF5-488F-B3F0-1ECD9480B028}"= Disabled:TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D28BCC10-98B8-4518-ABD7-F2DE91F4E3F5}"= Disabled:UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{688C3C29-50A4-4BEB-AF63-3B4B11D2644D}"= Disabled:TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{1BC932CE-3E89-4ED4-9B95-9383633368D5}"= Disabled:UDP:C:\Users\Valentin\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{4AAAED8F-DC83-4D54-A8A5-EFE44EF89C46}"= Disabled:TCP:C:\Users\Valentin\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{60BAF4BD-A979-4676-89D0-E0A92241B446}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= Disabled:UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{CA1E4AA7-366B-4E32-B2EE-444C03D69C89}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= Disabled:TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{28C4E569-A86A-4039-9D7C-50F62A3E3D27}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= Disabled:UDP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
"UDP Query User{8A85847D-C51A-4A83-8D31-D2B76A0673F3}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= Disabled:TCP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
"TCP Query User{4C2D6DAC-C812-4DB9-8263-7DED56B13C48}C:\\users\\valentin\\documents\\serveur\\trackmaniaserver.exe"= Disabled:UDP:C:\users\valentin\documents\serveur\trackmaniaserver.exe:trackmaniaserver.exe
"UDP Query User{290302E7-1CCC-4936-B12F-E91FDAB1A2CC}C:\\users\\valentin\\documents\\serveur\\trackmaniaserver.exe"= Disabled:TCP:C:\users\valentin\documents\serveur\trackmaniaserver.exe:trackmaniaserver.exe
"{CF776962-4925-452A-A9CE-7C8E25E03B30}"= Disabled:UDP:C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:VoipDiscount
"{1D089B18-3C03-4914-BE6B-82E8A4794061}"= Disabled:TCP:C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:VoipDiscount
"TCP Query User{5141FCE6-BB93-4C67-A05B-318E6F646BC3}C:\\program files\\tmunitedforever\\tmforever.exe"= UDP:C:\program files\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{12431091-B2EE-4CCC-B413-76374BA17C80}C:\\program files\\tmunitedforever\\tmforever.exe"= TCP:C:\program files\tmunitedforever\tmforever.exe:TmForever
"TCP Query User{7B2EDF75-EFE5-41D7-9E72-208EF9A48FE9}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{2830FB29-603E-493E-9E27-0C6556B82950}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{361F0200-C6C3-4ACA-A254-60BF45462C3C}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{063367C7-2253-4A8D-AF83-72730ACA3289}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"{11FD7413-F07D-424D-B081-C3B99F954E44}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5005939F-E1D2-407E-90F7-C1ED913B305B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{2302E831-8BAF-4334-87B8-0C4387F969FD}C:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{CA005DE3-EFCD-49E0-9942-916ADE2995D6}C:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB []
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 20:09]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-03-15 21:19]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-03-15 21:19]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 03:03]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-04-23 13:29]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-08 05:10]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 16:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 14:05]
S3 wampapache;wampapache;"C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;"C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe" wampmysqld []
S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-02-14 14:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36f44ee0-360a-11dd-8e00-001bfb19d99a}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554d75dd-6374-11dc-98af-806e6f6e6963}]
\shell\AutoRun\command - F:\_SETIMG\EPSSWT.EXE /NODISP:"ALL" /NOWIZ:"..\EPSETUP.EXE" /ST:"3500,WIN98,WINME"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9555444c-63b3-11dc-aea9-001bfb19d99a}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 15:24:41
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-29 15:26:31
ComboFix-quarantined-files.txt 2008-06-29 13:26:07
ComboFix2.txt 2008-06-28 12:43:45

Pre-Run: 78,844,145,664 octets libres
Post-Run: 78,811,508,736 octets libres

299 --- E O F --- 2008-06-29 12:19:31

hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:32, on 29/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Explorer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Valentin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CAC1511-EB16-4AED-99F2-A560D9378CD3} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5A0F5614-640D-4438-85C8-39F4A21D535D} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BCEBACCE-0163-462E-ABE0-F714543B41AE} - C:\Windows\system32\cbayv.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

End of file - 11960 bytes
0
Réponse 19 / 22
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Ca a l air bon je ne vois plus l infection...

relance hijackthis en cliquant sur scan only et coches ces lignes :

O2 - BHO: (no name) - {1CAC1511-EB16-4AED-99F2-A560D9378CD3} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: (no name) - {5A0F5614-640D-4438-85C8-39F4A21D535D} - C:\Windows\system32\efcya.dll (file missing)
O2 - BHO: (no name) - {BCEBACCE-0163-462E-ABE0-F714543B41AE} - C:\Windows\system32\cbayv.dll (file missing)
O4 - Global Startup: Bluetooth Manager.lnk = ?

ensuite cliques sur fix checked.

As tu encore le probleme au démarrage ??
0
Réponse 20 / 22
valdal79 Messages postés 24 Statut Membre
 
voila c'est bon vraiment MERCI !!!!!
je n'est plus le problème
cette fois ci c'est bon je n'est plus d'infection je peux mettre problème résolu ?
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses