Pb avec spyware

atlas121 Messages postés 62 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
j ai telecharge deux logiciels d internet et je me suis apercu que j ai chope bcq d adware que j ai arrive a suprimer cependant y a un antispyware 2009 et antivirus qui me derangent tout le temp en m proposant un gratuit et tout ca comment je vais faire pour les eliminer

j i fait un rapport avec hijackthis voila le resultat
j espere votre aide et merci infiniment

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:45, on 29/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Users\vaio\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKCU\..\Run: [\YURF5F2.exe] C:\Windows\system32\YURF5F2.exe
O4 - HKCU\..\Run: [\YURFF35.exe] C:\Windows\system32\YURFF35.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll,c
O4 - HKCU\..\Run: [BM7901cc81] Rundll32.exe "C:\Users\vaio\AppData\Local\Temp\mklgxbbs.dll",s
O4 - HKCU\..\Run: [7a32ff1d] rundll32.exe "C:\Users\vaio\AppData\Local\Temp\kefrptff.dll",b
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9773 bytes
Configuration: Windows Vista
Internet Explorer 7.0

5 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    ______________________

    puis recolle un rapport hijakchtis
    -1
  2. atlas121 Messages postés 62 Statut Membre 1
     
    merci
    et voila le rapport combofix
    ComboFix 08-09-27.06 - vaio 2008-09-30 10:56:45.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1208 [GMT 1:00]
    Lancé depuis: C:\Users\vaio\Desktop\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\MicroAV
    C:\Program Files\MicroAV\MicroAV.cpl
    C:\Program Files\MicroAV\MicroAV.exe
    C:\Program Files\MicroAV\MicroAV.ooo
    C:\Program Files\MicroAV\MicroAV1.dat
    C:\Program Files\PCHealthCenter
    C:\Program Files\PCHealthCenter\[u]0/u.gif
    C:\Program Files\PCHealthCenter\1.gif
    C:\Program Files\PCHealthCenter\1.ico
    C:\Program Files\PCHealthCenter\2.gif
    C:\Program Files\PCHealthCenter\2.ico
    C:\Program Files\PCHealthCenter\3.gif
    C:\Program Files\PCHealthCenter\5.exe
    C:\Program Files\PCHealthCenter\sc.html
    C:\Windows\system32\1.ico
    C:\Windows\system32\2.ico
    C:\Windows\system32\opnlKBsR.dll
    C:\Windows\system32\tuvTmMcb.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-30 10:54 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
    2008-09-30 00:04 . 2008-09-30 00:04 <REP> d-------- C:\Program Files\Driver-Soft
    2008-09-30 00:04 . 2007-09-02 20:56 1,686,016 --a------ C:\Windows\System32\clinetsuitex6.ocx
    2008-09-30 00:04 . 2004-06-14 14:56 427,864 --a------ C:\Windows\System32\XceedZip.dll
    2008-09-29 22:07 . 2007-06-12 04:04 2,267,368 --a------ C:\Windows\System32\Flash9d.ocx
    2008-09-29 22:07 . 1998-06-24 00:00 115,016 --a------ C:\Windows\System32\MSINET.OCX
    2008-09-29 22:06 . 2008-09-29 22:57 <REP> d-------- C:\Program Files\GVR
    2008-09-29 22:06 . 1998-06-24 00:00 203,576 --a------ C:\Windows\System32\RICHTX32.OCX
    2008-09-27 01:27 . 2008-09-27 10:03 <REP> d-------- C:\Program Files\Panda Security
    2008-09-26 23:09 . 2008-09-26 23:09 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-09-26 21:06 . 2008-04-26 09:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-09-26 21:06 . 2008-04-26 09:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
    2008-09-26 21:06 . 2008-04-26 09:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-09-26 21:06 . 2008-04-12 04:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
    2008-09-26 21:06 . 2008-04-05 02:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
    2008-09-26 21:06 . 2008-04-05 04:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
    2008-09-26 20:38 . 2008-09-26 20:38 0 --ah----- C:\Windows\System32\drivers\Msft_User_UsbDr_01_00_00.Wdf
    2008-09-26 20:31 . 2008-09-26 20:31 <REP> d-------- C:\PerfLogs
    2008-09-26 15:06 . 2008-09-26 15:06 <REP> d-------- C:\Program Files\Spyware Nuker
    2008-09-26 15:04 . 2008-09-26 15:04 0 --ah----- C:\Users\Default.LOG2
    2008-09-26 15:04 . 2008-09-26 15:04 0 --ah----- C:\Users\Default.LOG1
    2008-09-26 15:04 . 2008-09-26 15:04 0 --ah----- C:\ProgramData.LOG2
    2008-09-26 15:04 . 2008-09-26 15:04 0 --ah----- C:\ProgramData.LOG1
    2008-09-26 11:15 . 2008-09-26 14:57 <REP> d-------- C:\Users\vaio\AppData\Roaming\DMCache
    2008-09-26 01:54 . 2008-09-26 01:54 <REP> d-------- C:\3gptemp
    2008-09-26 01:31 . 2008-09-26 01:31 <REP> d-------- C:\Program Files\MIKSOFT
    2008-09-26 01:23 . 2008-09-26 01:25 <REP> d-------- C:\Users\vaio\AppData\Roaming\vlc
    2008-09-26 01:21 . 2008-09-26 01:21 <REP> d-------- C:\Program Files\VideoLAN
    2008-09-25 13:07 . 2008-07-19 06:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
    2008-09-25 13:07 . 2008-07-19 04:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
    2008-09-25 13:07 . 2008-07-19 06:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
    2008-09-25 13:07 . 2008-07-19 06:10 45,768 --a------ C:\Windows\System32\wups2.dll
    2008-09-25 13:06 . 2008-07-19 06:09 563,912 --a------ C:\Windows\System32\wuapi.dll
    2008-09-25 13:06 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
    2008-09-25 13:06 . 2008-07-19 04:44 83,456 --a------ C:\Windows\System32\wudriver.dll
    2008-09-25 13:06 . 2008-07-19 06:10 36,552 --a------ C:\Windows\System32\wups.dll
    2008-09-25 13:06 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
    2008-09-22 20:13 . 2008-09-22 20:13 <REP> d-------- C:\Program Files\Real
    2008-09-22 20:13 . 2008-09-22 20:13 <REP> d-------- C:\Program Files\Common Files\xing shared
    2008-09-22 20:13 . 2008-09-22 20:13 <REP> d-------- C:\Program Files\Common Files\Real
    2008-09-22 13:11 . 2008-01-19 08:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
    2008-09-22 13:10 . 2008-01-19 08:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
    2008-09-22 13:09 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
    2008-09-22 13:08 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
    2008-09-22 13:08 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
    2008-09-22 13:08 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc
    2008-09-22 13:08 . 2008-01-05 12:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
    2008-09-22 13:08 . 2008-01-05 12:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
    2008-09-22 13:08 . 2008-01-05 12:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs
    2008-09-22 13:08 . 2008-01-05 12:39 150 --a------ C:\Windows\System32\RacUREx.xml
    2008-09-22 13:08 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-09-22 13:07 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
    2008-09-22 13:07 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
    2008-09-22 13:07 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
    2008-09-22 13:07 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
    2008-09-22 13:07 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
    2008-09-22 13:07 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
    2008-09-22 13:07 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
    2008-09-22 13:07 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
    2008-09-11 11:03 . 2008-07-31 02:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-09-11 11:03 . 2008-07-31 04:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
    2008-09-11 11:01 . 2008-06-26 04:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
    2008-09-10 00:04 . 2008-09-10 00:04 <REP> d-------- C:\Users\vaio\AppData\Roaming\Shareaza
    2008-09-10 00:04 . 2008-09-10 00:04 <REP> d-------- C:\Program Files\Shareaza
    2008-09-09 21:59 . 2008-09-09 21:59 <REP> d-------- C:\Windows\BDOSCAN8
    2008-09-09 14:30 . 2008-09-09 19:15 96,976 --a------ C:\Windows\System32\drivers\klin.dat
    2008-09-09 14:30 . 2008-09-09 19:15 87,855 --a------ C:\Windows\System32\drivers\klick.dat
    2008-09-09 14:28 . 2008-09-09 14:28 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-09-09 14:28 . 2008-09-30 11:01 6,291,744 --ahs---- C:\Windows\System32\drivers\fidbox.dat
    2008-09-09 14:28 . 2008-09-30 02:46 86,096 --ahs---- C:\Windows\System32\drivers\fidbox.idx
    2008-09-09 14:15 . 2008-09-09 14:15 <REP> d-------- C:\kav
    2008-09-09 13:14 . 2008-09-09 13:14 <REP> d-------- C:\Program Files\Sun
    2008-09-01 00:05 . 2008-09-01 00:05 <REP> d-------- C:\Temp\Sony Corporation
    2008-09-01 00:05 . 2008-09-01 00:05 <REP> d-------- C:\Temp
    2008-08-13 10:04 . 2008-07-16 02:32 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-08-12 22:48 . 2008-06-19 04:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
    2008-08-12 22:48 . 2008-01-19 08:36 272,896 --a------ C:\Windows\System32\polstore.dll
    2008-08-12 22:48 . 2008-04-18 06:48 269,312 --a------ C:\Windows\System32\es.dll
    2008-08-12 22:48 . 2008-01-19 08:36 61,440 --a------ C:\Windows\System32\winipsec.dll
    2008-08-12 22:48 . 2008-01-19 08:34 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll
    2008-08-12 22:44 . 2008-06-27 02:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-08-12 22:44 . 2008-06-27 05:15 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-08-12 22:37 . 2008-04-10 06:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
    2008-08-07 19:24 . 2008-08-07 19:24 <REP> d-------- C:\Program Files\WinHTTrack
    2008-08-01 08:31 . 2008-08-01 08:31 89,674 --a------ C:\Windows\WinVerCheck.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-30 09:34 --------- d-----w C:\ProgramData\Kaspersky Lab
    2008-09-26 19:42 174 --sha-w C:\Program Files\desktop.ini
    2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Sidebar
    2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Mail
    2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Journal
    2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Defender
    2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Collaboration
    2008-09-26 19:32 --------- d-----w C:\Program Files\Windows Calendar
    2008-09-26 19:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-09-26 19:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-09-26 14:06 67,645 ----a-w C:\Windows\system32\drivers\pshook11.sys
    2008-09-26 11:01 48,872 ----a-w C:\Users\vaio\AppData\Roaming\nvModes.dat
    2008-09-09 18:15 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
    2008-09-09 12:12 --------- d-----w C:\Program Files\Java
    2008-08-31 23:05 --------- d-----w C:\ProgramData\Sony Corporation
    2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
    2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
    2008-06-26 03:29 565,248 ----a-w C:\Windows\System32\emdmgmt.dll
    2008-06-26 03:29 45,056 ----a-w C:\Windows\System32\dataclen.dll
    2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
    2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
    2008-06-13 10:56 988,216 ----a-w C:\Windows\System32\winload.exe
    2008-06-13 10:56 927,288 ----a-w C:\Windows\System32\winresume.exe
    2008-06-13 10:56 615,992 ----a-w C:\Windows\System32\ci.dll
    2008-06-13 10:56 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-06-13 10:56 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
    2008-06-13 10:56 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-06-13 10:56 378,368 ----a-w C:\Windows\System32\srcore.dll
    2008-06-13 10:56 318,464 ----a-w C:\Windows\System32\rstrui.exe
    2008-06-13 10:56 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-06-13 10:56 14,848 ----a-w C:\Windows\System32\srdelayed.exe
    2008-06-13 10:55 295,936 ----a-w C:\Windows\System32\gdi32.dll
    2008-06-13 10:55 2,032,128 ----a-w C:\Windows\System32\win32k.sys
    2008-06-13 10:55 14,848 ----a-w C:\Windows\System32\wshrm.dll
    2008-06-13 10:54 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-06-13 10:54 1,695,744 ----a-w C:\Windows\System32\gameux.dll
    2008-06-12 09:56 1,314,816 ----a-w C:\Windows\System32\quartz.dll
    2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2007-08-17 13:28 28,190 ----a-w C:\Users\Invité\AppData\Roaming\nvModes.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-25 29744]
    "MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 227840]
    "SWN2"="C:\Program Files\Spyware Nuker\swnxt.exe" [2006-06-09 4060160]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 C:\Windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-07-24 18:26 98304 C:\Windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
    backup=C:\Windows\pss\BTTray.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^vaio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Audio Filter.lnk]
    path=C:\Users\vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk
    backup=C:\Windows\pss\Audio Filter.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-05-11 02:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMon Utility]
    --a------ 2007-07-12 14:39 534392 C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
    --a------ 2008-09-26 11:38 253952 C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    --a------ 2007-02-12 12:37 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
    --a------ 2007-06-11 17:27 317560 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-08-01 01:17 8429568 C:\Windows\System32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-08-01 01:17 81920 C:\Windows\System32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
    --a------ 2007-08-01 01:18 86016 C:\Windows\System32\nvsvc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd2]
    --a------ 2007-04-13 13:52 307200 C:\Windows\vsnpstd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2]
    --a------ 2006-06-09 17:11 4060160 C:\Program Files\Spyware Nuker\swnxt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2007-03-10 02:58 835584 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-09-22 20:13 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2008-01-19 08:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --a------ 2008-01-19 08:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    --a------ 2007-06-26 01:39 1826816 C:\Windows\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{701BCD01-FDE0-4149-BBB5-B5E090A574FA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{571EA047-575B-49C9-A2D0-77774AD34244}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{3C1E921B-B500-4D59-9C54-5A4D9084D2B3}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{36A08585-1A8A-46C7-B317-47085C9D2CC3}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{81DBAC01-40DB-45D2-8587-9035BF12493D}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{E89DFED8-2083-423B-889A-763FF194A6B6}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{F45DBE36-85D8-4B2C-B172-4001C3B3490B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{506405DD-0E73-4696-A0DB-293FCA93A1D8}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{1AB3172B-9B36-445D-A342-5F417A910327}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{6F7E4E4A-4111-48A9-8F32-B6DF98C7758D}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{DB300A50-506F-4E3A-B3BF-468A828CC205}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "{DEDB0801-02B0-4862-8A2A-07F43E0CD42F}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "{194F92CC-9C5C-4718-8ACE-95E3DFB50187}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
    "{18DB191D-4F7E-4E2A-B50B-0600EA96A4F3}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
    "{6B1DFB02-5DCE-480C-A5BF-2A0296638ACE}"= UDP:C:\Windows\System32\ftp.exe:FileTransferProtocol
    "{23087339-4A1F-4EE7-8C3A-CA0C47195E71}"= TCP:C:\Windows\System32\ftp.exe:FileTransferProtocol

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)
    "DoNotAllowExceptions"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 20760]
    R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
    R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
    R3 UMPass;Pilote Microsoft UMPass;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 7680]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-13 246784]
    S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\Windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]
    S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-07-24 80936]
    S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-24 98608]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-24 28464]
    S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-24 17712]
    S3 e4usbaw;USB ADSL2 WAN Adapter;C:\Windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-25 29744]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-19 576680]
    S3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-04-20 73472]
    S3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-04-20 43904]
    S3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2007-07-09 415392]
    S3 snpstd2;USB PC Camera (SN9C103);C:\Windows\system32\DRIVERS\snpstd2.sys [2007-03-29 343680]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-05 292152]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\Autorun\Autorun.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-\YURF5F2.exe - C:\Windows\system32\YURF5F2.exe
    HKCU-Run-\YURFF35.exe - C:\Windows\system32\YURFF35.exe
    ShellExecuteHooks-{68A91F35-47DB-44D7-9D28-E67984E6DD79} - C:\Windows\system32\opnlKBsR.dll
    MSConfigStartUp-7a32ff1d - C:\Users\vaio\AppData\Local\Temp\hhvsqpjj.dll
    MSConfigStartUp-BM7901cc81 - C:\Users\vaio\AppData\Local\Temp\objwdtxw.dll
    MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-IDMan - C:\Users\vaio\AppData\Local\Temp\Rar$EX22.757\Crack_REA\IDMan.exe
    MSConfigStartUp-MSServer - C:\Windows\system32\opnlKBsR.dll
    MSConfigStartUp-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    MSConfigStartUp-Symantec PIF AlertEng - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    MSConfigStartUp-TQ566808 - F:\Setup.exe
    MSConfigStartUp-tsnpstd - C:\Windows\tsnpstd.exe

    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = about:blank
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O15 -: Trusted Zone: *.canalplay.com
    O15 -: Trusted Zone: *.canalplay.com
    O15 -: Trusted Zone: *.canalplusactive.com

    O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    C:\Windows\Downloaded Program Files\oscan8.inf
    C:\Windows\bdoscandellang.ini
    C:\Windows\bdoscandel.exe
    C:\Windows\Downloaded Program Files\live.ini
    C:\Windows\Downloaded Program Files\scanoptions.tsi
    C:\Windows\Downloaded Program Files\lang.ini
    C:\Windows\Downloaded Program Files\ipsupd.dll
    C:\Windows\Downloaded Program Files\bdupd.dll
    C:\Windows\Downloaded Program Files\libfn.dll
    C:\Windows\Downloaded Program Files\bdcore.dll
    C:\Windows\Downloaded Program Files\oscan8.ocx
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-30 11:01:06
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-09-30 11:03:13
    ComboFix-quarantined-files.txt 2008-09-30 10:03:09

    Avant-CF: 199ÿ296ÿ479ÿ232 octets libres
    Après-CF: 199,453,192,192 octets libres

    335 --- E O F --- 2008-09-27 08:48:43
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:38:45, on 29/09/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Spyware Nuker\swnxt.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
    C:\Users\vaio\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
    O4 - HKCU\..\Run: [\YURF5F2.exe] C:\Windows\system32\YURF5F2.exe
    O4 - HKCU\..\Run: [\YURFF35.exe] C:\Windows\system32\YURFF35.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll,c
    O4 - HKCU\..\Run: [BM7901cc81] Rundll32.exe "C:\Users\vaio\AppData\Local\Temp\mklgxbbs.dll",s
    O4 - HKCU\..\Run: [7a32ff1d] rundll32.exe "C:\Users\vaio\AppData\Local\Temp\kefrptff.dll",b
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.canalplay.com
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
    O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    -1
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ___________

    puis recolle un rapport hijakchits
    -1
    1. atlas121 Messages postés 62 Statut Membre 1
       
      voila le rapport
      Malwarebytes' Anti-Malware 1.28
      Version de la base de données: 1221
      Windows 6.0.6001 Service Pack 1

      30/09/2008 13:35:02
      mbam-log-2008-09-30 (13-35-02).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 136754
      Temps écoulé: 1 hour(s), 21 minute(s), 20 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 1
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 92

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\QooBox\Quarantine\C\Program Files\MicroAV\MicroAV.cpl.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\QooBox\Quarantine\C\Program Files\MicroAV\MicroAV.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Users\vaio\AppData\Local\Temp\kefrptff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\vaio\AppData\Local\Temp\mklgxbbs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> Delete on reboot.
      C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> Delete on reboot.
      C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> Delete on reboot.
      C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Delete on reboot.
      C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.
      C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.
      C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.
      C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> Delete on reboot.
      C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> Delete on reboot.
      C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> Delete on reboot.
      C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> Delete on reboot.
      C:\Users\vaio\Desktop\Micro Antivirus 2009.lnk (Rogue.XPertAntivirus) -> Quarantined and deleted successfully.
      C:\Users\vaio\Desktop\BEST ZOO PORN.url (Rogue.Link) -> Quarantined and deleted successfully.
      C:\Users\Default\Local Settings\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
      C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.




      et voila avec hijacktis

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:38:45, on 29/09/2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
      C:\Program Files\Spyware Nuker\swnxt.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Windows\System32\mobsync.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\conime.exe
      C:\Windows\system32\rundll32.exe
      C:\Windows\system32\rundll32.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
      C:\Users\vaio\Desktop\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
      O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
      O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
      O4 - HKCU\..\Run: [\YURF5F2.exe] C:\Windows\system32\YURF5F2.exe
      O4 - HKCU\..\Run: [\YURFF35.exe] C:\Windows\system32\YURFF35.exe
      O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll,c
      O4 - HKCU\..\Run: [BM7901cc81] Rundll32.exe "C:\Users\vaio\AppData\Local\Temp\mklgxbbs.dll",s
      O4 - HKCU\..\Run: [7a32ff1d] rundll32.exe "C:\Users\vaio\AppData\Local\Temp\kefrptff.dll",b
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
      O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
      O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O13 - Gopher Prefix:
      O15 - Trusted Zone: *.canalplay.com
      O15 - Trusted Zone: *.canalplay.com (HKLM)
      O15 - Trusted Zone: *.canalplusactive.com (HKLM)
      O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
      O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
      O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
      O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
      O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
      O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
      O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
      O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
      O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
      O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
      O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
      O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
      O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
      O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
      O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
      O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
      O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
      O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      -1
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll
    C:\Windows\system32\YURF5F2.exe
    C:\Windows\system32\YURFF35.exe
    C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll
    C:\Users\vaio\AppData\Local\Temp\mklgxbbs.dll
    C:\Users\vaio\AppData\Local\Temp\kefrptff.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    -1
    1. atlas121 Messages postés 62 Statut Membre 1
       
      voila le rapport
      File/Folder C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll not found.
      File/Folder C:\Windows\system32\YURF5F2.exe not found.
      File/Folder C:\Windows\system32\YURFF35.exe not found.
      File/Folder C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll not found.
      File/Folder C:\Users\vaio\AppData\Local\Temp\mklgxbbs.dll not found.
      File/Folder C:\Users\vaio\AppData\Local\Temp\kefrptff.dll not found.

      OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09302008_141700
      -1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok vire ce qui est en quarantaine dans malwarebyte antimalware

    _______________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous si presentes et clic en bas sur "fix checked".

    O4 - HKCU\..\Run: [\YURF5F2.exe] C:\Windows\system32\YURF5F2.exe
    O4 - HKCU\..\Run: [\YURFF35.exe] C:\Windows\system32\YURFF35.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\vaio\AppData\Local\Temp\wvUmllMC.dll,c
    O4 - HKCU\..\Run: [BM7901cc81] Rundll32.exe "C:\Users\vaio\AppData\Local\Temp\mklgxbbs.dll",s
    O4 - HKCU\..\Run: [7a32ff1d] rundll32.exe "C:\Users\vaio\AppData\Local\Temp\kefrptff.dll",b

    _________________

    verifie avec malwarebyte et kaspersky qu'il ne reste rien et colle les rapports si des infections sont trouvées

    ___________________

    encore des soucis
    -1