Aller au contenu

Vatt

Membres
  • Compteur de contenus

    70
  • Inscription

  • Dernière visite

Tout ce qui a été posté par Vatt

  1. Ahh mince j'ai lancé MBMA sans avoir désinstallé ComboFix. C'est grave ? MBAM est toujours en train de scanner. Je te poste juste après Merci
  2. Bonjour Angelique, désolé de n'avoir pas pu posté le rapport avant comme tu me l'as demandée. J'étais un peu "busy" ; )) Voici le rapport de ComboFix comme demandé : ComboFix 08-04-13.3 - Vatthana Lovang 2008-04-19 12:47:48.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.854 [GMT 2:00] Endroit: C:\Documents and Settings\Vatthana Lovang\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Vatthana Lovang\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))))))) . 2008-04-15 21:12 . 2008-04-15 21:12 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-13 19:37 . 2008-04-13 20:08 <REP> d-------- C:\Program Files\McDonaldsDragons 2008-04-08 22:48 . 2008-04-08 22:48 <REP> d-------- C:\Program Files\ReflexiveArcade 2008-04-06 19:14 . 2008-04-06 19:14 <REP> d-------- C:\Program Files\NeroInstall.bak 2008-04-06 14:27 . 2008-04-06 14:27 <REP> d-------- C:\Program Files\Nero 2008-04-06 14:27 . 2008-04-06 14:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero 2008-04-05 21:26 . 2008-04-14 21:59 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Sony Corporation 2008-04-05 17:14 . 2008-04-05 17:14 <REP> d-------- C:\Documents and Settings\Vatthana Lovang\Application Data\Nero 2008-04-05 16:55 . 2008-04-06 14:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-04-01 21:29 . 2008-04-01 21:31 <REP> d-------- C:\Program Files\K-Lite Codec Pack 2008-04-01 21:29 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-04-01 21:29 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-04-01 21:29 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm 2008-04-01 21:29 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2008-04-01 21:29 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-04-01 21:29 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-04-01 21:29 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml 2008-03-24 21:50 . 2008-03-24 21:51 <REP> d-------- C:\Program Files\TClockEx 2008-03-24 18:54 . 2008-03-24 18:54 <REP> dr-h----- C:\Documents and Settings\Vatthana Lovang\Application Data\SecuROM 2008-03-24 18:54 . 2008-03-24 18:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-19 10:50 786,720 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-19 10:50 23,650,848 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-19 10:46 --------- d-----w C:\Program Files\Prevx2 2008-04-19 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-18 09:23 76,676 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-18 09:23 320,192 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-18 07:59 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\NewsBin 2008-04-17 16:29 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-04-17 16:29 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-04-06 19:40 --------- d-----w C:\Program Files\Java 2008-04-06 19:39 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-04-01 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx 2008-04-01 19:25 --------- d-----w C:\Program Files\VistaCodecPack 2008-03-30 17:23 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\LimeWire 2008-03-30 16:18 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\Sony Corporation 2008-03-29 13:00 --------- d-----w C:\Program Files\Glary Utilities 2008-03-24 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-03-15 22:30 --------- d-----w C:\Program Files\Kaspersky Lab 2008-03-15 22:30 --------- d-----w C:\Program Files\Clean Disk Security 2008-03-15 22:30 --------- d-----w C:\Program Files\CCleaner 2008-03-15 22:29 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-15 22:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-03-15 22:29 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\Symantec 2008-03-15 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation 2008-03-15 22:17 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\GlarySoft 2008-03-13 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-02-05 21:02 81,920 ----a-w C:\Documents and Settings\Vatthana Lovang\Application Data\ezpinst.exe 2007-02-05 21:02 47,360 ----a-w C:\Documents and Settings\Vatthana Lovang\Application Data\pcouffin.sys 2006-11-04 13:37 317,248 ----a-w C:\Program Files\dxwebsetup.exe 2004-08-05 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe . ------- Sigcheck ------- 2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-04-14_20.55.09,28 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-14 18:45:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-19 10:26:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll + 2008-04-19 10:26:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c0.dat + 2008-04-19 10:26:51 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7a4.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "RocketDock"="C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784] "Glary Memory Optimizer"="C:\Program Files\Glary Utilities\memdefrag.exe" [2008-03-05 11:23 92160] "TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [2000-03-09 02:15 90112] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-08-16 09:33 721536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-07-19 07:05 61440] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 10:21 114688] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-02-14 04:18 53248] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 05:51 184320] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768] "PDService.exe"="C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 14:15 40960] "PrepareYourVAIO"="C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe" [2005-01-21 15:36 118784] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 20:17 57393] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 16:48 622592] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 15:58 61440] "VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 20:41 546936] "Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 12:11 176128] "Advanced WindowsCare V2 Personal"="C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" [2007-10-15 01:02 2654392] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-26 16:53 218376] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\Vatthana Lovang\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784] TransBar.lnk - C:\Program Files\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536] UberIcon.lnk - C:\Program Files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224] Y'z Shadow.lnk - C:\Program Files\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [2007-10-08 12:06:50 1085440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2006-09-23 15:24 73728 C:\WINDOWS\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "D:\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"= R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55] R3 fhlppppoe;PPPOE/ADSL miniport;C:\WINDOWS\system32\DRIVERS\fhlpppoe.sys [2002-11-21 17:35] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 04:59] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50] S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 13:06] S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 18:21] S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 10:34] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23] S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-19 10:26:37 C:\WINDOWS\Tasks\GlaryInitialize.job" - C:\Program Files\Glary Utilities\initialize.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-19 12:51:11 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.dll -> C:\Program Files\Vista Inspirat 2\UberIcon\UberIcon.dll . Temps d'accomplissement: 2008-04-19 12:52:06 ComboFix-quarantined-files.txt 2008-04-19 10:51:58 ComboFix2.txt 2008-04-15 19:05:12 ComboFix3.txt 2008-04-14 18:56:46 Pre-Run: 16,405,778,432 octets libres Post-Run: 16,706,064,384 octets libres . 2008-03-13 22:48:14 --- E O F --- Merci encore pour ton aide et encore mille excuses
  3. Je te les posterais ce soir car je suis au bureau en ce moment Encore merci !
  4. Ok thanks pour ces infos.... Il est génial ce site Malekal.com pour une bille comme moi ! Trop top
  5. J'ai demandé à un collègue et il m'a parlé de SpyBot ? Ca te dit quelquechose ?
  6. Comment éviter ces adwares (et c'est quoi au juste ces bébêtes ?) ? Et comment s'en débarasser après ? Dois je télécharger un logiciel ?
  7. Ok ! icon_Super.gif Je tiens vraiment à te remercier pour tous ces conseils et aides que tu me donnes. Je vais suivre tes instructions et je te poste tout ça Petite question : si je comprends bien mon pc est infecté par un virus ? Mais alors à quoi sert Kapersky dans ce cas ? Me conseilles tu un autre antivrus vu que ma licence se termine dans quelques mois ?
  8. Bonjour J'ai effectué le scan comme tu me l'as conseillé. C'est super long, du coup j'ai fait "tourné" toute la nuit mais le hic c'est que c'est resté "bloqué" à 6%. Est ce normal ?
  9. Comme indiqué, voici le rapport de ComboFix : ComboFix 08-04-13.3 - Vatthana Lovang 2008-04-15 20:51:39.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.868 [GMT 2:00] Endroit: C:\Documents and Settings\Vatthana Lovang\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Vatthana Lovang\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\usnsvc.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\usnsvc.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_HASVC -------\Service_hasvc ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))))))) . 2008-04-13 19:37 . 2008-04-13 20:08 <REP> d-------- C:\Program Files\McDonaldsDragons 2008-04-08 22:48 . 2008-04-08 22:48 <REP> d-------- C:\Program Files\ReflexiveArcade 2008-04-06 19:14 . 2008-04-06 19:14 <REP> d-------- C:\Program Files\NeroInstall.bak 2008-04-06 14:27 . 2008-04-06 14:27 <REP> d-------- C:\Program Files\Nero 2008-04-06 14:27 . 2008-04-06 14:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero 2008-04-05 21:26 . 2008-04-14 21:59 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Sony Corporation 2008-04-05 17:14 . 2008-04-05 17:14 <REP> d-------- C:\Documents and Settings\Vatthana Lovang\Application Data\Nero 2008-04-05 16:55 . 2008-04-06 14:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-04-01 21:29 . 2008-04-01 21:31 <REP> d-------- C:\Program Files\K-Lite Codec Pack 2008-04-01 21:29 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-04-01 21:29 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-04-01 21:29 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm 2008-04-01 21:29 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2008-04-01 21:29 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-04-01 21:29 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-04-01 21:29 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml 2008-03-24 21:50 . 2008-03-24 21:51 <REP> d-------- C:\Program Files\TClockEx 2008-03-24 18:54 . 2008-03-24 18:54 <REP> dr-h----- C:\Documents and Settings\Vatthana Lovang\Application Data\SecuROM 2008-03-24 18:54 . 2008-03-24 18:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-03-16 00:17 . 2008-03-16 00:17 <REP> d-------- C:\Documents and Settings\Vatthana Lovang\Application Data\GlarySoft 2008-03-15 23:49 . 2008-03-29 15:00 <REP> d-------- C:\Program Files\Glary Utilities . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-15 19:01 22,876,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-15 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-15 18:59 774,688 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-15 18:57 75,716 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-15 18:57 310,472 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-15 18:57 --------- d-----w C:\Program Files\Prevx2 2008-04-14 21:23 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\NewsBin 2008-04-06 19:40 --------- d-----w C:\Program Files\Java 2008-04-06 19:39 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-04-01 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx 2008-04-01 19:25 --------- d-----w C:\Program Files\VistaCodecPack 2008-03-30 17:23 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\LimeWire 2008-03-30 16:18 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\Sony Corporation 2008-03-24 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-03-15 22:30 --------- d-----w C:\Program Files\Kaspersky Lab 2008-03-15 22:30 --------- d-----w C:\Program Files\Clean Disk Security 2008-03-15 22:30 --------- d-----w C:\Program Files\CCleaner 2008-03-15 22:29 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-15 22:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-03-15 22:29 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\Symantec 2008-03-15 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation 2008-03-13 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-02-18 14:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2008-02-18 14:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2007-02-05 21:02 81,920 ----a-w C:\Documents and Settings\Vatthana Lovang\Application Data\ezpinst.exe 2007-02-05 21:02 47,360 ----a-w C:\Documents and Settings\Vatthana Lovang\Application Data\pcouffin.sys 2006-11-04 13:37 317,248 ----a-w C:\Program Files\dxwebsetup.exe 2004-08-05 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe . ------- Sigcheck ------- 2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-04-14_20.55.09,28 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-14 18:45:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-15 18:58:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-04-15 18:58:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_35c.dat + 2008-04-15 18:59:14 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6d8.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "RocketDock"="C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784] "Glary Memory Optimizer"="C:\Program Files\Glary Utilities\memdefrag.exe" [2008-03-05 11:23 92160] "TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [2000-03-09 02:15 90112] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-08-16 09:33 721536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-07-19 07:05 61440] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 10:21 114688] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-02-14 04:18 53248] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 05:51 184320] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768] "PDService.exe"="C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 14:15 40960] "PrepareYourVAIO"="C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe" [2005-01-21 15:36 118784] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 20:17 57393] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 16:48 622592] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 15:58 61440] "VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 20:41 546936] "Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 12:11 176128] "Advanced WindowsCare V2 Personal"="C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" [2007-10-15 01:02 2654392] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-26 16:53 218376] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2006-09-23 15:24 73728 C:\WINDOWS\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintuh32] wintuh32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywtu] xxyywtu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "D:\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"= R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55] R3 fhlppppoe;PPPOE/ADSL miniport;C:\WINDOWS\system32\DRIVERS\fhlpppoe.sys [2002-11-21 17:35] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 04:59] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50] S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 13:06] S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 18:21] S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 10:34] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23] S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-15 18:58:49 C:\WINDOWS\Tasks\GlaryInitialize.job" - C:\Program Files\Glary Utilities\initialize.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-15 20:59:21 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.dll -> C:\Program Files\Vista Inspirat 2\UberIcon\UberIcon.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Glary Utilities\Integrator.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Prevx2\PXAgent.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\snmp.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe C:\Program Files\Apoint\ApntEx.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe C:\Program Files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\Program Files\Vista Inspirat 2\YzShadow\YzShadow.exe . ************************************************************************** . Temps d'accomplissement: 2008-04-15 21:05:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-15 19:04:32 ComboFix2.txt 2008-04-14 18:56:46 Pre-Run: 16,510,144,512 octets libres Post-Run: 16,403,431,424 octets libres . 2008-03-13 22:48:14 --- E O F --- Je procède maintenant au scan en ligne...
  10. Hello, Voici le rapport du nettoyage de BTFix : BTFix 1.098 (par bibi26) - 15/04/2008 20:03:02 - Nettoyage - Mode normal Lancé depuis D:\Contenu\BTFix\BTFix.exe ---> Fichiers/dossiers supprimés (Première passe) - Fichiers temporaires effacés - C:\Program Files\IntelligentAdvisor\ ---> Nettoyage terminé le 15/04/2008 20:03:12 Voici le rapport du scan : Service load: 0% 100% File: usnsvc.exe Status: INFECTED/MALWARE MD5: d0dfce23a2fe03b4f34b507413cea4a1 Packers detected: - Bit9 reports: High threat detected (more info) Scanner results Scan taken on 15 Apr 2008 18:11:35 (GMT) A-Squared Found Backdoor.Win32.SdBot.aad AntiVir Found WORM/SdBot.118784.38 ArcaVir Found Trojan.Sdbot.Aad Avast Found Win32:IRCBot-ATD AVG Antivirus Found BackDoor.RBot.DP BitDefender Found Backdoor.SdBot.DEZY ClamAV Found Trojan.Downloader.Small-3219 CPsecure Found BackDoor.W32.SdBot.aad Dr.Web Found Win32.HLLW.MyBot.based F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Backdoor.Win32.SdBot.aad Fortinet Found W32/Tilebot.AAD!worm Ikarus Found Backdoor.Win32.SdBot.aad Kaspersky Anti-Virus Found Backdoor.Win32.SdBot.aad NOD32 Found a variant of IRC/SdBot Norman Virus Control Found W32/Malware.BEKW Panda Antivirus Found W32/Sdbot.JEE.worm Sophos Antivirus Found W32/Tilebot-Gen VirusBuster Found Worm.SdBot.Gen.31 VBA32 Found Backdoor.Win32.SdBot.aad Merci
  11. Ok je vais lire le tutorial et vais essayer de lancer une nouvelle fois BTFix et je te posterais le résultat du nettoyage ainsi que le scann Merci !
  12. Bonjour J'ai cliquer sur "nettoyer" et ça m'a fait planté le pc. J'ai rebooté et je ne peux plus utiliser le freeware Btix, j'ai un message du style "il faut décompresser et le placer sur le bureau...", j'ai désinstallé Btix et rien ni fait je ne peux toujours pas l'utiliser. Je vais procéder au scann comme demandé et je te posterai le résultat. En tout cas merci beaucoup pour ton aide
  13. Voici le rapport de BTFIX : BTFix 1.097 (par bibi26) - 14/04/2008 20:30:27 - Analyse Lancé depuis D:\Contenu\BTFix\BTFix.exe ---> Fichiers/Dossiers trouvés - C:\Program Files\IntelligentAdvisor\ - C:\Program Files\FBrowsingAdvisor\ - C:\Program Files\AskTBar\ ---> Analyse terminée le 14/04/2008 20:30:29 Voici celui de combofix : ComboFix 08-04-13.3 - Vatthana Lovang 2008-04-14 20:50:11.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.878 [GMT 2:00] Endroit: C:\Documents and Settings\Vatthana Lovang\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\components . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))))))) . 2008-04-13 19:37 . 2008-04-13 20:08 <REP> d-------- C:\Program Files\McDonaldsDragons 2008-04-08 22:48 . 2008-04-08 22:48 <REP> d-------- C:\Program Files\ReflexiveArcade 2008-04-06 19:14 . 2008-04-06 19:14 <REP> d-------- C:\Program Files\NeroInstall.bak 2008-04-06 14:27 . 2008-04-06 14:27 <REP> d-------- C:\Program Files\Nero 2008-04-06 14:27 . 2008-04-06 14:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero 2008-04-05 21:26 . 2008-04-13 19:39 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Sony Corporation 2008-04-05 21:17 . 2008-04-05 21:16 118,784 -r-hs---- C:\WINDOWS\usnsvc.exe 2008-04-05 17:14 . 2008-04-05 17:14 <REP> d-------- C:\Documents and Settings\Vatthana Lovang\Application Data\Nero 2008-04-05 16:55 . 2008-04-06 14:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-04-01 21:29 . 2008-04-01 21:31 <REP> d-------- C:\Program Files\K-Lite Codec Pack 2008-04-01 21:29 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-04-01 21:29 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-04-01 21:29 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm 2008-04-01 21:29 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2008-04-01 21:29 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-04-01 21:29 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-04-01 21:29 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml 2008-03-24 21:50 . 2008-03-24 21:51 <REP> d-------- C:\Program Files\TClockEx 2008-03-24 18:54 . 2008-03-24 18:54 <REP> dr-h----- C:\Documents and Settings\Vatthana Lovang\Application Data\SecuROM 2008-03-24 18:54 . 2008-03-24 18:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-03-16 00:17 . 2008-03-16 00:17 <REP> d-------- C:\Documents and Settings\Vatthana Lovang\Application Data\GlarySoft 2008-03-15 23:49 . 2008-03-29 15:00 <REP> d-------- C:\Program Files\Glary Utilities . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 18:54 22,781,728 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-14 18:54 --------- d-----w C:\Program Files\Prevx2 2008-04-14 18:53 769,568 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-14 18:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-14 18:44 75,068 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-14 18:44 308,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-14 18:32 --------- d-----w C:\Program Files\IntelligentAdvisor 2008-04-12 20:11 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\NewsBin 2008-04-06 19:40 --------- d-----w C:\Program Files\Java 2008-04-06 19:39 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-04-01 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx 2008-04-01 19:25 --------- d-----w C:\Program Files\VistaCodecPack 2008-03-30 17:23 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\LimeWire 2008-03-30 16:18 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\Sony Corporation 2008-03-24 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-03-15 22:30 --------- d-----w C:\Program Files\Kaspersky Lab 2008-03-15 22:30 --------- d-----w C:\Program Files\Clean Disk Security 2008-03-15 22:30 --------- d-----w C:\Program Files\CCleaner 2008-03-15 22:29 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-15 22:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-03-15 22:29 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\Symantec 2008-03-15 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation 2008-03-13 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-02-18 14:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2008-02-18 14:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-02-05 21:02 81,920 ----a-w C:\Documents and Settings\Vatthana Lovang\Application Data\ezpinst.exe 2007-02-05 21:02 47,360 ----a-w C:\Documents and Settings\Vatthana Lovang\Application Data\pcouffin.sys 2006-11-04 13:37 317,248 ----a-w C:\Program Files\dxwebsetup.exe 2004-08-05 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe . ------- Sigcheck ------- 2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "RocketDock"="C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784] "Glary Memory Optimizer"="C:\Program Files\Glary Utilities\memdefrag.exe" [2008-03-05 11:23 92160] "TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [2000-03-09 02:15 90112] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-08-16 09:33 721536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-07-19 07:05 61440] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 10:21 114688] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-02-14 04:18 53248] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 05:51 184320] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768] "PDService.exe"="C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 14:15 40960] "PrepareYourVAIO"="C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe" [2005-01-21 15:36 118784] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 20:17 57393] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 16:48 622592] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 15:58 61440] "VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 20:41 546936] "Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 12:11 176128] "Advanced WindowsCare V2 Personal"="C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" [2007-10-15 01:02 2654392] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-26 16:53 218376] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\Vatthana Lovang\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784] TransBar.lnk - C:\Program Files\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536] UberIcon.lnk - C:\Program Files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224] Y'z Shadow.lnk - C:\Program Files\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [2007-10-08 12:06:50 1085440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2006-09-23 15:24 73728 C:\WINDOWS\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintuh32] wintuh32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywtu] xxyywtu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "D:\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"= R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07] R2 hasvc;Help and Support Service;"C:\WINDOWS\usnsvc.exe" [2008-04-05 21:16] R3 fhlppppoe;PPPOE/ADSL miniport;C:\WINDOWS\system32\DRIVERS\fhlpppoe.sys [2002-11-21 17:35] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 04:59] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50] S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 18:21] S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 10:34] S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06] *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-14 18:45:20 C:\WINDOWS\Tasks\GlaryInitialize.job" - C:\Program Files\Glary Utilities\initialize.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-14 20:54:45 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-04-14 20:56:43 ComboFix-quarantined-files.txt 2008-04-14 18:56:15 Pre-Run: 16,559,575,040 octets libres Post-Run: 16,540,950,528 octets libres . 2008-03-13 22:48:14 --- E O F --- Merci encore !
  14. Voici le rapport de BTFIX : BTFix 1.097 (par bibi26) - 14/04/2008 20:30:27 - Analyse Lancé depuis D:\Contenu\BTFix\BTFix.exe ---> Fichiers/Dossiers trouvés - C:\Program Files\IntelligentAdvisor\ - C:\Program Files\FBrowsingAdvisor\ - C:\Program Files\AskTBar\ ---> Analyse terminée le 14/04/2008 20:30:29 Voici celui de combofix : ComboFix 08-04-13.3 - Vatthana Lovang 2008-04-14 20:50:11.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.878 [GMT 2:00] Endroit: C:\Documents and Settings\Vatthana Lovang\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\components . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))))))) . 2008-04-13 19:37 . 2008-04-13 20:08 <REP> d-------- C:\Program Files\McDonaldsDragons 2008-04-08 22:48 . 2008-04-08 22:48 <REP> d-------- C:\Program Files\ReflexiveArcade 2008-04-06 19:14 . 2008-04-06 19:14 <REP> d-------- C:\Program Files\NeroInstall.bak 2008-04-06 14:27 . 2008-04-06 14:27 <REP> d-------- C:\Program Files\Nero 2008-04-06 14:27 . 2008-04-06 14:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero 2008-04-05 21:26 . 2008-04-13 19:39 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Sony Corporation 2008-04-05 21:17 . 2008-04-05 21:16 118,784 -r-hs---- C:\WINDOWS\usnsvc.exe 2008-04-05 17:14 . 2008-04-05 17:14 <REP> d-------- C:\Documents and Settings\Vatthana Lovang\Application Data\Nero 2008-04-05 16:55 . 2008-04-06 14:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-04-01 21:29 . 2008-04-01 21:31 <REP> d-------- C:\Program Files\K-Lite Codec Pack 2008-04-01 21:29 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-04-01 21:29 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-04-01 21:29 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm 2008-04-01 21:29 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2008-04-01 21:29 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-04-01 21:29 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-04-01 21:29 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml 2008-03-24 21:50 . 2008-03-24 21:51 <REP> d-------- C:\Program Files\TClockEx 2008-03-24 18:54 . 2008-03-24 18:54 <REP> dr-h----- C:\Documents and Settings\Vatthana Lovang\Application Data\SecuROM 2008-03-24 18:54 . 2008-03-24 18:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-03-16 00:17 . 2008-03-16 00:17 <REP> d-------- C:\Documents and Settings\Vatthana Lovang\Application Data\GlarySoft 2008-03-15 23:49 . 2008-03-29 15:00 <REP> d-------- C:\Program Files\Glary Utilities . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 18:54 22,781,728 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-14 18:54 --------- d-----w C:\Program Files\Prevx2 2008-04-14 18:53 769,568 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-14 18:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-14 18:44 75,068 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-14 18:44 308,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-14 18:32 --------- d-----w C:\Program Files\IntelligentAdvisor 2008-04-12 20:11 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\NewsBin 2008-04-06 19:40 --------- d-----w C:\Program Files\Java 2008-04-06 19:39 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-04-01 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx 2008-04-01 19:25 --------- d-----w C:\Program Files\VistaCodecPack 2008-03-30 17:23 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\LimeWire 2008-03-30 16:18 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\Sony Corporation 2008-03-24 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-03-15 22:30 --------- d-----w C:\Program Files\Kaspersky Lab 2008-03-15 22:30 --------- d-----w C:\Program Files\Clean Disk Security 2008-03-15 22:30 --------- d-----w C:\Program Files\CCleaner 2008-03-15 22:29 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-15 22:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-03-15 22:29 --------- d-----w C:\Documents and Settings\Vatthana Lovang\Application Data\Symantec 2008-03-15 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation 2008-03-13 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-02-18 14:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2008-02-18 14:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-02-05 21:02 81,920 ----a-w C:\Documents and Settings\Vatthana Lovang\Application Data\ezpinst.exe 2007-02-05 21:02 47,360 ----a-w C:\Documents and Settings\Vatthana Lovang\Application Data\pcouffin.sys 2006-11-04 13:37 317,248 ----a-w C:\Program Files\dxwebsetup.exe 2004-08-05 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe . ------- Sigcheck ------- 2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "RocketDock"="C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784] "Glary Memory Optimizer"="C:\Program Files\Glary Utilities\memdefrag.exe" [2008-03-05 11:23 92160] "TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [2000-03-09 02:15 90112] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-08-16 09:33 721536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-07-19 07:05 61440] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 10:21 114688] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-02-14 04:18 53248] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 05:51 184320] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768] "PDService.exe"="C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 14:15 40960] "PrepareYourVAIO"="C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe" [2005-01-21 15:36 118784] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 20:17 57393] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 16:48 622592] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 15:58 61440] "VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 20:41 546936] "Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 12:11 176128] "Advanced WindowsCare V2 Personal"="C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" [2007-10-15 01:02 2654392] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-26 16:53 218376] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\Vatthana Lovang\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784] TransBar.lnk - C:\Program Files\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536] UberIcon.lnk - C:\Program Files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224] Y'z Shadow.lnk - C:\Program Files\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [2007-10-08 12:06:50 1085440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2006-09-23 15:24 73728 C:\WINDOWS\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintuh32] wintuh32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywtu] xxyywtu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "D:\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"= R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07] R2 hasvc;Help and Support Service;"C:\WINDOWS\usnsvc.exe" [2008-04-05 21:16] R3 fhlppppoe;PPPOE/ADSL miniport;C:\WINDOWS\system32\DRIVERS\fhlpppoe.sys [2002-11-21 17:35] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 04:59] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50] S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 18:21] S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 10:34] S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06] *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-14 18:45:20 C:\WINDOWS\Tasks\GlaryInitialize.job" - C:\Program Files\Glary Utilities\initialize.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-14 20:54:45 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-04-14 20:56:43 ComboFix-quarantined-files.txt 2008-04-14 18:56:15 Pre-Run: 16,559,575,040 octets libres Post-Run: 16,540,950,528 octets libres . 2008-03-13 22:48:14 --- E O F --- Merci encore !
  15. Bonjour Angelique Merci beaucoup pour ta réponse rapide, je vais suivre précieusement tes instructions
  16. Bonjour J'ai besoin d'aide très très précieuse de votre part car mon pc rame énormément et le CPU tourne à 100% alorq qu'il n'y a aucun pross d'ouvert. POuvez vous SVP me venir en aide ?? Voici le rapport de HiJackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:07:15, on 13/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Glary Utilities\Integrator.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\usnsvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Prevx2\PXAgent.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Realtek\InstallShield\AzMixerSel.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\Glary Utilities\memdefrag.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe C:\Program Files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\Program Files\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Contenu\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tele2.fr/redirect/welcome/adsl/fra R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe O4 - HKLM\..\Run: [PrepareYourVAIO] C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\Program Files\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\Program Files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\Program Files\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/ O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/a9c40b4d05...fc8460f4_35.exe O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...436342D2D2D.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165524696203 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing) O20 - Winlogon Notify: xxyywtu - xxyywtu.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Help and Support Service (hasvc) - Unknown owner - C:\WINDOWS\usnsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 14621 bytes En vous remerciant de tout coeur de votre coopération et votre aide
  17. Vatt

    CPU 100%

    Hello Ticlou Merci beaucoup pour ton aide et ta réponse rapide, je vais suivre les instructions (précieusement vu que je suis une bille en informatique) Encore merci
  18. Bonjour J'ai besoin d'aide très très précieuse de votre part car mon pc rame énormément et le CPU tourne à 100% alorq qu'il n'y a aucun pross d'ouvert. POuvez vous SVP me venir en aide ?? Voici le rapport de HiJackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:07:15, on 13/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Glary Utilities\Integrator.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\usnsvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Prevx2\PXAgent.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Realtek\InstallShield\AzMixerSel.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\Glary Utilities\memdefrag.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe C:\Program Files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\Program Files\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Contenu\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tele2.fr/redirect/welcome/adsl/fra R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe O4 - HKLM\..\Run: [PrepareYourVAIO] C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\Program Files\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\Program Files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\Program Files\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/ O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/a9c40b4d05...fc8460f4_35.exe O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...436342D2D2D.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165524696203 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing) O20 - Winlogon Notify: xxyywtu - xxyywtu.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Help and Support Service (hasvc) - Unknown owner - C:\WINDOWS\usnsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 14621 bytes En vous remerciant de tout coeur de votre coopération et votre aide
×
×
  • Créer...