Aller au contenu

bgchris26

Membres
  • Compteur de contenus

    37
  • Inscription

  • Dernière visite

Réputation sur la communauté

0 Neutral

À propos de bgchris26

  • Rang
    Member

Autres informations

  • Mes langues
    Français
  1. Pas de questions supplémentaires, je te remercie de m'avoir accordé tout ce temps ! Bonne continuation à toi !
  2. Salut Gof! Voici le rapport Malwarebytes Malwarebytes' Anti-Malware 1.43 Version de la base de données: 3508 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18865 07/01/2010 19:57:33 mbam-log-2010-01-07 (19-57-33).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 265927 Temps écoulé: 1 hour(s), 34 minute(s), 28 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  3. Bonsoir Gof ! Voici le rapport qui suit la manip que tu m'as demandé: Peux tu me dire ce que tu penses avoir détecter? ComboFix 10-01-02.03 - Christophe 05/01/2010 19:51:44.3.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1868 [GMT 1:00] Lancé depuis: c:\users\Christophe\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Christophe\Desktop\CFScript.txt AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\windows\system\cmstp.exe" "c:\windows\System32\efceedadf1_z.dll" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system\cmstp.exe c:\windows\System32\efceedadf1_z.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-05 au 2010-01-05 )))))))))))))))))))))))))))))))))))) . 2010-01-05 18:57 . 2010-01-05 18:57 -------- d-----w- c:\users\Christophe\AppData\Local\temp 2010-01-05 18:57 . 2010-01-05 18:57 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-01-05 18:57 . 2010-01-05 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-05 18:57 . 2010-01-05 18:57 -------- d-----w- c:\users\Administrateur\AppData\Local\temp 2009-12-25 10:26 . 2009-12-25 10:26 -------- d--h--r- c:\users\Christophe\AppData\Roaming\SecuROM 2009-12-25 10:26 . 2009-12-25 10:26 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-12-10 20:07 . 2009-12-22 08:20 2066200 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll 2009-12-08 19:20 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-08 19:20 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-12-08 19:20 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-08 19:15 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-03 00:13 . 2008-07-09 12:01 56770 ----a-w- c:\users\Christophe\AppData\Roaming\nvModes.dat 2010-01-02 15:51 . 2006-11-02 15:48 694498 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-02 15:51 . 2006-11-02 15:48 133500 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-02 10:38 . 2008-07-10 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-02 10:38 . 2008-07-21 17:36 5061520 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-01 20:09 . 2008-07-09 16:33 -------- d-----w- c:\program files\SpywareBlaster 2009-12-30 13:55 . 2008-07-21 17:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-30 13:54 . 2008-07-10 18:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-29 15:21 . 2007-11-02 09:56 -------- d-----w- c:\program files\Google 2009-12-27 08:33 . 2008-01-09 11:15 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-12-26 21:35 . 2007-11-02 10:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-23 16:05 . 2008-07-09 19:57 -------- d-----w- c:\programdata\avg8 2009-12-08 20:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-11-21 06:40 . 2009-12-08 19:16 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-08 19:16 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-08 19:16 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-08 19:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-15 21:36 . 2008-07-14 19:53 108 ----a-w- c:\users\Christophe\AppData\Roaming\wklnhst.dat 2009-11-15 10:28 . 2008-07-10 22:28 -------- d-----w- c:\program files\Easy Cleaner 2009-11-11 11:16 . 2007-11-02 12:30 -------- d-----w- c:\programdata\Microsoft Help 2009-11-03 06:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-02 19:42 . 2009-10-03 06:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 09:17 . 2009-11-25 21:53 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-25 21:07 . 2008-07-09 12:02 78936 ----a-w- c:\users\Christophe\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-08 21:08 . 2009-11-03 06:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-11-03 06:15 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-11-03 06:15 4096 ----a-w- c:\windows\system32\oleaccrc.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-30 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-30 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-30 81920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-11-17 19:56 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe] 2007-09-19 10:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 02:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):68,4b,b1,af,8c,de,c9,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004884925-3776096063-155102671-1000] "EnableNotificationsRef"=dword:00000003 R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [09/07/2008 20:57 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [09/07/2008 20:57 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/10/2008 16:43 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [08/01/2009 18:48 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/01/2009 18:48 297752] R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [09/07/2008 14:51 333088] R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\System32\drivers\ma730pt.sys [31/10/2008 21:23 103040] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [02/11/2007 18:46 75008] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [02/11/2007 18:46 43904] R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [02/11/2007 18:46 9344] R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [02/11/2007 18:46 812544] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [09/07/2008 18:00 721904] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07/12/2008 11:44 30088] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [10/07/2008 21:02 21504] S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\System32\drivers\ma730c.sys [31/10/2008 21:23 156128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll . Contenu du dossier 'Tâches planifiées' 2009-12-29 c:\windows\Tasks\User_Feed_Synchronization-{31988905-11C4-4912-84C3-3B88BE10F3B6}.job - c:\windows\system32\msfeedssync.exe [2009-12-08 04:59] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://fr.yahoo.com/ IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel IE: Google Sidewiki... . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-05 19:57 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4004884925-3776096063-155102671-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f0,6f,35,42,4e,c9,a2,7d,bf,a1,7d,29,4f,ca,a7,99,7e,d7,05,4b,b7,fa,dc, 53,4e,3f,27,99,6a,94,87,81,3e,65,3b,e6,b0,7c,37,c3,e8,2f,ae,59,fb,f8,d1,00,\ "??"=hex:96,23,91,b1,03,2d,c3,72,01,af,05,95,1a,1f,c3,6b [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000003d [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-01-05 19:59:52 ComboFix-quarantined-files.txt 2010-01-05 18:59 ComboFix2.txt 2010-01-03 10:41 Avant-CF: 41 788 338 176 octets libres Après-CF: 41 781 522 432 octets libres - - End Of File - - E1342869CB78413D7FBC979CE2B38DDF
  4. Bonjour Gof ! J'ai envoyé ce matin même le fichier sur le lien que tu m'as transmis. ++
  5. Re! Avec tes précisions, j'ai pu effectuer l'analyse, voici le résultat: Fichier efceedadf1_z.dll reçu le 2010.01.03 20:43:43 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.03 - Ikarus T3.1.1.79.0 2009.12.31 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.03 - McAfee 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.01 - Microsoft 1.5302 2010.01.03 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.03 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.03 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.129 2010.01.03 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Information additionnelle File size: 23 bytes MD5...: 6c467296bf15f424fd6bd251b7bd46b2 SHA1..: a10aa0ed55656b5dc3dbb803ad2f13119ea9ef3d SHA256: 1196017caf33e9a44dd74f82c69f68c731d498333dbc243405443822a007e92b ssdeep: 3:gbTiR8Wlkn:gyR8Wlk<BR> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Unknown! sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.03 - Ikarus T3.1.1.79.0 2009.12.31 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.03 - McAfee 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.01 - Microsoft 1.5302 2010.01.03 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.03 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.03 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.129 2010.01.03 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Information additionnelle File size: 23 bytes MD5...: 6c467296bf15f424fd6bd251b7bd46b2 SHA1..: a10aa0ed55656b5dc3dbb803ad2f13119ea9ef3d SHA256: 1196017caf33e9a44dd74f82c69f68c731d498333dbc243405443822a007e92b ssdeep: 3:gbTiR8Wlkn:gyR8Wlk<BR> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Unknown! sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
  6. Salut ! J'ai recherché le fichier avec le chemin d'accès mais il n'apparait pas dans le dossier système32 ...
  7. Bonjour et merci Gof! Je joins le rapport combo fix. ComboFix 10-01-02.03 - Christophe 03/01/2010 11:31:00.2.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1860 [GMT 1:00] Lancé depuis: c:\users\Christophe\Desktop\ComboFix.exe AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-03 au 2010-01-03 )))))))))))))))))))))))))))))))))))) . 2010-01-03 10:38 . 2010-01-03 10:39 -------- d-----w- c:\users\Christophe\AppData\Local\temp 2010-01-03 10:38 . 2010-01-03 10:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-25 10:26 . 2009-12-25 10:26 -------- d--h--r- c:\users\Christophe\AppData\Roaming\SecuROM 2009-12-25 10:26 . 2009-12-25 10:26 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-12-25 10:23 . 2009-12-25 10:23 95232 ----a-w- c:\windows\system\cmstp.exe 2009-12-10 20:07 . 2009-12-22 08:20 2066200 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll 2009-12-08 19:20 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-08 19:20 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-12-08 19:20 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-08 19:15 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-03 00:13 . 2008-07-09 12:01 56770 ----a-w- c:\users\Christophe\AppData\Roaming\nvModes.dat 2010-01-02 15:51 . 2006-11-02 15:48 694498 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-02 15:51 . 2006-11-02 15:48 133500 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-02 10:38 . 2008-07-10 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-02 10:38 . 2008-07-21 17:36 5061520 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-01 20:09 . 2008-07-09 16:33 -------- d-----w- c:\program files\SpywareBlaster 2009-12-30 13:55 . 2008-07-21 17:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-30 13:54 . 2008-07-10 18:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-29 15:21 . 2007-11-02 09:56 -------- d-----w- c:\program files\Google 2009-12-27 08:33 . 2008-01-09 11:15 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-12-26 21:35 . 2007-11-02 10:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-23 16:05 . 2008-07-09 19:57 -------- d-----w- c:\programdata\avg8 2009-12-08 20:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-11-21 06:40 . 2009-12-08 19:16 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-08 19:16 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-08 19:16 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-08 19:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-15 21:36 . 2008-07-14 19:53 108 ----a-w- c:\users\Christophe\AppData\Roaming\wklnhst.dat 2009-11-15 10:28 . 2008-07-10 22:28 -------- d-----w- c:\program files\Easy Cleaner 2009-11-11 11:16 . 2007-11-02 12:30 -------- d-----w- c:\programdata\Microsoft Help 2009-11-03 06:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-02 19:42 . 2009-10-03 06:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 09:17 . 2009-11-25 21:53 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-25 21:07 . 2008-07-09 12:02 78936 ----a-w- c:\users\Christophe\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-08 21:08 . 2009-11-03 06:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-11-03 06:15 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-11-03 06:15 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2008-07-09 13:55 . 2008-07-09 13:55 23 --sha-w- c:\windows\System32\efceedadf1_z.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-30 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-30 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-30 81920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-11-17 19:56 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe] 2007-09-19 10:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 02:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):68,4b,b1,af,8c,de,c9,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004884925-3776096063-155102671-1000] "EnableNotificationsRef"=dword:00000003 R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [09/07/2008 20:57 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [09/07/2008 20:57 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/10/2008 16:43 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [08/01/2009 18:48 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/01/2009 18:48 297752] R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [09/07/2008 14:51 333088] R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\System32\drivers\ma730pt.sys [31/10/2008 21:23 103040] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [02/11/2007 18:46 75008] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [02/11/2007 18:46 43904] R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [02/11/2007 18:46 9344] R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [02/11/2007 18:46 812544] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [09/07/2008 18:00 721904] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07/12/2008 11:44 30088] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [10/07/2008 21:02 21504] S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\System32\drivers\ma730c.sys [31/10/2008 21:23 156128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll . Contenu du dossier 'Tâches planifiées' 2009-12-29 c:\windows\Tasks\User_Feed_Synchronization-{31988905-11C4-4912-84C3-3B88BE10F3B6}.job - c:\windows\system32\msfeedssync.exe [2009-12-08 04:59] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://fr.yahoo.com/ IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Explorer_Run-DllHst - c:\windows\dllhst3g.exe HKU-Default-Explorer_Run-SessMgr - c:\users\CHRIST~1\LOCALS~1\APPLIC~1\sessmgr.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools\daemon.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-03 11:39 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4004884925-3776096063-155102671-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f0,6f,35,42,4e,c9,a2,7d,bf,a1,7d,29,4f,ca,a7,99,7e,d7,05,4b,b7,fa,dc, 53,4e,3f,27,99,6a,94,87,81,3e,65,3b,e6,b0,7c,37,c3,e8,2f,ae,59,fb,f8,d1,00,\ "??"=hex:96,23,91,b1,03,2d,c3,72,01,af,05,95,1a,1f,c3,6b [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000003d [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-01-03 11:41:28 ComboFix-quarantined-files.txt 2010-01-03 10:41 Avant-CF: 39 194 206 208 octets libres Après-CF: 39 158 296 576 octets libres - - End Of File - - A093A5140C359FAEB4859BDD3DAE6D24
  8. Bonjour à tous! Voici plusieurs jours que mon système est fortement ralentit. Le lancement d'une application prend un temps important (plus d'1 minute) J'ai défragmenté mon disque dur mais cela persite. Je joint un rapport hijackthis Pourriez-vous m'aider s'il vous plait. Par avance merci. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:34:51, on 02/01/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\dfrgui.exe C:\Users\Christophe\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/?fr=fp-yie8 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Windows\dllhst3g.exe /waitservice O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [sessMgr] C:\Users\CHRIST~1\LOCALS~1\APPLIC~1\sessmgr.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [sessMgr] C:\Users\CHRIST~1\LOCALS~1\APPLIC~1\sessmgr.exe /waitservice (User 'Default user') O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PEVSystemStart - Unknown owner - C:\29987-CF\PEV.cfxxe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8115 bytes
  9. Bonjour, mon antivirus AVG me détecte un chaval de troie (adsfreeimaj ou quelque chose come ca). J'ai essayé d'utiliser Malwebytes qui me supprime l'infection mais elle revient au démarrage ! Je solicite donc votre aide. Si par la même occasion il s'avère nécessaire de faire un petit nettoyage je suis preneur Je vous laisse mon rapport. Merci d'avance ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:56:47, on 27/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Users\Christophe\AppData\Roaming\ieudinit.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Christophe\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/?fr=fp-yie8 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\Windows\System\logman.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKLM\..\Policies\Explorer\Run: [iEudinit] C:\Users\CHRIST~1\AppData\Roaming\ieudinit.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Windows\dllhst3g.exe /waitservice O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [sessMgr] C:\Users\CHRIST~1\LOCALS~1\APPLIC~1\sessmgr.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [sessMgr] C:\Users\CHRIST~1\LOCALS~1\APPLIC~1\sessmgr.exe /waitservice (User 'Default user') O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9358 bytes
  10. ok et bien je vais suivre tes conseils. Concernant les services de sony je ne m'en sert pas sauf l'outil de mise à jour donc si tu peux me dire ce que je dois faire... J 'ai désinstallé spybot et adaware pour utiliser malwarebytes que je possédais mais n'utilisais pas... En attente de ta réponse ...
  11. Bonjour, dsl de la lenteur de la réponse je suis parti quelques jours. Je veux d'abord te remercier de ton aide les fenetress intempestives ont disparu! Je te poste mon log hijackthis. Je trouve qu'il y a beaucoup d'entrées peux tu m'aider à alléger un peu cela si c'est nécessaire ... encore merci pour votre forum qui m'a tjs apporté une grande aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:29:01, on 16/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\Marketing Tools\MarketingTools.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\system32\conime.exe C:\Program Files\eMule\emule.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\Christophe\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11827 bytes
  12. J'ai effectué ce que tu m'as dit voici le log SmitFraudFix v2.329 Scan done at 11:41:47,14, 10/07/2008 Run from C:\Users\Christophe\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6000] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\Marketing Tools\MarketingTools.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Windows\System32\rundll32.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Windows\system32\svchost.exe C:\Windows\system32\stacsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\AxBx\Multi Virus Cleaner 2008\MVC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\Christophe\HiJackThis.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\cmd.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts hosts file corrupted ! 127.0.0.1 www.legal-at-spybot.info 127.0.0.1 legal-at-spybot.info »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Christophe »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Christophe\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\CHRIST~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri [!] Suspicious: NVGFIL~1.DLL BHO: IE Site Blocker - {6DDBF417-0774-46AD-940B-6A4D9A039407} TypeLib: {15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF} Interface: {CAF9D798-C659-4B9B-8E19-EE27C3D04EE7} VersionIndependentProgID: BhoNew.Bho ProgID: BhoNew.Bho.1 »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="avgrsstx.dll" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\Windows\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
  13. Merci à toi de prendre le temps de m'aider! Voici mon rapport comme demandé. SmitFraudFix v2.329 Scan done at 11:41:47,14, 10/07/2008 Run from C:\Users\Christophe\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6000] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\Marketing Tools\MarketingTools.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Windows\System32\rundll32.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Windows\system32\svchost.exe C:\Windows\system32\stacsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\AxBx\Multi Virus Cleaner 2008\MVC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\Christophe\HiJackThis.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\cmd.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts hosts file corrupted ! 127.0.0.1 www.legal-at-spybot.info 127.0.0.1 legal-at-spybot.info »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Christophe »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Christophe\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\CHRIST~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri [!] Suspicious: NVGFIL~1.DLL BHO: IE Site Blocker - {6DDBF417-0774-46AD-940B-6A4D9A039407} TypeLib: {15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF} Interface: {CAF9D798-C659-4B9B-8E19-EE27C3D04EE7} VersionIndependentProgID: BhoNew.Bho ProgID: BhoNew.Bho.1 »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="avgrsstx.dll" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\Windows\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
  14. Bonjour à tous! Alors voila je me retrouve en ce moment avec un probleme à chaque fois que j'ouvre internet explorer, une fenetre s'ouvre m'indiquant "Attention, some dangerous viruses detected in your system. microsoft windows XP files corrupted. this may lead to the destruction of ilmportant files in C:/WINDOWS. download protction software now" Je solicite donc votre aide pour éradiquer ce problème. Merci d'avance Je post mon log hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:18:48, on 10/07/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\Marketing Tools\MarketingTools.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Windows\System32\rundll32.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Windows\system32\svchost.exe C:\Windows\system32\stacsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\AxBx\Multi Virus Cleaner 2008\MVC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\Christophe\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IE Site Blocker - {6DDBF417-0774-46AD-940B-6A4D9A039407} - C:\Windows\system32\NVGFIL~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 14332 bytes
×
×
  • Créer...