DNS 85.255.113.147 85.255.112.138

Résolu/Fermé
olivier82 - 23 sept. 2008 à 20:57
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 7 oct. 2008 à 08:36
Bonjour,

J'ai un gros probleme depuis 2 jours, je ne parviens plus à me connecter au réseau de mon entreprise à cause d'un problème DNS.

J'ai donc utilisé Hijack qui me dit clairement que je suis contaminé (O17 DNS 85.255.113.147 85.255.112.138). Lorsque je fix, de temps en temps je parviens à nouveau à me connecter au réseau de ma boite. Mais le problème revient tout le temps.

J'ai donc essayé avec SmitFraud et Combofix comme je l'ai lu sur certain forum mais rien à faire cela revient. En allant dans les propriétés de mes cartes réseau et en demandant d'obtenir automatiquement une adresse DNS ca repart tout seul aussi.

Pouvez-vous m'aider?

Je suis sous VISTA

Ci dessous le dernier rapport Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:02, on 23/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Voipwise.com\Voipwise\voipwise.exe
C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\voipwise.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer = 85.255.113.147,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: NameServer = 85.255.113.147,85.255.112.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdiid.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

43 réponses

ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
28 sept. 2008 à 21:50
ok poste les rapports stp
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:47, on 28/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Voipwise.com\Voipwise\voipwise.exe
C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\voipwise.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer = 85.255.113.147,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: NameServer = 85.255.113.147,85.255.112.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdiid.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
28 sept. 2008 à 22:15
excuse je n'est pas été assez clair quand je parle des rapports se sont les rapports de smitfraudfix en option 5 et 2

Ce qui te fait deux rapports à poster

++
0
SmitFraudFix v2.354

Scan done at 9:36:06,71, lun. 29/09/2008
Run from C:\Users\OSPRL\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
DNS Server Search Order: 85.255.113.147
DNS Server Search Order: 85.255.112.138

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 85.255.113.147
DNS Server Search Order: 85.255.112.138

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer=85.255.113.147,85.255.112.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: NameServer=85.255.113.147,85.255.112.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer=85.255.113.147,85.255.112.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: NameServer=85.255.113.147,85.255.112.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 195.238.2.21

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 195.238.2.21

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 195.238.2.21

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: DhcpNameServer=192.168.2.1 195.238.2.21




hijack ///



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:41:36, on 29/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Voipwise.com\Voipwise\voipwise.exe
C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\cmd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\meetingmaker\mm.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\voipwise.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer = 85.255.113.147,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: NameServer = 85.255.113.147,85.255.112.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer = 85.255.113.147,85.255.112.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdiid.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
29 sept. 2008 à 10:18
slt a tous les deux

pour voir tu peux refaire ceci:


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.



appuie simultanement sur la touche vista et sur r > la boite executer va s´ouvrir...

tape cmd et valide par ok

dans la fenetre noir tape ceci : ipconfig /flushdns et valide par entree

puis a l´aide de hijack this fix :

O17 - HKLM\System\CCS\Services\Tcpip\..\{964D3745-F1C8-4E7F-861E-978030E6B686}: NameServer = 85.255.115.5,85.255.112.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.5 85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.5 85.255.112.20





si cela persiste recommence en mode sans echec


essaie en mode sans echec :

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.




sinon pas d'antivirus? antiespion?
0
SmitFraudFix v2.354

Scan done at 9:36:06,71, lun. 29/09/2008
Run from C:\Users\OSPRL\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
DNS Server Search Order: 85.255.113.147
DNS Server Search Order: 85.255.112.138

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 85.255.113.147
DNS Server Search Order: 85.255.112.138

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer=85.255.113.147,85.255.112.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: NameServer=85.255.113.147,85.255.112.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer=85.255.113.147,85.255.112.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: NameServer=85.255.113.147,85.255.112.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 195.238.2.21
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 195.238.2.21

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 195.238.2.21

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 195.238.2.21

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: DhcpNameServer=192.168.2.1 195.238.2.21










Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:41:36, on 29/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Voipwise.com\Voipwise\voipwise.exe
C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\cmd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\meetingmaker\mm.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\voipwise.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer = 85.255.113.147,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: NameServer = 85.255.113.147,85.255.112.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer = 85.255.113.147,85.255.112.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdiid.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
29 sept. 2008 à 17:58
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
j ai déjà utilisé combofix en faisant cette procédure mais toujours le meme probleme...
je recommence quand meme?
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
Modifié par Jeff le 3/07/2013 à 10:06
oui pour avoir le rapport


et colle un rapport avec bitdefender free
0
Sacabouffe Messages postés 9427 Date d'inscription dimanche 19 août 2007 Statut Membre Dernière intervention 29 mai 2009 1 835
30 sept. 2008 à 14:32
Salut

Voilà le rapport d'olivier82.

ComboFix 08-09-28.03 - OSPRL 2008-09-30 12:24:37.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1087 [GMT 2:00]
Lancé depuis: C:\Users\OSPRL\Desktop\ComboFix.exe ­
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))­
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))­))))))))))))
.
30/09/2008 08:03 181,509 #NOM? C:\Users\OSPRL\A­ppData\Roaming\nvModes.dat
29/09/2008 07:27 691 #NOM? C:\Users\OSPRL\AppDa­ta\Roaming\GetValue.vbs
29/09/2008 07:27 35 #NOM? C:\Users\OSPRL\AppDat­a\Roaming\SetValue.bat
29/09/2008 07:27 2,86 #NOM? C:\Windows\System32­\tmp.reg
24/09/2008 18:36 --------- d-----w C:\Users\OSP­RL\AppData\Roaming\Download Manager
24/09/2008 18:36 --------- d-----w C:\Program Files\Cucusoft
24/09/2008 18:11 540,178 #NOM? C:\Windows\Syste­m32\x264vfw.dll
24/09/2008 18:11 --------- d-----w C:\Program Files\x264
24/09/2008 18:11 --------- d-----w C:\Program Files\WinASPI
24/09/2008 18:11 --------- d-----w C:\Program Files\neodivx2006
24/09/2008 18:11 --------- d-----w C:\Program Files\Morgan
24/09/2008 18:10 --------- d-----w C:\Program Files\XviD
24/09/2008 18:06 --------- d-----w C:\Program Files\YASAVideoEncoder
23/09/2008 19:18 --------- d-----w C:\Users\OSP­RL\AppData\Roaming\Malwarebytes
23/09/2008 19:18 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
23/09/2008 19:17 --------- d-----w C:\ProgramDa­ta\Malwarebytes
22/09/2008 09:26 --------- d-----w C:\Program Files\Trend Micro
21/09/2008 21:02 --------- d-----w C:\ProgramDa­ta\Lavasoft
21/09/2008 20:25 --------- d-----w C:\Program Files\Lavasoft
21/09/2008 16:36 --------- d-----w C:\ProgramDa­ta\Roxio
20/09/2008 07:37 --------- d-----w C:\Program Files\totalcmd
20/09/2008 07:35 --------- d-----w C:\Users\OSP­RL\AppData\Roaming\GHISLER
19/09/2008 16:57 --------- d-----w C:\Users\OSP­RL\AppData\Roaming\Nero
19/09/2008 16:51 --------- d-----w C:\Program Files\Common Files\Nero
19/09/2008 16:42 --------- d-----w C:\ProgramDa­ta\Nero
19/09/2008 16:42 --------- d-----w C:\Program Files\Nero
19/09/2008 16:05 --------- d-----w C:\Users\OSP­RL\AppData\Roaming\AVS4YOU
19/09/2008 16:04 --------- d-----w C:\Program Files\AVS4YOU
19/09/2008 15:17 --------- d-----w C:\ProgramDa­ta\AVS4YOU
19/09/2008 15:14 --------- d-----w C:\Program Files\Common Files\AVSMedia
11/09/2008 01:04 --------- d-----w C:\ProgramDa­ta\Microsoft Help
10/09/2008 16:14 --------- d-----w C:\ProgramDa­ta\{3276BE95_AF08_429F_A64F_CA64CB79­BCF6}
10/09/2008 16:14 --------- d-----w C:\Program Files\iTunes
10/09/2008 16:13 --------- d-----w C:\Program Files\iPod
10/09/2008 16:11 --------- d-----w C:\Program Files\Bonjour
10/09/2008 16:10 --------- d-----w C:\Program Files\QuickTime
10/09/2008 16:09 --------- d-----w C:\Program Files\Common Files\Apple
9/09/2008 22:04 38,528 #NOM? C:\Windows\system­32\drivers\mbamswissarmy.sys
9/09/2008 22:03 17,2 #NOM? C:\Windows\system32­\drivers\mbam.sys
5/09/2008 20:16 36,864 #NOM? C:\Windows\system­32\drivers\usbaapl.sys
5/09/2008 20:16 1,900,544 #NOM? C:\Windows\Sys­tem32\usbaaplrc.dll
3/09/2008 14:19 92,25 #NOM? C:\Windows\System3­2\HKCU_GNU.reg
29/08/2008 08:18 87,336 #NOM? C:\Windows\System­32\dns-sd.exe
29/08/2008 07:53 61,44 #NOM? C:\Windows\System3­2\dnssd.dll
20/08/2008 11:48 --------- d-----w C:\Program Files\WinAircrackPack
19/08/2008 01:02 --------- d-----w C:\Program Files\Microsoft Silverlight
15/08/2008 07:10 --------- d-----w C:\Users\OSP­RL\AppData\Roaming\Apple Computer
15/08/2008 01:16 --------- d-----w C:\Program Files\Windows Mail
9/08/2008 12:52 --------- d-----w C:\Program Files\Java
5/08/2008 11:15 --------- d-----w C:\Program Files\Apple Software Update
31/07/2008 03:34 537,6 #NOM? C:\Windows\AppPatc­h\AcLayers.dll
31/07/2008 03:34 449,536 #NOM? C:\Windows\AppPa­tch\AcSpecfc.dll
31/07/2008 03:34 28,16 #NOM? C:\Windows\System3­2\Apphlpdm.dll
31/07/2008 03:34 2,144,256 #NOM? C:\Windows\App­Patch\AcGenral.dll
31/07/2008 03:34 173,056 #NOM? C:\Windows\AppPa­tch\AcXtrnal.dll
31/07/2008 03:34 1,686,528 #NOM? C:\Windows\Sys­tem32\gameux.dll
30/07/2008 23:47 4,247,552 #NOM? C:\Windows\Sys­tem32\GameUXLegacyGDFs.dll
30/07/2008 23:32 2,56 #NOM? C:\Windows\AppPatch­\AcRes.dll
29/07/2008 16:43 --------- d-----w C:\Program Files\Safari
19/07/2008 05:10 53,448 #NOM? C:\Windows\System­32\wuauclt.exe
19/07/2008 05:10 45,768 #NOM? C:\Windows\System­32\wups2.dll
19/07/2008 05:10 36,552 #NOM? C:\Windows\System­32\wups.dll
19/07/2008 05:09 563,912 #NOM? C:\Windows\Syste­m32\wuapi.dll
19/07/2008 05:09 1,811,656 #NOM? C:\Windows\Sys­tem32\wuaueng.dll
19/07/2008 03:44 83,456 #NOM? C:\Windows\System­32\wudriver.dll
19/07/2008 03:44 1,524,736 #NOM? C:\Windows\Sys­tem32\wucltux.dll
18/07/2008 20:08 163,904 #NOM? C:\Windows\Syste­m32\wuwebv.dll
18/07/2008 18:44 31,232 #NOM? C:\Windows\System­32\wuapp.exe
15/07/2008 23:48 2,048 #NOM? C:\Windows\System3­2\tzres.dll
10/07/2008 07:18 174 #NOM? C:\Program Files\desktop.ini
27/06/2008 03:54 826,368 #NOM? C:\Windows\Syste­m32\wininet.dll
27/06/2008 03:54 56,32 #NOM? C:\Windows\System3­2\iesetup.dll
27/06/2008 03:54 52,736 #NOM? C:\Windows\AppPat­ch\iebrshim.dll
27/06/2008 03:54 26,624 #NOM? C:\Windows\System­32\ieUnatt.exe
26/06/2008 00:34 7,964,672 #NOM? C:\Windows\Sys­tem32\NlsLexicons0024.dll
26/06/2008 00:33 9,892,864 #NOM? C:\Windows\Sys­tem32\NlsLexicons000a.dll
24/06/2008 14:06 972,072 #NOM? C:\Windows\UNNer­oMediaHome.exe
19/06/2008 03:25 61,44 #NOM? C:\Windows\System3­2\winipsec.dll
19/06/2008 03:25 361,984 #NOM? C:\Windows\Syste­m32\IPSECSVC.DLL
19/06/2008 03:25 28,672 #NOM? C:\Windows\System­32\FwRemoteSvr.dll
19/06/2008 03:25 272,896 #NOM? C:\Windows\Syste­m32\polstore.dll
17/06/2008 08:57 6,7 #NOM? C:\Windows\System32\­HKLM_GNU.reg
15/06/2008 19:13 7,68 #NOM? C:\Windows\System32­\ff_vfw.dll
15/06/2008 08:01 60,273 #NOM? C:\Windows\System­32\pthreadGC2.dll
15/06/2008 08:01 258,352 #NOM? C:\Windows\Syste­m32\unicows.dll
6/06/2008 12:54 972,072 #NOM? C:\Windows\UNRec­ode.exe
6/06/2008 12:54 95,6 #NOM? C:\Windows\System32­\NeroCo.dll
14/03/2008 11:49 82,456 #NOM? C:\Users\OSPRL\Ap­pData\Roaming\GDIPFONTCACHEV1.DAT
25/02/2008 19:24 8 #NOM? C:\Users\OSPRL\AppData­\Roaming\usb.dat.bin
12/12/2007 13:34 66 #NOM? C:\Users\OSPRL\fiat.b­at
2/11/2006 08:55 54,784 #NOM? C:\Windows\inf\US­BSTOR.SYS
.

((((((((((((((((((((((((((((( snapshot@2008-09-23_18.09.33.58 ))))))))))))))))))))))))))))))))))))­)))))
.
- 2008-09-23 13:09:51 2,048 #NOM? C:\Windows\Serv­iceProfiles\LocalService\AppData\Loc­al\lastalive0.dat
+ 2008-09-30 08:01:41 2,048 #NOM? C:\Windows\Serv­iceProfiles\LocalService\AppData\Loc­al\lastalive0.dat
- 2008-09-23 13:09:51 2,048 #NOM? C:\Windows\Serv­iceProfiles\LocalService\AppData\Loc­al\lastalive1.dat
+ 2008-09-30 08:01:41 2,048 #NOM? C:\Windows\Serv­iceProfiles\LocalService\AppData\Loc­al\lastalive1.dat
- 2008-09-23 13:12:15 262,144 #NOM? C:\Windows\Se­rviceProfiles\LocalService\NTUSER.DA­T
+ 2008-09-30 08:04:06 262,144 #NOM? C:\Windows\Se­rviceProfiles\LocalService\NTUSER.DA­T
+ 2008-09-30 08:04:06 262,144 #NOM? C:\Windows\Se­rviceProfiles\LocalService\ntuser.da­t.LOG1
- 2008-09-23 14:22:49 262,144 #NOM? C:\Windows\Se­rviceProfiles\NetworkService\NTUSER.­DAT
+ 2008-09-30 08:04:01 262,144 #NOM? C:\Windows\Se­rviceProfiles\NetworkService\NTUSER.­DAT
+ 2008-09-30 08:04:01 262,144 #NOM? C:\Windows\Se­rviceProfiles\NetworkService\ntuser.­dat.LOG1
+ 1999-09-10 10:06:00 5,6 #NOM? C:\Windows\system­\WINASPI.DLL
+ 1999-09-10 10:06:00 4,672 #NOM? C:\Windows\syst­em\WOWPOST.EXE
+ 2002-03-26 07:19:42 23,04 #NOM? C:\Windows\Syst­em32\auth.dll
+ 2008-02-03 19:26:50 364,544 #NOM? C:\Windows\Sy­stem32\cdg.dll
+ 2006-09-27 15:46:50 348,16 #NOM? C:\Windows\Sys­tem32\cdga.dll
- 2008-09-23 13:10:05 16,384 #NOM? C:\Windows\Sys­tem32\config\systemprofile\AppData\L­ocal\Microsoft\Windows\History\Histo­ry.IE5\index.dat
+ 2008-09-30 08:19:29 16,384 #NOM? C:\Windows\Sys­tem32\config\systemprofile\AppData\L­ocal\Microsoft\Windows\History\Histo­ry.IE5\index.dat
- 2008-09-23 13:10:05 32,768 #NOM? C:\Windows\Sys­tem32\config\systemprofile\AppData\L­ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-30 08:19:29 32,768 #NOM? C:\Windows\Sys­tem32\config\systemprofile\AppData\L­ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-23 13:10:05 16,384 #NOM? C:\Windows\Sys­tem32\config\systemprofile\AppData\R­oaming\Microsoft\Windows\Cookies\ind­ex.dat
+ 2008-09-30 08:19:29 16,384 #NOM? C:\Windows\Sys­tem32\config\systemprofile\AppData\R­oaming\Microsoft\Windows\Cookies\ind­ex.dat
- 2008-09-23 15:42:12 262,144 #NOM? C:\Windows\Sy­stem32\config\systemprofile\ntuser.d­at
+ 2008-09-30 10:23:43 262,144 #NOM? C:\Windows\Sy­stem32\config\systemprofile\ntuser.d­at
+ 2008-09-30 10:23:43 262,144 #NOM? C:\Windows\Sy­stem32\config\systemprofile\ntuser.d­at.LOG1
+ 1999-09-10 10:06:00 25,244 #NOM? C:\Windows\Sys­tem32\drivers\Aspi32.sys
+ 2006-03-17 22:43:52 110,08 #NOM? C:\Windows\Sys­tem32\nLame.dll
- 2008-09-23 11:35:18 121,566 #NOM? C:\Windows\Sy­stem32\perfc009.dat
+ 2008-09-27 17:17:55 121,566 #NOM? C:\Windows\Sy­stem32\perfc009.dat
- 2008-09-23 11:35:18 140,534 #NOM? C:\Windows\Sy­stem32\perfc00C.dat
+ 2008-09-27 17:17:55 140,534 #NOM? C:\Windows\Sy­stem32\perfc00C.dat
- 2008-09-23 11:35:18 656,85 #NOM? C:\Windows\Sys­tem32\perfh009.dat
+ 2008-09-27 17:17:55 656,85 #NOM? C:\Windows\Sys­tem32\perfh009.dat
- 2008-09-23 11:35:18 745,318 #NOM? C:\Windows\Sy­stem32\perfh00C.dat
+ 2008-09-27 17:17:56 745,318 #NOM? C:\Windows\Sy­stem32\perfh00C.dat
- 2008-09-23 13:12:28 8,83 #NOM? C:\Windows\Syste­m32\WDI\{86432a0b-3c7d-4ddf-a89c-172­faa90485d}\S-1-5-21-1916609487-65817­2136-3090119877-1000_UserData.bin
+ 2008-09-30 08:04:10 8,854 #NOM? C:\Windows\Syst­em32\WDI\{86432a0b-3c7d-4ddf-a89c-17­2faa90485d}\S-1-5-21-1916609487-6581­72136-3090119877-1000_UserData.bin
- 2008-09-23 13:12:28 71,324 #NOM? C:\Windows\Sys­tem32\WDI\BootPerformanceDiagnostics­_SystemData.bin
+ 2008-09-30 08:04:09 71,784 #NOM? C:\Windows\Sys­tem32\WDI\BootPerformanceDiagnostics­_SystemData.bin
- 2008-09-23 10:45:02 46,328 #NOM? C:\Windows\Sys­tem32\WDI\ShutdownPerformanceDiagnos­tics_SystemData.bin
+ 2008-09-30 07:45:04 46,908 #NOM? C:\Windows\Sys­tem32\WDI\ShutdownPerformanceDiagnos­tics_SystemData.bin
+ 1999-09-10 10:06:00 45,056 #NOM? C:\Windows\Sys­tem32\WNASPI32.DLL
- 2007-10-15 08:35:46 524,288 #NOM? C:\Windows\Sy­stem32\xvidcore.dll
+ 2005-12-30 18:10:30 761,856 #NOM? C:\Windows\Sy­stem32\xvidcore.dll
- 2007-10-15 08:35:46 139,264 #NOM? C:\Windows\Sy­stem32\xvidvfw.dll
+ 2005-12-30 18:18:26 180,224 #NOM? C:\Windows\Sy­stem32\xvidvfw.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))­)))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Voipwise="C:\Program Files\Voipwise.com\Voipwise\voipwise.exe" [2008-07-01 8944944]
VoipBuster="C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" [2008-01-22 8811824]
Sidebar="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
AnyDVD="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-06-17 2137024]
ehTray.exe="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 118784]
ISBMgr.exe="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744]
NvSvc="C:\Windows\system32\nvsvc.dll" [2007-06-28 86016]
NvCplDaemon="C:\Windows\system32\NvCpl.dll" [2007-06-28 8429568]
NvMediaCenter="C:\Windows\system32\NvMcTray.dll" [2007-06-28 81920]
eFax 4.3="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
AppleSyncNotifier="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
NBKeyScan="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
Picasa Media Detector="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

C:\Users\OSPRL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-06-22 739880]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
EnableLUA= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 08:33 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
vidc.X264= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
AntiVirusDisableNotify="0x00000000"
UpdatesDisableNotify="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
DisableMonitoring=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
DisableMonitoring=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
DisableMonitoring=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
{EB7EE62E-514C-4ED2-96CC-E76742C6C8BA}= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
{C6785C36-3B71-4EC6-8473-E9FD35A708F1}= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
{F91E9A76-826F-464F-B70C-A2A440EAA3E9}= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
{6D1A6EA4-DC8D-4E14-9B14-6C1A8755E8D1}= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
{AC304B5D-3631-46EC-8015-A41A697436A1}= UDP:C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe:Voipwise
{C3267B5F-F77C-4EBF-BF71-B432EB31BDCC}= TCP:C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe:Voipwise
{37390F1B-0470-4C70-8864-1DD51A320FC5}= UDP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
{6EC2E35D-A881-4E75-887A-3ABDAE8FBB74}= TCP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
TCP Query User{75EECD27-3553-42CD-B081-E9D40E9973F2}C:\\program files\\voipwise.com\\voipwise\\voipwise.exe= UDP:C:\program files\voipwise.com\voipwise\voipwise.exe:Client to make VoIP calls.
UDP Query User{2916290D-DD38-4896-A407-70C500B1882D}C:\\program files\\voipwise.com\\voipwise\\voipwise.exe= TCP:C:\program files\voipwise.com\voipwise\voipwise.exe:Client to make VoIP calls.
TCP Query User{6A9FE814-D9E7-4EA2-9514-26AF1B7516EE}C:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe= UDP:C:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.
UDP Query User{4800EF6B-1E28-4B69-95C5-76BE41D43460}C:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe= TCP:C:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.
{59D5C0B0-0C61-49A3-8FCB-5C36F0DA3636}= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
{7B55C39F-6D57-4E45-9274-CC87524307CC}= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
{EA70A2A6-A960-471B-BACA-414DD288FC80}= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
TCP Query User{DB06E0BF-32A5-4D4F-A01F-CBB38F229FB3}C:\\program files\\videolan\\vlc\\vlc.exe= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
UDP Query User{5E4DAE1D-4251-4539-9D48-C442EFA7CC43}C:\\program files\\videolan\\vlc\\vlc.exe= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
TCP Query User{C8FD741B-08FE-42EA-9738-EE4B73D19177}C:\\program files\\videolan\\vlc\\vlc.exe= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
UDP Query User{F08BBB75-1821-4D33-9638-C61E1F874716}C:\\program files\\videolan\\vlc\\vlc.exe= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
TCP Query User{A679E3E4-5286-4264-9CCC-ADD1DF8E8F93}C:\\program files\\adsltv\\adsltv.exe= UDP:C:\program files\adsltv\adsltv.exe:adsltv
UDP Query User{DAA848BD-E0A8-4E54-9A92-E45A38686B63}C:\\program files\\adsltv\\adsltv.exe= TCP:C:\program files\adsltv\adsltv.exe:adsltv
TCP Query User{736A22F0-315C-4618-8D3F-6607A477712F}C:\\program files\\dmv\\maxtv\\maxtv.exe= UDP:C:\program files\dmv\maxtv\maxtv.exe:MaxTV
UDP Query User{C57E2999-F982-4E13-9B04-60740F5D86F5}C:\\program files\\dmv\\maxtv\\maxtv.exe= TCP:C:\program files\dmv\maxtv\maxtv.exe:MaxTV
TCP Query User{7CDA2CB5-10F8-4A6D-AD3C-A30B68DD3061}C:\\users\\osprl\\appdata\\local\\temp\\rar$ex48.865\\friptv-0.15-win32\\friptv.exe= UDP:C:\users\osprl\appdata\local\temp\rar$ex48.865\friptv-0.15-win32\friptv.exe:friptv.exe
UDP Query User{97164465-C68E-4973-9F05-1A19809FDEF8}C:\\users\\osprl\\appdata\\local\\temp\\rar$ex48.865\\friptv-0.15-win32\\friptv.exe= TCP:C:\users\osprl\appdata\local\temp\rar$ex48.865\friptv-0.15-win32\friptv.exe:friptv.exe
TCP Query User{7A92D3CE-9128-4F88-A307-AF25EB5E8335}C:\\program files\\friptv\\frip\\friptv-0.15-win32\\friptv.exe= UDP:C:\program files\friptv\frip\friptv-0.15-win32\friptv.exe:friptv
UDP Query User{0E9FE07B-AC7A-4B1A-9494-AF30E578C750}C:\\program files\\friptv\\frip\\friptv-0.15-win32\\friptv.exe= TCP:C:\program files\friptv\frip\friptv-0.15-win32\friptv.exe:friptv
TCP Query User{5E1488B9-6948-40DD-AADD-6EF6DA1A3C6C}F:\\setup.exe= UDP:F:\setup.exe:Setup
UDP Query User{8C924E13-15A3-4CDB-9800-7017170E6A96}F:\\setup.exe= TCP:F:\setup.exe:Setup
TCP Query User{70A40D01-CC85-41BF-8C66-50A74E55B87E}C:\\program files\\neowise\\carbonftp\\carbonftp.exe= UDP:C:\program files\neowise\carbonftp\carbonftp.exe:Synchronization between local and FTP folder
UDP Query User{EC965B43-247B-45CD-891F-E0880DCAB20C}C:\\program files\\neowise\\carbonftp\\carbonftp.exe= TCP:C:\program files\neowise\carbonftp\carbonftp.exe:Synchronization between local and FTP folder
TCP Query User{F9D3ABE0-31BF-492C-B06E-E25847026323}C:\\program files\\globalscape\\cuteftp 8 home\\ftpte.exe= UDP:C:\program files\globalscape\cuteftp 8 home\ftpte.exe:FTP Transfer Engine
UDP Query User{336F2B2D-DF47-4A38-8871-7679AF1FF425}C:\\program files\\globalscape\\cuteftp 8 home\\ftpte.exe= TCP:C:\program files\globalscape\cuteftp 8 home\ftpte.exe:FTP Transfer Engine
{51BF9E32-05AC-4AB9-B0EC-EA65EAF36EF6}= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
{D0260E61-74CB-44F4-A58C-C027D0A3F2F6}= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
{F35AB971-8B25-4679-8B67-6921D7F874BD}= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
{51F75D76-A950-4076-B186-1728349D8999}= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
{2C4E9E04-B981-4C12-BD18-EFC4004A2662}= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
{1E83D953-349B-4061-ADEF-7FFFBAABEE92}= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
{D7E8E2BD-1862-432B-9084-265B15275FD3}= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
{B9DBC096-E542-4FAF-976F-373BEB84CE4B}= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
DFSR-1= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-06-28 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-06-28 43904]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-19 240128]
S2 Windows Tribute Service;Windows Tribute Service;C:\Windows\system32\kdiid.exe [2007-11-19 53760]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-07-03 80936]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-03 98608]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-03 28464]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-03 17712]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-24 29744]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-05 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-05 79736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee7e4f70-db22-11dc-bf54-001a8016ef67}]
\shell\AutoRun\command - G:\EXPLORER.EXE
\shell\explore\Command - G:\EXPLORER.EXE
\shell\open\Command - G:\EXPLORER.EXE
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Envoyer l'ℑ au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O17 -: HKLM\CCS\Interface\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer = 85.255.113.147,85.255.112.138
O17 -: HKLM\CCS\Interface\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: NameServer = 85.255.113.147,85.255.112.138
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 12:38:15
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwQueryDirectoryFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\Windows\system32\kdiid.exe 53760 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
Heure de fin: 2008-09-30 13:51:53
ComboFix-quarantined-files.txt 2008-09-30 11:51:34
ComboFix2.txt 2008-09-23 16:13:21

Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 59,159,408,640 octets libres

302 --- E O F --- 19/09/2008 06:10

Bonne continuation ;-)
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 sept. 2008 à 15:12
ok colle un rapport bitdefender et essaye ceci pour voir

* Aller dans Démarrer > Panneau de configuration > Connexions > clique droit sur la connexion > Propriétés > onglet Gestion de réseau
* Mettre en surbrillance Protocole Internet (tcp/ip) puis cliquer sur le bouton Propriétés.
* Dans les options (serveur DNS préféré et serveur DNS auxiliaire) on trouvera une de ces adresses présentes dans le rapport hijackthis en ligne 017 ( exemple : 85.255.116.37 85.255.112.85 )
* Pour les éliminer, cocher : Obtenir les adresses des serveurs DNS automatiquement puis cliquer 2 fois sur Ok et redémarrer le PC. Merci à Incognito02 pour cette astuce
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 sept. 2008 à 15:56
après bitdefender free:




on va essayer quelque chose (merci sKe69) : tout faire!!! dans l'ordre



0/ fixe les lignes 17 avec hijackthis

1/

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





File::
C:\Windows\system32\kdiid.exe




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


_____________

2/
vire le service Windows Tribute Service:

https://www.pcastuces.com/pratique/windows/services/page2.htm

puis

https://www.pcastuces.com/pratique/windows/services/page3.htm

______________

3/

smit fraud fix (colle le rapport)

redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 5 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée


___________________

4/ fixe ces lignes avec hijakchtis si presentes

O17 - HKLM\System\CCS\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer = 85.255.113.147,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: NameServer = 85.255.113.147,85.255.112.138

O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdiid.exe

_____________________


5/
* Aller dans Démarrer > Panneau de configuration > Connexions > clique droit sur la connexion > Propriétés > onglet Gestion de réseau
* Mettre en surbrillance Protocole Internet (tcp/ip) puis cliquer sur le bouton Propriétés.
* Dans les options (serveur DNS préféré et serveur DNS auxiliaire) on trouvera une de ces adresses présentes dans le rapport hijackthis en ligne 017 ( exemple : 85.255.116.37 85.255.112.85 )
* Pour les éliminer, cocher : Obtenir les adresses des serveurs DNS automatiquement puis cliquer 2 fois sur Ok et redémarrer le PC. Merci à Incognito02 pour cette astuce

______________________

remets rapport hijakchits pour verifier et dis tes problèmes actuels
0
//-----------------------------------------------------------------
//
// Produit BitDefender Free Edition v10
// Produit 10.2
//
// Créé le: 30/09/2008 14:09:46
//
//-----------------------------------------------------------------


Statistiques

Chemin cible: C:\
Dossiers : 21833
Fichiers : 552426
Processus Mémoire analysés : 82
Archives : 145330
Fichiers enpaquetés : 55881
Virus trouvés : 1
Fichiers infectés : 1
Processus Mémoire infectés : 0
Fichiers suspects : 0
Alertes : 0
Fichiers désinfectés : 0
Fichiers effacés : 0
Fichiers déplacés : 1
Erreurs I/O : 107
Temps d'analyse :=03:13:23
Fichiers/seconde :47

Statistiques Spywares

Registres analysés : 444
Registres infectés : 0
Cookies analysés : 507
Cookies infectés : 0
Fichiers spyware infectés : 0
Menaces Spyware détectées : 0


Définitions virus : 973973
Plugins d'analyse : 16
Plugins archives : 41
Plug-ins décompression : 7
Plug-ins messagerie : 6
Plug-ins système : 5

Options d'analyse

Détection
[X] Analyser le secteur de boot
[X] Processus mémoire
[ ] Analyser les archives
[X] Analyser les fichiers enpaquetés
[X] Analyser la messagerie

Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;

Action

Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action

Seconde action
[ ] Ignorer
[ ] Effacer
[X] Mettre en quarantaine
[ ] Demander l'action

Options d'analyse
[X] Activer les alertes
[ ] Activer l'heuristique
[ ] Afficher tous les fichiers dans le journal
[X] Fichier journal: C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\full_scan\1222776586.log

Options d'analyse Spyware

[X] Analyse contre les risques non-viraux
[ ] Ecarter de l'analyse les dialers et les applications
[X] Clés de registres
[X] Cookies


Résumé:

C:\Program Files\WinAircrackPack\aircrack.exe Infecté: Trojan.NTPacker
C:\Program Files\WinAircrackPack\aircrack.exe Désinfection impossible
C:\Program Files\WinAircrackPack\aircrack.exe Déplacé
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 sept. 2008 à 17:35
ok vire le de la quarantaine puis passe a la suite
0
j'ai sorti le fichier de la quarantaine...

par contre impossible de stoper le windows Tribute sevice, toujours le meme message d'erreur :

Windows n'a pas pu ouvrir le service Windows Tribute Service pour lecture sur Ordinateur Local
Erreur 1060 : Le service spécifié n'existe pas en tant que service installé
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 sept. 2008 à 19:08
as tu fais combofix??? colles nous le rapport


il faut tout faire et dans l'ordre et coller les rapports demandés
0
Sacabouffe Messages postés 9427 Date d'inscription dimanche 19 août 2007 Statut Membre Dernière intervention 29 mai 2009 1 835
30 sept. 2008 à 19:26
Salut

Voilà le message d'olivier82

voici le rapport de combofix pour le point 1

ComboFix 08-09-28.05 - OSPRL 2008-09-30 17:48:19.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.982 [GMT 2:00]
Lancé depuis: C:\Users\OSPRL\Desktop\ComboFix.exe
Commutateurs utilisés :: C:\Users\OSPRL\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\Windows\system32\kdiid.exe
.

((((((((((((((((((((((((((((((((((((­ Autres suppressions ))))))))))))))))))))))))))))))))))))­))))))))))))
.

C:\Users\OSPRL\AppData\Roaming\Micro­soft\Windows\Cookies\osprl@tradedoub­ler[2].txt

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))­
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))­))))))))))))
.
30/09/2008 15:56 81,984 #NOM? C:\Windows\System­32\bdod.bin
30/09/2008 13:37 --------- d-----w C:\ProgramDa­ta\Roxio
30/09/2008 13:14 --------- d-----w C:\Program Files\WinAircrackPack
30/09/2008 12:02 --------- d-----w C:\Users\OSP­RL\AppData\Roaming\Bitdefender
30/09/2008 12:01 --------- d-----w C:\ProgramDa­ta\BitDefender
30/09/2008 12:00 --------- d-----w C:\Program Files\Softwin
30/09/2008 12:00 --------- d-----w C:\Program Files\Common Files\Softwin
30/09/2008 08:03 181,509 #NOM? C:\Users\OSPRL\A­ppData\Roaming\nvModes.dat
29/09/2008 07:27 691 #NOM? C:\Users\OSPRL\AppDa­ta\Roaming\GetValue.vbs
29/09/2008 07:27 35 #NOM? C:\Users\OSPRL\AppDat­a\Roaming\SetValue.bat
29/09/2008 07:27 2,86 #NOM? C:\Windows\System32­\tmp.reg
24/09/2008 18:36 --------- d-----w C:\Users\OSP­RL\AppData\Roaming\Download Manager
24/09/2008 18:36 --------- d-----w C:\Program Files\Cucusoft
24/09/2008 18:11 540,178 #NOM? C:\Windows\Syste­m32\x264vfw.dll
24/09/2008 18:11 --------- d-----w C:\Program Files\x264
24/09/2008 18:11 --------- d-----w C:\Program Files\WinASPI
24/09/2008 18:11 --------- d-----w C:\Program Files\neodivx2006
24/09/2008 18:11 --------- d-----w C:\Program Files\Morgan
24/09/2008 18:10 --------- d-----w C:\Program Files\XviD
24/09/2008 18:06 --------- d-----w C:\Program Files\YASAVideoEncoder
23/09/2008 19:18 --------- d-----w C:\Users\OSP­RL\AppData\Roaming\Malwarebytes
23/09/2008 19:18 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
23/09/2008 19:17 --------- d-----w C:\ProgramDa­ta\Malwarebytes
22/09/2008 09:26 --------- d-----w C:\Program Files\Trend Micro
21/09/2008 21:02 --------- d-----w C:\ProgramDa­ta\Lavasoft
21/09/2008 20:25 --------- d-----w C:\Program Files\Lavasoft
20/09/2008 07:37 --------- d-----w C:\Program Files\totalcmd
20/09/2008 07:35 --------- d-----w C:\Users\OSP­RL\AppData\Roaming\GHISLER
19/09/2008 16:57 --------- d-----w C:\Users\OSP­RL\AppData\Roaming\Nero
19/09/2008 16:51 --------- d-----w C:\Program Files\Common Files\Nero
19/09/2008 16:42 --------- d-----w C:\ProgramDa­ta\Nero
19/09/2008 16:42 --------- d-----w C:\Program Files\Nero
19/09/2008 16:05 --------- d-----w C:\Users\OSP­RL\AppData\Roaming\AVS4YOU
19/09/2008 16:04 --------- d-----w C:\Program Files\AVS4YOU
19/09/2008 15:17 --------- d-----w C:\ProgramDa­ta\AVS4YOU
19/09/2008 15:14 --------- d-----w C:\Program Files\Common Files\AVSMedia
11/09/2008 01:04 --------- d-----w C:\ProgramDa­ta\Microsoft Help
10/09/2008 16:14 --------- d-----w C:\ProgramDa­ta\{3276BE95_AF08_429F_A64F_CA64CB79­BCF6}
10/09/2008 16:14 --------- d-----w C:\Program Files\iTunes
10/09/2008 16:13 --------- d-----w C:\Program Files\iPod
10/09/2008 16:11 --------- d-----w C:\Program Files\Bonjour
10/09/2008 16:10 --------- d-----w C:\Program Files\QuickTime
10/09/2008 16:09 --------- d-----w C:\Program Files\Common Files\Apple
9/09/2008 22:04 38,528 #NOM? C:\Windows\system­32\drivers\mbamswissarmy.sys
9/09/2008 22:03 17,2 #NOM? C:\Windows\system32­\drivers\mbam.sys
5/09/2008 20:16 36,864 #NOM? C:\Windows\system­32\drivers\usbaapl.sys
5/09/2008 20:16 1,900,544 #NOM? C:\Windows\Sys­tem32\usbaaplrc.dll
3/09/2008 14:19 92,25 #NOM? C:\Windows\System3­2\HKCU_GNU.reg
29/08/2008 08:18 87,336 #NOM? C:\Windows\System­32\dns-sd.exe
29/08/2008 07:53 61,44 #NOM? C:\Windows\System3­2\dnssd.dll
19/08/2008 01:02 --------- d-----w C:\Program Files\Microsoft Silverlight
15/08/2008 07:10 --------- d-----w C:\Users\OSP­RL\AppData\Roaming\Apple Computer
15/08/2008 01:16 --------- d-----w C:\Program Files\Windows Mail
9/08/2008 12:52 --------- d-----w C:\Program Files\Java
5/08/2008 11:15 --------- d-----w C:\Program Files\Apple Software Update
31/07/2008 03:34 537,6 #NOM? C:\Windows\AppPatc­h\AcLayers.dll
31/07/2008 03:34 449,536 #NOM? C:\Windows\AppPa­tch\AcSpecfc.dll
31/07/2008 03:34 28,16 #NOM? C:\Windows\System3­2\Apphlpdm.dll
31/07/2008 03:34 2,144,256 #NOM? C:\Windows\App­Patch\AcGenral.dll
31/07/2008 03:34 173,056 #NOM? C:\Windows\AppPa­tch\AcXtrnal.dll
31/07/2008 03:34 1,686,528 #NOM? C:\Windows\Sys­tem32\gameux.dll
30/07/2008 23:47 4,247,552 #NOM? C:\Windows\Sys­tem32\GameUXLegacyGDFs.dll
30/07/2008 23:32 2,56 #NOM? C:\Windows\AppPatch­\AcRes.dll
29/07/2008 16:43 --------- d-----w C:\Program Files\Safari
19/07/2008 05:10 53,448 #NOM? C:\Windows\System­32\wuauclt.exe
19/07/2008 05:10 45,768 #NOM? C:\Windows\System­32\wups2.dll
19/07/2008 05:10 36,552 #NOM? C:\Windows\System­32\wups.dll
19/07/2008 05:09 563,912 #NOM? C:\Windows\Syste­m32\wuapi.dll
19/07/2008 05:09 1,811,656 #NOM? C:\Windows\Sys­tem32\wuaueng.dll
19/07/2008 03:44 83,456 #NOM? C:\Windows\System­32\wudriver.dll
19/07/2008 03:44 1,524,736 #NOM? C:\Windows\Sys­tem32\wucltux.dll
18/07/2008 20:08 163,904 #NOM? C:\Windows\Syste­m32\wuwebv.dll
18/07/2008 18:44 31,232 #NOM? C:\Windows\System­32\wuapp.exe
15/07/2008 23:48 2,048 #NOM? C:\Windows\System3­2\tzres.dll
10/07/2008 07:18 174 #NOM? C:\Program Files\desktop.ini
27/06/2008 03:54 826,368 #NOM? C:\Windows\Syste­m32\wininet.dll
27/06/2008 03:54 56,32 #NOM? C:\Windows\System3­2\iesetup.dll
27/06/2008 03:54 52,736 #NOM? C:\Windows\AppPat­ch\iebrshim.dll
27/06/2008 03:54 26,624 #NOM? C:\Windows\System­32\ieUnatt.exe
26/06/2008 00:34 7,964,672 #NOM? C:\Windows\Sys­tem32\NlsLexicons0024.dll
26/06/2008 00:33 9,892,864 #NOM? C:\Windows\Sys­tem32\NlsLexicons000a.dll
24/06/2008 14:06 972,072 #NOM? C:\Windows\UNNer­oMediaHome.exe
19/06/2008 03:25 61,44 #NOM? C:\Windows\System3­2\winipsec.dll
19/06/2008 03:25 361,984 #NOM? C:\Windows\Syste­m32\IPSECSVC.DLL
19/06/2008 03:25 28,672 #NOM? C:\Windows\System­32\FwRemoteSvr.dll
19/06/2008 03:25 272,896 #NOM? C:\Windows\Syste­m32\polstore.dll
17/06/2008 08:57 6,7 #NOM? C:\Windows\System32\­HKLM_GNU.reg
15/06/2008 19:13 7,68 #NOM? C:\Windows\System32­\ff_vfw.dll
15/06/2008 08:01 60,273 #NOM? C:\Windows\System­32\pthreadGC2.dll
15/06/2008 08:01 258,352 #NOM? C:\Windows\Syste­m32\unicows.dll
6/06/2008 12:54 972,072 #NOM? C:\Windows\UNRec­ode.exe
6/06/2008 12:54 95,6 #NOM? C:\Windows\System32­\NeroCo.dll
14/03/2008 11:49 82,456 #NOM? C:\Users\OSPRL\Ap­pData\Roaming\GDIPFONTCACHEV1.DAT
25/02/2008 19:24 8 #NOM? C:\Users\OSPRL\AppData­\Roaming\usb.dat.bin
12/12/2007 13:34 66 #NOM? C:\Users\OSPRL\fiat.b­at
2/11/2006 08:55 54,784 #NOM? C:\Windows\inf\US­BSTOR.SYS
.

((((((((((((((((((((((((((((( snapshot_2008-09-30_13.47.48.75 ))))))))))))))))))))))))))))))))))))­)))))
.
+ 2008-09-30 12:01:39 61,44 #NOM? C:\Windows\Inst­aller\{CEFC581D-BEAE-4F75-989E-BD931­970D8AD}\helpicon.exe
+ 2008-09-30 12:01:39 32,768 #NOM? C:\Windows\Ins­taller\{CEFC581D-BEAE-4F75-989E-BD93­1970D8AD}\maintenance_icon.exe
+ 2008-09-30 12:01:39 22,486 #NOM? C:\Windows\Ins­taller\{CEFC581D-BEAE-4F75-989E-BD93­1970D8AD}\register_icon.exe
+ 2008-09-30 12:01:39 57,344 #NOM? C:\Windows\Ins­taller\{CEFC581D-BEAE-4F75-989E-BD93­1970D8AD}\texticon.exe
- 2008-09-30 08:01:41 2,048 #NOM? C:\Windows\Serv­iceProfiles\LocalService\AppData\Loc­al\lastalive0.dat
+ 2008-09-30 12:04:11 2,048 #NOM? C:\Windows\Serv­iceProfiles\LocalService\AppData\Loc­al\lastalive0.dat
- 2008-09-30 08:01:41 2,048 #NOM? C:\Windows\Serv­iceProfiles\LocalService\AppData\Loc­al\lastalive1.dat
+ 2008-09-30 12:04:11 2,048 #NOM? C:\Windows\Serv­iceProfiles\LocalService\AppData\Loc­al\lastalive1.dat
- 2008-09-30 08:04:06 262,144 #NOM? C:\Windows\Se­rviceProfiles\LocalService\NTUSER.DA­T
+ 2008-09-30 12:07:37 262,144 #NOM? C:\Windows\Se­rviceProfiles\LocalService\NTUSER.DA­T
- 2008-09-30 08:04:01 262,144 #NOM? C:\Windows\Se­rviceProfiles\NetworkService\NTUSER.­DAT
+ 2008-09-30 12:07:29 262,144 #NOM? C:\Windows\Se­rviceProfiles\NetworkService\NTUSER.­DAT
- 2008-09-30 08:19:29 16,384 #NOM? C:\Windows\Sys­tem32\config\systemprofile\AppData\L­ocal\Microsoft\Windows\History\Histo­ry.IE5\index.dat
+ 2008-09-30 15:31:47 16,384 #NOM? C:\Windows\Sys­tem32\config\systemprofile\AppData\L­ocal\Microsoft\Windows\History\Histo­ry.IE5\index.dat
- 2008-09-30 08:19:29 32,768 #NOM? C:\Windows\Sys­tem32\config\systemprofile\AppData\L­ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-30 15:31:47 32,768 #NOM? C:\Windows\Sys­tem32\config\systemprofile\AppData\L­ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-30 08:19:29 16,384 #NOM? C:\Windows\Sys­tem32\config\systemprofile\AppData\R­oaming\Microsoft\Windows\Cookies\ind­ex.dat
+ 2008-09-30 15:31:47 16,384 #NOM? C:\Windows\Sys­tem32\config\systemprofile\AppData\R­oaming\Microsoft\Windows\Cookies\ind­ex.dat
- 2008-09-30 10:23:43 262,144 #NOM? C:\Windows\Sy­stem32\config\systemprofile\ntuser.d­at
+ 2008-09-30 15:46:54 262,144 #NOM? C:\Windows\Sy­stem32\config\systemprofile\ntuser.d­at
+ 2008-09-30 15:46:54 262,144 #NOM? C:\Windows\Sy­stem32\config\systemprofile\ntuser.d­at.LOG1
- 2007-02-27 17:36:14 974,848 #NOM? C:\Windows\Sy­stem32\mfc70.dll
+ 2002-01-05 01:48:16 974,848 #NOM? C:\Windows\Sy­stem32\mfc70.dll
- 2007-02-07 00:20:00 964,608 #NOM? C:\Windows\Sy­stem32\mfc70u.dll
+ 2002-01-05 01:36:38 964,608 #NOM? C:\Windows\Sy­stem32\mfc70u.dll
- 2007-07-16 13:04:24 1,060,864 #NOM? C:\Windows\­System32\mfc71.dll
+ 2003-03-18 19:20:00 1,060,864 #NOM? C:\Windows\­System32\mfc71.dll
- 2007-07-16 13:04:30 1,047,552 #NOM? C:\Windows\­System32\mfc71u.dll
+ 2003-03-18 19:12:12 1,047,552 #NOM? C:\Windows\­System32\mfc71u.dll
+ 2002-01-05 01:38:38 54,784 #NOM? C:\Windows\Sys­tem32\msvci70.dll
- 2007-02-07 00:20:01 487,424 #NOM? C:\Windows\Sy­stem32\msvcp70.dll
+ 2002-01-05 01:40:20 487,424 #NOM? C:\Windows\Sy­stem32\msvcp70.dll
- 2007-07-16 13:04:30 499,712 #NOM? C:\Windows\Sy­stem32\msvcp71.dll
+ 2003-03-18 18:14:52 499,712 #NOM? C:\Windows\Sy­stem32\msvcp71.dll
- 2007-02-07 00:20:01 344,064 #NOM? C:\Windows\Sy­stem32\msvcr70.dll
+ 2002-01-05 00:37:28 344,064 #NOM? C:\Windows\Sy­stem32\msvcr70.dll
- 2007-07-16 13:04:36 348,16 #NOM? C:\Windows\Sys­tem32\msvcr71.dll
+ 2003-02-21 02:42:22 348,16 #NOM? C:\Windows\Sys­tem32\msvcr71.dll
- 2008-09-27 17:17:55 121,566 #NOM? C:\Windows\Sy­stem32\perfc009.dat
+ 2008-09-30 13:20:59 121,566 #NOM? C:\Windows\Sy­stem32\perfc009.dat
- 2008-09-27 17:17:55 140,534 #NOM? C:\Windows\Sy­stem32\perfc00C.dat
+ 2008-09-30 13:20:59 140,534 #NOM? C:\Windows\Sy­stem32\perfc00C.dat
- 2008-09-27 17:17:55 656,85 #NOM? C:\Windows\Sys­tem32\perfh009.dat
+ 2008-09-30 13:20:59 656,85 #NOM? C:\Windows\Sys­tem32\perfh009.dat
- 2008-09-27 17:17:56 745,318 #NOM? C:\Windows\Sy­stem32\perfh00C.dat
+ 2008-09-30 13:20:59 745,318 #NOM? C:\Windows\Sy­stem32\perfh00C.dat
+ 2006-12-22 15:54:02 61,44 #NOM? C:\Windows\Syst­em32\sockspy.dll
- 2008-09-30 08:04:10 8,854 #NOM? C:\Windows\Syst­em32\WDI\{86432a0b-3c7d-4ddf-a89c-17­2faa90485d}\S-1-5-21-1916609487-6581­72136-3090119877-1000_UserData.bin
+ 2008-09-30 12:07:44 8,854 #NOM? C:\Windows\Syst­em32\WDI\{86432a0b-3c7d-4ddf-a89c-17­2faa90485d}\S-1-5-21-1916609487-6581­72136-3090119877-1000_UserData.bin
- 2008-09-30 08:04:09 71,784 #NOM? C:\Windows\Sys­tem32\WDI\BootPerformanceDiagnostics­_SystemData.bin
+ 2008-09-30 12:07:43 71,808 #NOM? C:\Windows\Sys­tem32\WDI\BootPerformanceDiagnostics­_SystemData.bin
- 2008-09-30 07:45:04 46,908 #NOM? C:\Windows\Sys­tem32\WDI\ShutdownPerformanceDiagnos­tics_SystemData.bin
+ 2008-09-30 12:07:22 48,464 #NOM? C:\Windows\Sys­tem32\WDI\ShutdownPerformanceDiagnos­tics_SystemData.bin
+ 2006-08-22 14:08:52 77,824 #NOM? C:\Windows\Sys­tem32\xcomm.dll
+ 2007-01-31 12:50:32 913,408 #NOM? C:\Windows\Sy­stem32\xreglib.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))­)))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Voipwise="C:\Program Files\Voipwise.com\Voipwise\voipwise.exe" [2008-07-01 8944944]
VoipBuster="C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" [2008-01-22 8811824]
Sidebar="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
AnyDVD="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-06-17 2137024]
ehTray.exe="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 118784]
ISBMgr.exe="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744]
NvSvc="C:\Windows\system32\nvsvc.dll" [2007-06-28 86016]
NvCplDaemon="C:\Windows\system32\NvCpl.dll" [2007-06-28 8429568]
NvMediaCenter="C:\Windows\system32\NvMcTray.dll" [2007-06-28 81920]
eFax 4.3="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
AppleSyncNotifier="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
NBKeyScan="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
BDMCon="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 290816]
BDAgent="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
Picasa Media Detector="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

C:\Users\OSPRL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-06-22 739880]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
EnableLUA= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 08:33 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
vidc.X264= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
AntiVirusDisableNotify="0x00000000"
UpdatesDisableNotify="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
DisableMonitoring=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
DisableMonitoring=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
DisableMonitoring=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
{EB7EE62E-514C-4ED2-96CC-E76742C6C8BA}= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
{C6785C36-3B71-4EC6-8473-E9FD35A708F1}= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
{F91E9A76-826F-464F-B70C-A2A440EAA3E9}= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
{6D1A6EA4-DC8D-4E14-9B14-6C1A8755E8D1}= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
{AC304B5D-3631-46EC-8015-A41A697436A1}= UDP:C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe:Voipwise
{C3267B5F-F77C-4EBF-BF71-B432EB31BDCC}= TCP:C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe:Voipwise
{37390F1B-0470-4C70-8864-1DD51A320FC5}= UDP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
{6EC2E35D-A881-4E75-887A-3ABDAE8FBB74}= TCP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
TCP Query User{75EECD27-3553-42CD-B081-E9D40E9973F2}C:\\program files\\voipwise.com\\voipwise\\voipwise.exe= UDP:C:\program files\voipwise.com\voipwise\voipwise.exe:Client to make VoIP calls.
UDP Query User{2916290D-DD38-4896-A407-70C500B1882D}C:\\program files\\voipwise.com\\voipwise\\voipwise.exe= TCP:C:\program files\voipwise.com\voipwise\voipwise.exe:Client to make VoIP calls.
TCP Query User{6A9FE814-D9E7-4EA2-9514-26AF1B7516EE}C:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe= UDP:C:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.
UDP Query User{4800EF6B-1E28-4B69-95C5-76BE41D43460}C:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe= TCP:C:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.
{59D5C0B0-0C61-49A3-8FCB-5C36F0DA3636}= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
{7B55C39F-6D57-4E45-9274-CC87524307CC}= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
{EA70A2A6-A960-471B-BACA-414DD288FC80}= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
TCP Query User{DB06E0BF-32A5-4D4F-A01F-CBB38F229FB3}C:\\program files\\videolan\\vlc\\vlc.exe= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
UDP Query User{5E4DAE1D-4251-4539-9D48-C442EFA7CC43}C:\\program files\\videolan\\vlc\\vlc.exe= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
TCP Query User{C8FD741B-08FE-42EA-9738-EE4B73D19177}C:\\program files\\videolan\\vlc\\vlc.exe= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
UDP Query User{F08BBB75-1821-4D33-9638-C61E1F874716}C:\\program files\\videolan\\vlc\\vlc.exe= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
TCP Query User{A679E3E4-5286-4264-9CCC-ADD1DF8E8F93}C:\\program files\\adsltv\\adsltv.exe= UDP:C:\program files\adsltv\adsltv.exe:adsltv
UDP Query User{DAA848BD-E0A8-4E54-9A92-E45A38686B63}C:\\program files\\adsltv\\adsltv.exe= TCP:C:\program files\adsltv\adsltv.exe:adsltv
TCP Query User{736A22F0-315C-4618-8D3F-6607A477712F}C:\\program files\\dmv\\maxtv\\maxtv.exe= UDP:C:\program files\dmv\maxtv\maxtv.exe:MaxTV
UDP Query User{C57E2999-F982-4E13-9B04-60740F5D86F5}C:\\program files\\dmv\\maxtv\\maxtv.exe= TCP:C:\program files\dmv\maxtv\maxtv.exe:MaxTV
TCP Query User{7CDA2CB5-10F8-4A6D-AD3C-A30B68DD3061}C:\\users\\osprl\\appdata\\local\\temp\\rar$ex48.865\\friptv-0.15-win32\\friptv.exe= UDP:C:\users\osprl\appdata\local\temp\rar$ex48.865\friptv-0.15-win32\friptv.exe:friptv.exe
UDP Query User{97164465-C68E-4973-9F05-1A19809FDEF8}C:\\users\\osprl\\appdata\\local\\temp\\rar$ex48.865\\friptv-0.15-win32\\friptv.exe= TCP:C:\users\osprl\appdata\local\temp\rar$ex48.865\friptv-0.15-win32\friptv.exe:friptv.exe
TCP Query User{7A92D3CE-9128-4F88-A307-AF25EB5E8335}C:\\program files\\friptv\\frip\\friptv-0.15-win32\\friptv.exe= UDP:C:\program files\friptv\frip\friptv-0.15-win32\friptv.exe:friptv
UDP Query User{0E9FE07B-AC7A-4B1A-9494-AF30E578C750}C:\\program files\\friptv\\frip\\friptv-0.15-win32\\friptv.exe= TCP:C:\program files\friptv\frip\friptv-0.15-win32\friptv.exe:friptv
TCP Query User{5E1488B9-6948-40DD-AADD-6EF6DA1A3C6C}F:\\setup.exe= UDP:F:\setup.exe:Setup
UDP Query User{8C924E13-15A3-4CDB-9800-7017170E6A96}F:\\setup.exe= TCP:F:\setup.exe:Setup
TCP Query User{70A40D01-CC85-41BF-8C66-50A74E55B87E}C:\\program files\\neowise\\carbonftp\\carbonftp.exe= UDP:C:\program files\neowise\carbonftp\carbonftp.exe:Synchronization between local and FTP folder
UDP Query User{EC965B43-247B-45CD-891F-E0880DCAB20C}C:\\program files\\neowise\\carbonftp\\carbonftp.exe= TCP:C:\program files\neowise\carbonftp\carbonftp.exe:Synchronization between local and FTP folder
TCP Query User{F9D3ABE0-31BF-492C-B06E-E25847026323}C:\\program files\\globalscape\\cuteftp 8 home\\ftpte.exe= UDP:C:\program files\globalscape\cuteftp 8 home\ftpte.exe:FTP Transfer Engine
UDP Query User{336F2B2D-DF47-4A38-8871-7679AF1FF425}C:\\program files\\globalscape\\cuteftp 8 home\\ftpte.exe= TCP:C:\program files\globalscape\cuteftp 8 home\ftpte.exe:FTP Transfer Engine
{51BF9E32-05AC-4AB9-B0EC-EA65EAF36EF6}= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
{D0260E61-74CB-44F4-A58C-C027D0A3F2F6}= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
{F35AB971-8B25-4679-8B67-6921D7F874BD}= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
{51F75D76-A950-4076-B186-1728349D8999}= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
{2C4E9E04-B981-4C12-BD18-EFC4004A2662}= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
{1E83D953-349B-4061-ADEF-7FFFBAABEE92}= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
{D7E8E2BD-1862-432B-9084-265B15275FD3}= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
{B9DBC096-E542-4FAF-976F-373BEB84CE4B}= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
DFSR-1= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-06-28 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-06-28 43904]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-19 240128]
S2 Windows Tribute Service;Windows Tribute Service;C:\Windows\system32\kdiid.exe [2007-11-19 53760]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-07-03 80936]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-03 98608]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-03 28464]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-03 17712]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-24 29744]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-05 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-05 79736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee7e4f70-db22-11dc-bf54-001a8016ef67}]
\shell\AutoRun\command - G:\EXPLORER.EXE
\shell\explore\Command - G:\EXPLORER.EXE
\shell\open\Command - G:\EXPLORER.EXE
.
Contenu du dossier 'Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 18:00:55
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwQueryDirectoryFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\Windows\system32\kdiid.exe 53760 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
Heure de fin: 2008-09-30 18:11:58
ComboFix-quarantined-files.txt 2008-09-30 16:11:45
ComboFix2.txt 2008-09-30 11:51:59
ComboFix3.txt 2008-09-23 16:13:21

Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 61,526,581,248 octets libres

317 --- E O F --- 19/09/2008 06:10

Bonne continuation ;-)
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 sept. 2008 à 20:14
j'avais mal fais le script :(

refais avec ceci:


Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :




Driver ::
Windows Tribute Service


File::
C:\Windows\system32\kdiid.exe





Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


_________________


puis passe a la suite
0
j ai suivi toutes les étapes, voici les rapports :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:02, on 30/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Voipwise.com\Voipwise\voipwise.exe
C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\voipwise.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{F234CAF1-A898-40E0-AA02-8AEA91FA4566}: NameServer = 85.255.113.147,85.255.112.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdiid.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
0
Je suis enfin parvenu a éradiquer le probleme en faisant cela :

télécharger avast antivirus

lancer un scan au lancement de la machine et suppresion des fichiers jugés dangereux.

ensuite rdv dans les connections réseau, propriété de TCP IP 4 et obtenir adresse dns automatiquement.

on redémarre et tout refonctionne correctement !!!
0