pb avec spyware

Question

Bonjour,
j ai telecharge deux logiciels d internet et je me suis apercu que j ai chope bcq d adware que j ai arrive a suprimer cependant  y a un antispyware 2009 et antivirus qui me derangent tout le temp en m proposant un gratuit et tout ca comment je vais faire pour les eliminer

j i fait un rapport avec  hijackthis voila le resultat 
j espere votre aide et merci infiniment

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:45, on 29/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Windows\System32undll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32undll32.exe
C:\Windows\system32undll32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Users\vaio\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKCU\..\Run: [\YURF5F2.exe] C:\Windows\system32\YURF5F2.exe
O4 - HKCU\..\Run: [\YURFF35.exe] C:\Windows\system32\YURFF35.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll,c
O4 - HKCU\..\Run: [BM7901cc81] Rundll32.exe "C:\Users\vaio\AppData\Local\Temp\mklgxbbs.dll",s
O4 - HKCU\..\Run: [7a32ff1d] rundll32.exe "C:\Users\vaio\AppData\Local\Temp\kefrptff.dll",b
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.03hook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

jlpjlp · Answer

slt,


télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 


déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 



______________________

puis recolle un rapport hijakchtis

atlas121 · Answer

merci
et voila le rapport combofix
ComboFix 08-09-27.06 - vaio 2008-09-30 10:56:45.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1208 [GMT 1:00]
Lancé depuis: C:\Users\vaio\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MicroAV
C:\Program Files\MicroAV\MicroAV.cpl
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\MicroAV\MicroAV.ooo
C:\Program Files\MicroAV\MicroAV1.dat
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\[u]0/u.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Windows\system32\1.ico
C:\Windows\system32\2.ico
C:\Windows\system32\opnlKBsR.dll
C:\Windows\system32\tuvTmMcb.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
.

2008-09-30 10:54 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-09-30 00:04 . 2008-09-30 00:04 <REP> d-------- C:\Program Files\Driver-Soft
2008-09-30 00:04 . 2007-09-02 20:56 1,686,016 --a------ C:\Windows\System32\clinetsuitex6.ocx
2008-09-30 00:04 . 2004-06-14 14:56 427,864 --a------ C:\Windows\System32\XceedZip.dll
2008-09-29 22:07 . 2007-06-12 04:04 2,267,368 --a------ C:\Windows\System32\Flash9d.ocx
2008-09-29 22:07 . 1998-06-24 00:00 115,016 --a------ C:\Windows\System32\MSINET.OCX
2008-09-29 22:06 . 2008-09-29 22:57 <REP> d-------- C:\Program Files\GVR
2008-09-29 22:06 . 1998-06-24 00:00 203,576 --a------ C:\Windows\System32\RICHTX32.OCX
2008-09-27 01:27 . 2008-09-27 10:03 <REP> d-------- C:\Program Files\Panda Security
2008-09-26 23:09 . 2008-09-26 23:09 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-26 21:06 . 2008-04-26 09:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-09-26 21:06 . 2008-04-26 09:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-09-26 21:06 . 2008-04-26 09:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-09-26 21:06 . 2008-04-12 04:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-09-26 21:06 . 2008-04-05 02:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-09-26 21:06 . 2008-04-05 04:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-09-26 20:38 . 2008-09-26 20:38 0 --ah----- C:\Windows\System32\drivers\Msft_User_UsbDr_01_00_00.Wdf
2008-09-26 20:31 . 2008-09-26 20:31 <REP> d-------- C:\PerfLogs
2008-09-26 15:06 . 2008-09-26 15:06 <REP> d-------- C:\Program Files\Spyware Nuker
2008-09-26 15:04 . 2008-09-26 15:04 0 --ah----- C:\Users\Default.LOG2
2008-09-26 15:04 . 2008-09-26 15:04 0 --ah----- C:\Users\Default.LOG1
2008-09-26 15:04 . 2008-09-26 15:04 0 --ah----- C:\ProgramData.LOG2
2008-09-26 15:04 . 2008-09-26 15:04 0 --ah----- C:\ProgramData.LOG1
2008-09-26 11:15 . 2008-09-26 14:57 <REP> d-------- C:\Users\vaio\AppData\Roaming\DMCache
2008-09-26 01:54 . 2008-09-26 01:54 <REP> d-------- C:\3gptemp
2008-09-26 01:31 . 2008-09-26 01:31 <REP> d-------- C:\Program Files\MIKSOFT
2008-09-26 01:23 . 2008-09-26 01:25 <REP> d-------- C:\Users\vaio\AppData\Roaming\vlc
2008-09-26 01:21 . 2008-09-26 01:21 <REP> d-------- C:\Program Files\VideoLAN
2008-09-25 13:07 . 2008-07-19 06:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-25 13:07 . 2008-07-19 04:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-25 13:07 . 2008-07-19 06:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-25 13:07 . 2008-07-19 06:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-25 13:06 . 2008-07-19 06:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-25 13:06 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-25 13:06 . 2008-07-19 04:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-25 13:06 . 2008-07-19 06:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-25 13:06 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-22 20:13 . 2008-09-22 20:13 <REP> d-------- C:\Program Files\Real
2008-09-22 20:13 . 2008-09-22 20:13 <REP> d-------- C:\Program Files\Common Files\xing shared
2008-09-22 20:13 . 2008-09-22 20:13 <REP> d-------- C:\Program Files\Common Files\Real
2008-09-22 13:11 . 2008-01-19 08:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-09-22 13:10 . 2008-01-19 08:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-09-22 13:09 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-09-22 13:08 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-09-22 13:08 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-09-22 13:08 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-09-22 13:08 . 2008-01-05 12:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-09-22 13:08 . 2008-01-05 12:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
2008-09-22 13:08 . 2008-01-05 12:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs
2008-09-22 13:08 . 2008-01-05 12:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-09-22 13:08 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-09-22 13:07 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-09-22 13:07 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-09-22 13:07 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-09-22 13:07 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-09-22 13:07 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-09-22 13:07 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-09-22 13:07 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-09-22 13:07 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-09-11 11:03 . 2008-07-31 02:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-11 11:03 . 2008-07-31 04:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-11 11:01 . 2008-06-26 04:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 00:04 . 2008-09-10 00:04 <REP> d-------- C:\Users\vaio\AppData\Roaming\Shareaza
2008-09-10 00:04 . 2008-09-10 00:04 <REP> d-------- C:\Program Files\Shareaza
2008-09-09 21:59 . 2008-09-09 21:59 <REP> d-------- C:\Windows\BDOSCAN8
2008-09-09 14:30 . 2008-09-09 19:15 96,976 --a------ C:\Windows\System32\drivers\klin.dat
2008-09-09 14:30 . 2008-09-09 19:15 87,855 --a------ C:\Windows\System32\drivers\klick.dat
2008-09-09 14:28 . 2008-09-09 14:28 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-09-09 14:28 . 2008-09-30 11:01 6,291,744 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-09-09 14:28 . 2008-09-30 02:46 86,096 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-09-09 14:15 . 2008-09-09 14:15 <REP> d-------- C:\kav
2008-09-09 13:14 . 2008-09-09 13:14 <REP> d-------- C:\Program Files\Sun
2008-09-01 00:05 . 2008-09-01 00:05 <REP> d-------- C:\Temp\Sony Corporation
2008-09-01 00:05 . 2008-09-01 00:05 <REP> d-------- C:\Temp
2008-08-13 10:04 . 2008-07-16 02:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-12 22:48 . 2008-06-19 04:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-12 22:48 . 2008-01-19 08:36 272,896 --a------ C:\Windows\System32\polstore.dll
2008-08-12 22:48 . 2008-04-18 06:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-12 22:48 . 2008-01-19 08:36 61,440 --a------ C:\Windows\System32\winipsec.dll
2008-08-12 22:48 . 2008-01-19 08:34 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll
2008-08-12 22:44 . 2008-06-27 02:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-12 22:44 . 2008-06-27 05:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-12 22:37 . 2008-04-10 06:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-07 19:24 . 2008-08-07 19:24 <REP> d-------- C:\Program Files\WinHTTrack
2008-08-01 08:31 . 2008-08-01 08:31 89,674 --a------ C:\Windows\WinVerCheck.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 09:34 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-09-26 19:42 174 --sha-w C:\Program Files\desktop.ini
2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Mail
2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Journal
2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Defender
2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Collaboration
2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Calendar
2008-09-26 19:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-09-26 19:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-26 14:06 67,645 ----a-w C:\Windows\system32\drivers\pshook11.sys
2008-09-26 11:01 48,872 ----a-w C:\Users\vaio\AppData\Roaming\nvModes.dat
2008-09-09 18:15 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-09-09 12:12 --------- d-----w C:\Program Files\Java
2008-08-31 23:05 --------- d-----w C:\ProgramData\Sony Corporation
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 03:29 565,248 ----a-w C:\Windows\System32\emdmgmt.dll
2008-06-26 03:29 45,056 ----a-w C:\Windows\System32\dataclen.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-13 10:56 988,216 ----a-w C:\Windows\System32\winload.exe
2008-06-13 10:56 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-06-13 10:56 615,992 ----a-w C:\Windows\System32\ci.dll
2008-06-13 10:56 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-06-13 10:56 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-06-13 10:56 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-06-13 10:56 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-06-13 10:56 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-06-13 10:56 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-06-13 10:56 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-06-13 10:55 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-06-13 10:55 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-06-13 10:55 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-06-13 10:54 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-13 10:54 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-06-12 09:56 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-08-17 13:28 28,190 ----a-w C:\Users\Invité\AppData\Roaming\nvModes.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-25 29744]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 227840]
"SWN2"="C:\Program Files\Spyware Nuker\swnxt.exe" [2006-06-09 4060160]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 18:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\Windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^vaio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Audio Filter.lnk]
path=C:\Users\vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk
backup=C:\Windows\pss\Audio Filter.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 02:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMon Utility]
--a------ 2007-07-12 14:39 534392 C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
--a------ 2008-09-26 11:38 253952 C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-02-12 12:37 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
--a------ 2007-06-11 17:27 317560 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-08-01 01:17 8429568 C:\Windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-08-01 01:17 81920 C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-08-01 01:18 86016 C:\Windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd2]
--a------ 2007-04-13 13:52 307200 C:\Windows\vsnpstd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2]
--a------ 2006-06-09 17:11 4060160 C:\Program Files\Spyware Nuker\swnxt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-03-10 02:58 835584 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-22 20:13 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-06-26 01:39 1826816 C:\Windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{701BCD01-FDE0-4149-BBB5-B5E090A574FA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{571EA047-575B-49C9-A2D0-77774AD34244}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3C1E921B-B500-4D59-9C54-5A4D9084D2B3}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{36A08585-1A8A-46C7-B317-47085C9D2CC3}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{81DBAC01-40DB-45D2-8587-9035BF12493D}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{E89DFED8-2083-423B-889A-763FF194A6B6}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{F45DBE36-85D8-4B2C-B172-4001C3B3490B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{506405DD-0E73-4696-A0DB-293FCA93A1D8}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1AB3172B-9B36-445D-A342-5F417A910327}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{6F7E4E4A-4111-48A9-8F32-B6DF98C7758D}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{DB300A50-506F-4E3A-B3BF-468A828CC205}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{DEDB0801-02B0-4862-8A2A-07F43E0CD42F}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{194F92CC-9C5C-4718-8ACE-95E3DFB50187}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{18DB191D-4F7E-4E2A-B50B-0600EA96A4F3}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{6B1DFB02-5DCE-480C-A5BF-2A0296638ACE}"= UDP:C:\Windows\System32\ftp.exe:FileTransferProtocol
"{23087339-4A1F-4EE7-8C3A-CA0C47195E71}"= TCP:C:\Windows\System32\ftp.exe:FileTransferProtocol

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 20760]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
R3 UMPass;Pilote Microsoft UMPass;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 7680]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-13 246784]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\Windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-07-24 80936]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-24 98608]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-24 28464]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-24 17712]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\Windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-25 29744]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-19 576680]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-04-20 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-04-20 43904]
S3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2007-07-09 415392]
S3 snpstd2;USB PC Camera (SN9C103);C:\Windows\system32\DRIVERS\snpstd2.sys [2007-03-29 343680]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-05 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Autorun\Autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-\YURF5F2.exe - C:\Windows\system32\YURF5F2.exe
HKCU-Run-\YURFF35.exe - C:\Windows\system32\YURFF35.exe
ShellExecuteHooks-{68A91F35-47DB-44D7-9D28-E67984E6DD79} - C:\Windows\system32\opnlKBsR.dll
MSConfigStartUp-7a32ff1d - C:\Users\vaio\AppData\Local\Temp\hhvsqpjj.dll
MSConfigStartUp-BM7901cc81 - C:\Users\vaio\AppData\Local\Temp\objwdtxw.dll
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IDMan - C:\Users\vaio\AppData\Local\Temp\Rar$EX22.757\Crack_REA\IDMan.exe
MSConfigStartUp-MSServer - C:\Windows\system32\opnlKBsR.dll
MSConfigStartUp-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
MSConfigStartUp-Symantec PIF AlertEng - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
MSConfigStartUp-TQ566808 - F:\Setup.exe
MSConfigStartUp-tsnpstd - C:\Windows\tsnpstd.exe

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O15 -: Trusted Zone: *.canalplay.com
O15 -: Trusted Zone: *.canalplay.com
O15 -: Trusted Zone: *.canalplusactive.com

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\Windows\Downloaded Program Files\oscan8.inf
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe
C:\Windows\Downloaded Program Files\live.ini
C:\Windows\Downloaded Program Files\scanoptions.tsi
C:\Windows\Downloaded Program Files\lang.ini
C:\Windows\Downloaded Program Files\ipsupd.dll
C:\Windows\Downloaded Program Files\bdupd.dll
C:\Windows\Downloaded Program Files\libfn.dll
C:\Windows\Downloaded Program Files\bdcore.dll
C:\Windows\Downloaded Program Files\oscan8.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 11:01:06
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-30 11:03:13
ComboFix-quarantined-files.txt 2008-09-30 10:03:09

Avant-CF: 199ÿ296ÿ479ÿ232 octets libres
Après-CF: 199,453,192,192 octets libres

335 --- E O F --- 2008-09-27 08:48:43
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:45, on 29/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Users\vaio\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKCU\..\Run: [\YURF5F2.exe] C:\Windows\system32\YURF5F2.exe
O4 - HKCU\..\Run: [\YURFF35.exe] C:\Windows\system32\YURFF35.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll,c
O4 - HKCU\..\Run: [BM7901cc81] Rundll32.exe "C:\Users\vaio\AppData\Local\Temp\mklgxbbs.dll",s
O4 - HKCU\..\Run: [7a32ff1d] rundll32.exe "C:\Users\vaio\AppData\Local\Temp\kefrptff.dll",b
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

jlpjlp · Answer

scan avec 
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 


___________


puis recolle un rapport hijakchits

jlpjlp · Answer

télécharge OTMoveIt 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.  Ou sur  https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 

C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll
C:\Windows\system32\YURF5F2.exe 
C:\Windows\system32\YURFF35.exe
C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll
C:\Users\vaio\AppData\Local\Temp\mklgxbbs.dll
C:\Users\vaio\AppData\Local\Temp\kefrptff.dll


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

jlpjlp · Answer

ok vire ce qui est en quarantaine dans malwarebyte antimalware


_______________


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous si presentes et clic en bas sur "fix checked". 


O4 - HKCU\..\Run: [\YURF5F2.exe] C:\Windows\system32\YURF5F2.exe
O4 - HKCU\..\Run: [\YURFF35.exe] C:\Windows\system32\YURFF35.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll,c
O4 - HKCU\..\Run: [BM7901cc81] Rundll32.exe "C:\Users\vaio\AppData\Local\Temp\mklgxbbs.dll",s
O4 - HKCU\..\Run: [7a32ff1d] rundll32.exe "C:\Users\vaio\AppData\Local\Temp\kefrptff.dll",b


_________________

verifie avec malwarebyte et kaspersky qu'il ne reste rien  et colle les rapports si des infections sont trouvées

___________________

encore des soucis

Pb avec spyware

5 réponses

Votre réponse

Newsletters