Cube

OK merci beaucoup de m'avoir accordé du temps et pour ton aide, j'y serai pas arrivé sans toi. a bientot

Le rapport MBAM Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2551 Windows 5.1.2600 Service Pack 3 (Safe Mode) 26/08/2009 00:07:42 mbam-log-2009-08-26 (00-07-42).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 183271 Temps écoulé: 2 hour(s), 10 minute(s), 5 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Et le rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:35:47, on 26/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_Task.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Glary Utilities\Integrator.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Cub\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'SYSTEM') O4 - .DEFAULT Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user') O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Transfert par Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://el-cub.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126363648660 O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 11148 bytes

Tout a fait merci beaucoup. Je te poste les rapports MBAM et Highjackthis.

ComboFix 09-08-24.06 - Cub 25/08/2009 21:10.9.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.254 [GMT 2:00] Running from: c:\documents and settings\Cub\Bureau\ComboFix.exe Command switches used :: c:\documents and settings\Cub\Bureau\CFscriptCube2.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Pare-feu Online Armor *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\All Users\Application Data\umeg.vbs" "c:\documents and settings\LocalService\Application Data\anage.exe" "c:\documents and settings\LocalService\Application Data\icufegyg.pif" "c:\documents and settings\LocalService\Application Data\qozitizari.dat" "c:\documents and settings\LocalService\Local Settings\Application Data\pylo.vbs" "c:\program files\Fichiers communs\nenad.inf" "c:\program files\lmggrq.txt" "c:\program files\vbtoyak.txt" "c:\windows\awis.vbs" "c:\windows\luhihyp.com" "c:\windows\puwexahi.bat" "c:\windows\system32\omebolyvyq.sys" "c:\windows\system32\wisdstr.VIR" "c:\windows\system32\yreceloru.dat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\banepi.dl c:\documents and settings\All Users\Application Data\umeg.vbs c:\documents and settings\All Users\Application Data\vetarik._dl c:\documents and settings\All Users\Application Data\vudu.ban c:\documents and settings\All Users\Documents\byjeguho.pif c:\documents and settings\All Users\Documents\kelexe.vbs c:\documents and settings\All Users\Documents\ufizoqu.dl c:\documents and settings\All Users\Documents\zinuto.sys c:\documents and settings\Cub\Mes documents\cc_20071224_1859.reg c:\documents and settings\LocalService\Application Data\anage.exe c:\documents and settings\LocalService\Application Data\icufegyg.pif c:\documents and settings\LocalService\Application Data\iricogizu._sy c:\documents and settings\LocalService\Application Data\nuxycobab.inf c:\documents and settings\LocalService\Application Data\qozitizari.dat c:\documents and settings\LocalService\Local Settings\Application Data\pylo.vbs C:\PC_Antispyware2010 c:\pc_antispyware2010\PC_Antispyware2010.lnk c:\pc_antispyware2010\Uninstall.lnk c:\program files\Fichiers communs\nenad.inf c:\program files\lmggrq.txt c:\windows\awis.vbs c:\windows\biwa.ban c:\windows\luhihyp.com c:\windows\puwexahi.bat c:\windows\system32\omebolyvyq.sys c:\windows\system32\wisdstr.VIR c:\windows\system32\yreceloru.dat c:\windows\tugibofyti.dl c:\windows\zikec.inf . ((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 ))))))))))))))))))))))))))))))) . 2009-08-25 19:00 . 2001-08-28 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-25 19:00 . 2001-08-28 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-08-25 11:12 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-25 11:12 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-25 11:12 . 2009-08-25 11:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-24 15:41 . 2009-08-25 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor 2009-08-24 15:41 . 2009-08-24 15:41 -------- d-----w- c:\documents and settings\Cub\Application Data\OnlineArmor 2009-08-24 15:39 . 2009-07-11 03:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys 2009-08-24 15:39 . 2009-07-11 04:04 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys 2009-08-24 15:39 . 2009-07-11 03:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys 2009-08-24 15:39 . 2009-08-24 15:39 -------- d-----w- c:\program files\Tall Emu 2009-08-23 16:01 . 2009-07-13 18:52 380928 ----a-w- c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll 2009-08-19 13:22 . 2009-08-20 09:36 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-19 13:22 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-08-19 13:22 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-08-19 13:22 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\program files\Avira 2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-08-16 11:34 . 2009-08-16 11:34 -------- d-----w- c:\program files\AxBx 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\MSBuild 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\Reference Assemblies 2009-08-16 09:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-16 09:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-16 09:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-16 09:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-16 09:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-16 09:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-16 09:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-15 12:14 . 2009-08-21 13:40 -------- d-----w- c:\windows\temp01 2009-08-13 19:30 . 2009-08-13 19:30 -------- d-----w- c:\documents and settings\LocalService\Bureau 2009-08-13 19:10 . 2009-08-19 13:01 -------- d-----w- c:\program files\Lavasoft 2009-08-13 18:39 . 2009-08-18 12:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-13 18:36 . 2004-08-05 12:00 2944 -c--a-w- c:\windows\system32\dllcache\null.sys 2009-08-13 18:36 . 2004-08-05 12:00 2944 ------w- c:\windows\system32\drivers\null.sys 2009-08-13 17:24 . 2009-08-25 11:13 -------- d-----w- c:\documents and settings\Cub\Application Data\Malwarebytes 2009-08-13 17:23 . 2009-08-25 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-13 10:34 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\vsapi32.dll 2009-08-13 10:34 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\BPMNT.dll 2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tmcomm.sys 2009-08-13 10:34 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ssapi32.dll 2009-08-13 10:33 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tsc.exe 2009-08-13 10:33 . 2009-08-13 10:33 183356 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Uninstaller.exe 2009-08-13 10:33 . 2009-08-13 10:33 61440 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Toolkit.dll 2009-08-13 10:33 . 2009-08-13 10:33 98304 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\getMac.exe 2009-08-13 10:33 . 2009-08-13 10:33 69632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80.dll 2009-08-13 10:33 . 2009-08-13 10:33 626688 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcr80.dll 2009-08-13 10:33 . 2009-08-13 10:33 57344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80u.dll 2009-08-13 10:33 . 2009-08-13 10:33 548864 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcp80.dll 2009-08-13 10:33 . 2009-08-13 10:33 479232 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcm80.dll 2009-08-13 10:33 . 2009-08-13 10:33 1093632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80.dll 2009-08-13 10:33 . 2009-08-13 10:33 1079808 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80u.dll 2009-08-13 10:32 . 2009-08-13 10:32 218736 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\patch.exe 2009-08-13 10:32 . 2009-08-13 10:32 189968 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ciussi32.dll 2009-08-13 10:32 . 2009-08-13 10:32 170512 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\PATCHW32.DLL 2009-08-13 10:32 . 2009-08-13 10:32 1267320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmUpdate.dll 2009-08-13 10:32 . 2009-08-13 10:32 116048 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmEngDrv.dll 2009-08-13 10:32 . 2009-08-13 10:32 832776 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\lea.dll 2009-08-13 10:32 . 2009-08-13 10:32 439560 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\jlea.dll 2009-08-13 10:32 . 2009-08-13 10:32 42320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\dsvout.dll 2009-08-13 10:21 . 2009-08-13 10:49 -------- d-----w- c:\documents and settings\Cub\Application Data\HouseCall 6.6 2009-08-12 20:29 . 2009-08-12 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\documents and settings\Cub\Application Data\SUPERAntiSpyware.com 2009-08-12 20:07 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-02 18:41 . 2008-04-14 00:57 32128 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys 2009-08-02 18:41 . 2008-04-14 00:57 32128 ----a-w- c:\windows\system32\drivers\wceusbsh.sys 2009-08-02 13:21 . 2009-08-20 10:44 -------- d-----w- c:\program files\Championship Manager 01-02 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-24 15:28 . 2005-03-07 09:05 88774 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-24 15:28 . 2005-03-07 09:05 515922 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-20 20:55 . 2005-09-10 13:43 75376 ----a-w- c:\documents and settings\Cub\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 17:58 . 2005-09-10 14:19 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-20 10:46 . 2005-03-08 08:55 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-19 13:09 . 2007-11-05 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-19 13:01 . 2007-11-06 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-18 12:24 . 2008-03-17 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO 2009-08-18 12:24 . 2007-12-06 13:48 -------- d-----w- c:\program files\Yahoo! 2009-08-18 12:20 . 2008-10-08 19:05 -------- d-----w- c:\program files\OpenTTD 2009-08-12 20:10 . 2007-04-22 17:29 -------- d-----w- c:\documents and settings\Cub\Application Data\Azureus 2009-08-10 13:57 . 2007-04-22 17:29 -------- d-----w- c:\program files\Azureus 2009-08-05 09:00 . 2005-03-07 09:05 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:03 . 2005-03-07 09:04 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2005-03-07 09:05 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 12:21 . 2008-09-03 08:25 -------- d-----w- c:\program files\Free FLV Converter 2009-07-08 12:12 . 2005-09-10 14:42 -------- d-----w- c:\program files\eMule 2009-07-03 16:57 . 2005-03-07 09:05 915456 ------w- c:\windows\system32\wininet.dll 2009-07-02 22:42 . 2009-07-02 22:42 52736 ----a-w- c:\windows\ipuninst.exe 2009-06-29 12:11 . 2006-06-22 22:29 -------- d-----w- c:\program files\DOSBox-0.65 2009-06-24 19:02 . 2008-09-03 08:26 299008 ----a-w- c:\windows\system32\TubeFinder.exe 2009-06-16 14:40 . 2005-03-07 09:05 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2005-03-07 09:04 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:44 . 2005-03-07 09:05 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:14 . 2005-03-07 09:04 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2005-03-07 17:17 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2005-03-07 09:05 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2005-03-07 09:05 1297408 ----a-w- c:\windows\system32\quartz.dll 2006-05-06 16:42 . 2006-10-01 08:11 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "Anti-Blaxx Manager"="c:\program files\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 225280] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-07 180269] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-02-21 13783040] "Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-12 113664] Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-01-18 11:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ymetray.lnk] backup=c:\windows\pss\ymetray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "WinampAgent"="c:\program files\Winamp\winampa.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [24/08/2009 17:39 200784] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [24/08/2009 17:39 24656] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [24/08/2009 17:39 29776] R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [12/10/2004 05:47 98304] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 15:22 108289] R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [24/08/2009 17:39 362184] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [12/10/2004 04:40 118784] R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [24/08/2009 17:39 3142344] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [16/06/2007 16:37 19034] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-25 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2008-04-09 20:01] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Transfert par Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm Trusted Zone: sony-europe.com Trusted Zone: sonystyle-europe.com Trusted Zone: vaio-link.com FF - ProfilePath - c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\ FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-25 21:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1982833410-1739476970-98387861-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(560) c:\windows\system32\VESWinlogon.dll - - - - - - - > 'explorer.exe'(3572) c:\program files\Tall Emu\Online Armor\OAwatch.dll c:\program files\MessengerPlus! 3\MsgPlusLoader.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\Sony\VAIO Cooperated Initialisation\VCI_TASK.exe c:\program files\Glary Utilities\Integrator.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe c:\program files\Apoint\ApntEx.exe c:\program files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe c:\program files\Tall Emu\Online Armor\oahlp.exe . ************************************************************************** . Completion time: 2009-08-25 21:36 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-25 19:36 ComboFix2.txt 2009-08-25 18:06 ComboFix3.txt 2009-08-23 15:59 ComboFix4.txt 2009-08-20 21:37 ComboFix5.txt 2009-08-25 19:06 Pre-Run: 11 573 137 408 octets libres Post-Run: 11 532 697 600 octets libres 333 --- E O F --- 2009-08-18 12:20

J'ai installé Online Armor et bloqué les .tmp. Mais je ne pouvais plus lancer Malbyte tant que Online Armor est activé. Je l'ai donc lancé en mode sans échec. Ci dessous les rapports Malbyte, puis Combofix. Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2551 Windows 5.1.2600 Service Pack 3 (Safe Mode) 25/08/2009 19:42:00 mbam-log-2009-08-25 (19-42-00).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 182948 Temps écoulé: 2 hour(s), 10 minute(s), 33 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 9 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. ComboFix 09-08-22.06 - Cub 25/08/2009 19:47.8.1 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.311 [GMT 2:00] Running from: c:\documents and settings\Cub\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Pare-feu Online Armor *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 ))))))))))))))))))))))))))))))) . 2009-08-25 17:42 . 2009-08-25 17:42 61440 ----a-w- c:\windows\system32\drivers\cbjm.sys 2009-08-25 11:12 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-25 11:12 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-25 11:12 . 2009-08-25 11:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-24 15:41 . 2009-08-25 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor 2009-08-24 15:41 . 2009-08-24 15:41 -------- d-----w- c:\documents and settings\Cub\Application Data\OnlineArmor 2009-08-24 15:39 . 2009-07-11 03:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys 2009-08-24 15:39 . 2009-07-11 04:04 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys 2009-08-24 15:39 . 2009-07-11 03:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys 2009-08-24 15:39 . 2009-08-24 15:39 -------- d-----w- c:\program files\Tall Emu 2009-08-23 16:01 . 2009-07-13 18:52 380928 ----a-w- c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll 2009-08-21 13:56 . 2009-08-21 13:56 189791 ----a-w- c:\windows\system32\wisdstr.VIR 2009-08-20 21:37 . 2009-08-20 21:37 19196 ----a-w- c:\windows\luhihyp.com 2009-08-20 21:37 . 2009-08-20 21:37 19915 ----a-w- c:\documents and settings\LocalService\Application Data\icufegyg.pif 2009-08-20 21:37 . 2009-08-20 21:37 19179 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\pylo.vbs 2009-08-20 21:37 . 2009-08-20 21:37 12738 ----a-w- c:\windows\system32\yreceloru.dat 2009-08-20 21:37 . 2009-08-20 21:37 12695 ----a-w- c:\windows\awis.vbs 2009-08-20 21:37 . 2009-08-20 21:37 12532 ----a-w- c:\windows\puwexahi.bat 2009-08-20 21:37 . 2009-08-20 21:37 12059 ----a-w- c:\windows\system32\omebolyvyq.sys 2009-08-20 21:37 . 2009-08-20 21:37 11794 ----a-w- c:\documents and settings\LocalService\Application Data\anage.exe 2009-08-20 21:36 . 2009-08-20 21:36 -------- d-----w- C:\PC_Antispyware2010 2009-08-19 13:22 . 2009-08-20 09:36 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-19 13:22 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-08-19 13:22 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-08-19 13:22 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\program files\Avira 2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-08-16 11:34 . 2009-08-16 11:34 -------- d-----w- c:\program files\AxBx 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\MSBuild 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\Reference Assemblies 2009-08-16 09:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-16 09:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-16 09:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-16 09:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-16 09:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-16 09:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-16 09:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-15 12:14 . 2009-08-21 13:40 -------- d-----w- c:\windows\temp01 2009-08-13 19:30 . 2009-08-13 19:30 -------- d-----w- c:\documents and settings\LocalService\Bureau 2009-08-13 19:10 . 2009-08-19 13:01 -------- d-----w- c:\program files\Lavasoft 2009-08-13 18:39 . 2009-08-18 12:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-13 18:36 . 2004-08-05 12:00 2944 -c--a-w- c:\windows\system32\dllcache\null.sys 2009-08-13 18:36 . 2004-08-05 12:00 2944 ------w- c:\windows\system32\drivers\null.sys 2009-08-13 17:24 . 2009-08-25 11:13 -------- d-----w- c:\documents and settings\Cub\Application Data\Malwarebytes 2009-08-13 17:23 . 2009-08-25 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-13 10:34 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\vsapi32.dll 2009-08-13 10:34 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\BPMNT.dll 2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tmcomm.sys 2009-08-13 10:34 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ssapi32.dll 2009-08-13 10:33 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tsc.exe 2009-08-13 10:33 . 2009-08-13 10:33 183356 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Uninstaller.exe 2009-08-13 10:33 . 2009-08-13 10:33 61440 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Toolkit.dll 2009-08-13 10:33 . 2009-08-13 10:33 98304 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\getMac.exe 2009-08-13 10:33 . 2009-08-13 10:33 69632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80.dll 2009-08-13 10:33 . 2009-08-13 10:33 626688 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcr80.dll 2009-08-13 10:33 . 2009-08-13 10:33 57344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80u.dll 2009-08-13 10:33 . 2009-08-13 10:33 548864 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcp80.dll 2009-08-13 10:33 . 2009-08-13 10:33 479232 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcm80.dll 2009-08-13 10:33 . 2009-08-13 10:33 1093632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80.dll 2009-08-13 10:33 . 2009-08-13 10:33 1079808 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80u.dll 2009-08-13 10:32 . 2009-08-13 10:32 218736 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\patch.exe 2009-08-13 10:32 . 2009-08-13 10:32 189968 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ciussi32.dll 2009-08-13 10:32 . 2009-08-13 10:32 170512 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\PATCHW32.DLL 2009-08-13 10:32 . 2009-08-13 10:32 1267320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmUpdate.dll 2009-08-13 10:32 . 2009-08-13 10:32 116048 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmEngDrv.dll 2009-08-13 10:32 . 2009-08-13 10:32 832776 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\lea.dll 2009-08-13 10:32 . 2009-08-13 10:32 439560 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\jlea.dll 2009-08-13 10:32 . 2009-08-13 10:32 42320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\dsvout.dll 2009-08-13 10:21 . 2009-08-13 10:49 -------- d-----w- c:\documents and settings\Cub\Application Data\HouseCall 6.6 2009-08-12 20:29 . 2009-08-12 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\documents and settings\Cub\Application Data\SUPERAntiSpyware.com 2009-08-12 20:07 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-02 18:41 . 2008-04-14 00:57 32128 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys 2009-08-02 18:41 . 2008-04-14 00:57 32128 ----a-w- c:\windows\system32\drivers\wceusbsh.sys 2009-08-02 13:21 . 2009-08-20 10:44 -------- d-----w- c:\program files\Championship Manager 01-02 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-25 17:42 . 2009-08-25 17:42 968 ----a-w- c:\program files\vbtoyak.txt 2009-08-25 11:22 . 2008-04-13 19:15 626336 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-24 15:28 . 2005-03-07 09:05 88774 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-24 15:28 . 2005-03-07 09:05 515922 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-20 21:37 . 2009-08-20 21:37 17695 ----a-w- c:\program files\Fichiers communs\nenad.inf 2009-08-20 21:37 . 2009-08-20 21:37 16226 ----a-w- c:\documents and settings\LocalService\Application Data\qozitizari.dat 2009-08-20 21:37 . 2009-08-20 21:37 12435 ----a-w- c:\documents and settings\All Users\Application Data\umeg.vbs 2009-08-20 20:55 . 2005-09-10 13:43 75376 ----a-w- c:\documents and settings\Cub\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 17:58 . 2005-09-10 14:19 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-20 10:46 . 2005-03-08 08:55 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-19 13:09 . 2007-11-05 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-19 13:01 . 2007-11-06 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-18 12:24 . 2008-03-17 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO 2009-08-18 12:24 . 2007-12-06 13:48 -------- d-----w- c:\program files\Yahoo! 2009-08-18 12:20 . 2008-10-08 19:05 -------- d-----w- c:\program files\OpenTTD 2009-08-17 18:00 . 2009-08-17 18:00 2048 ----a-w- c:\program files\lmggrq.txt 2009-08-12 20:10 . 2007-04-22 17:29 -------- d-----w- c:\documents and settings\Cub\Application Data\Azureus 2009-08-10 13:57 . 2007-04-22 17:29 -------- d-----w- c:\program files\Azureus 2009-08-05 09:00 . 2005-03-07 09:05 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:03 . 2005-03-07 09:04 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2005-03-07 09:05 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 12:21 . 2008-09-03 08:25 -------- d-----w- c:\program files\Free FLV Converter 2009-07-08 12:12 . 2005-09-10 14:42 -------- d-----w- c:\program files\eMule 2009-07-03 16:57 . 2005-03-07 09:05 915456 ------w- c:\windows\system32\wininet.dll 2009-07-02 22:42 . 2009-07-02 22:42 52736 ----a-w- c:\windows\ipuninst.exe 2009-06-29 12:11 . 2006-06-22 22:29 -------- d-----w- c:\program files\DOSBox-0.65 2009-06-24 19:02 . 2008-09-03 08:26 299008 ----a-w- c:\windows\system32\TubeFinder.exe 2009-06-16 14:40 . 2005-03-07 09:05 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2005-03-07 09:04 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:44 . 2005-03-07 09:05 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:14 . 2005-03-07 09:04 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2005-03-07 17:17 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2005-03-07 09:05 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2005-03-07 09:05 1297408 ----a-w- c:\windows\system32\quartz.dll 2006-05-06 16:42 . 2006-10-01 08:11 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll . ------- Sigcheck ------- [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys [7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\I386\NTFS.SYS [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2009-08-25 11:22 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-25 11:22 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\system32\drivers\ntfs.sys c:\windows\system32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((( SnapShot_2009-08-20_21.28.46 ))))))))))))))))))))))))))))))))))))))))) . + 2005-03-07 09:05 . 2009-08-24 15:28 72962 c:\windows\system32\perfc009.dat + 2005-03-07 09:05 . 2009-08-24 15:28 444234 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "Anti-Blaxx Manager"="c:\program files\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 225280] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-07 180269] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-02-21 13783040] "Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-12 113664] Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-01-18 11:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ymetray.lnk] backup=c:\windows\pss\ymetray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "WinampAgent"="c:\program files\Winamp\winampa.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [24/08/2009 17:39 200784] S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [24/08/2009 17:39 24656] S1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [24/08/2009 17:39 29776] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [12/10/2004 05:47 98304] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 15:22 108289] S2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [24/08/2009 17:39 362184] S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [12/10/2004 04:40 118784] S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [24/08/2009 17:39 3142344] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [16/06/2007 16:37 19034] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-25 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2008-04-09 20:01] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Transfert par Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm Trusted Zone: sony-europe.com Trusted Zone: sonystyle-europe.com Trusted Zone: vaio-link.com FF - ProfilePath - c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\ FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-25 19:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1982833410-1739476970-98387861-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(236) c:\windows\system32\VESWinlogon.dll . Completion time: 2009-08-25 20:06 ComboFix-quarantined-files.txt 2009-08-25 18:05 ComboFix2.txt 2009-08-23 15:59 ComboFix3.txt 2009-08-20 21:37 ComboFix4.txt 2009-08-20 10:03 Pre-Run: 11 550 556 160 octets libres Post-Run: 11 575 787 520 octets libres 285 --- E O F --- 2009-08-18 12:20

Et le rapport Combofix: ComboFix 09-08-22.06 - Cub 23/08/2009 17:37.7.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.225 [GMT 2:00] Running from: c:\documents and settings\Cub\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\tygojucih.scr c:\windows\pequnihe.dll c:\windows\system32\Drivers\snaekli.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ncqilooh ((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 ))))))))))))))))))))))))))))))) . 2009-08-23 15:51 . 2009-08-23 15:51 0 ----a-w- c:\windows\system32\wisdstr.exe 2009-08-23 15:51 . 2009-08-23 15:51 11264 ----a-w- c:\windows\system32\braviax.exe 2009-08-21 13:56 . 2009-08-21 13:56 189791 ----a-w- c:\windows\system32\wisdstr.VIR 2009-08-20 21:37 . 2009-08-20 21:37 19196 ----a-w- c:\windows\luhihyp.com 2009-08-20 21:37 . 2009-08-20 21:37 19915 ----a-w- c:\documents and settings\LocalService\Application Data\icufegyg.pif 2009-08-20 21:37 . 2009-08-20 21:37 19179 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\pylo.vbs 2009-08-20 21:37 . 2009-08-20 21:37 12738 ----a-w- c:\windows\system32\yreceloru.dat 2009-08-20 21:37 . 2009-08-20 21:37 12695 ----a-w- c:\windows\awis.vbs 2009-08-20 21:37 . 2009-08-20 21:37 12532 ----a-w- c:\windows\puwexahi.bat 2009-08-20 21:37 . 2009-08-20 21:37 12059 ----a-w- c:\windows\system32\omebolyvyq.sys 2009-08-20 21:37 . 2009-08-20 21:37 11794 ----a-w- c:\documents and settings\LocalService\Application Data\anage.exe 2009-08-20 21:36 . 2009-08-20 21:36 -------- d-----w- C:\PC_Antispyware2010 2009-08-19 14:24 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-19 14:24 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-19 14:24 . 2009-08-19 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-19 13:22 . 2009-08-20 09:36 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-19 13:22 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-08-19 13:22 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-08-19 13:22 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\program files\Avira 2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-08-16 11:34 . 2009-08-16 11:34 -------- d-----w- c:\program files\AxBx 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\MSBuild 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\Reference Assemblies 2009-08-16 09:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-16 09:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-16 09:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-16 09:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-16 09:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-16 09:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-16 09:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-15 12:14 . 2009-08-21 13:40 -------- d-----w- c:\windows\temp01 2009-08-13 19:30 . 2009-08-13 19:30 -------- d-----w- c:\documents and settings\LocalService\Bureau 2009-08-13 19:10 . 2009-08-19 13:01 -------- d-----w- c:\program files\Lavasoft 2009-08-13 18:39 . 2009-08-18 12:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-13 18:36 . 2004-08-05 12:00 2944 -c--a-w- c:\windows\system32\dllcache\null.sys 2009-08-13 18:36 . 2004-08-05 12:00 2944 ----a-w- c:\windows\system32\drivers\null.sys 2009-08-13 17:24 . 2009-08-13 17:24 -------- d-----w- c:\documents and settings\Cub\Application Data\Malwarebytes 2009-08-13 17:23 . 2009-08-13 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-13 10:34 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\vsapi32.dll 2009-08-13 10:34 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\BPMNT.dll 2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tmcomm.sys 2009-08-13 10:34 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ssapi32.dll 2009-08-13 10:33 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tsc.exe 2009-08-13 10:33 . 2009-08-13 10:33 183356 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Uninstaller.exe 2009-08-13 10:33 . 2009-08-13 10:33 61440 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Toolkit.dll 2009-08-13 10:33 . 2009-08-13 10:33 98304 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\getMac.exe 2009-08-13 10:33 . 2009-08-13 10:33 69632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80.dll 2009-08-13 10:33 . 2009-08-13 10:33 626688 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcr80.dll 2009-08-13 10:33 . 2009-08-13 10:33 57344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80u.dll 2009-08-13 10:33 . 2009-08-13 10:33 548864 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcp80.dll 2009-08-13 10:33 . 2009-08-13 10:33 479232 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcm80.dll 2009-08-13 10:33 . 2009-08-13 10:33 1093632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80.dll 2009-08-13 10:33 . 2009-08-13 10:33 1079808 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80u.dll 2009-08-13 10:32 . 2009-08-13 10:32 218736 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\patch.exe 2009-08-13 10:32 . 2009-08-13 10:32 189968 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ciussi32.dll 2009-08-13 10:32 . 2009-08-13 10:32 170512 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\PATCHW32.DLL 2009-08-13 10:32 . 2009-08-13 10:32 1267320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmUpdate.dll 2009-08-13 10:32 . 2009-08-13 10:32 116048 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmEngDrv.dll 2009-08-13 10:32 . 2009-08-13 10:32 832776 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\lea.dll 2009-08-13 10:32 . 2009-08-13 10:32 439560 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\jlea.dll 2009-08-13 10:32 . 2009-08-13 10:32 42320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\dsvout.dll 2009-08-13 10:21 . 2009-08-13 10:49 -------- d-----w- c:\documents and settings\Cub\Application Data\HouseCall 6.6 2009-08-12 20:29 . 2009-08-12 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\documents and settings\Cub\Application Data\SUPERAntiSpyware.com 2009-08-12 20:07 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-02 18:41 . 2008-04-14 00:57 32128 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys 2009-08-02 18:41 . 2008-04-14 00:57 32128 ----a-w- c:\windows\system32\drivers\wceusbsh.sys 2009-08-02 13:21 . 2009-08-20 10:44 -------- d-----w- c:\program files\Championship Manager 01-02 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-23 15:51 . 2008-04-13 19:15 626336 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-20 21:37 . 2009-08-20 21:37 17695 ----a-w- c:\program files\Fichiers communs\nenad.inf 2009-08-20 21:37 . 2009-08-20 21:37 16226 ----a-w- c:\documents and settings\LocalService\Application Data\qozitizari.dat 2009-08-20 21:37 . 2009-08-20 21:37 12435 ----a-w- c:\documents and settings\All Users\Application Data\umeg.vbs 2009-08-20 20:55 . 2005-09-10 13:43 75376 ----a-w- c:\documents and settings\Cub\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 17:58 . 2005-09-10 14:19 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-20 10:46 . 2005-03-08 08:55 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-19 13:09 . 2007-11-05 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-19 13:01 . 2007-11-06 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-18 12:24 . 2008-03-17 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO 2009-08-18 12:24 . 2007-12-06 13:48 -------- d-----w- c:\program files\Yahoo! 2009-08-18 12:20 . 2008-10-08 19:05 -------- d-----w- c:\program files\OpenTTD 2009-08-17 18:00 . 2009-08-17 18:00 2048 ----a-w- c:\program files\lmggrq.txt 2009-08-17 16:05 . 2005-03-07 09:05 91524 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-17 16:05 . 2005-03-07 09:05 522440 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-12 20:10 . 2007-04-22 17:29 -------- d-----w- c:\documents and settings\Cub\Application Data\Azureus 2009-08-10 13:57 . 2007-04-22 17:29 -------- d-----w- c:\program files\Azureus 2009-08-05 09:00 . 2005-03-07 09:05 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:03 . 2005-03-07 09:04 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2005-03-07 09:05 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 12:21 . 2008-09-03 08:25 -------- d-----w- c:\program files\Free FLV Converter 2009-07-08 12:12 . 2005-09-10 14:42 -------- d-----w- c:\program files\eMule 2009-07-03 16:57 . 2005-03-07 09:05 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-02 22:42 . 2009-07-02 22:42 52736 ----a-w- c:\windows\ipuninst.exe 2009-06-29 12:11 . 2006-06-22 22:29 -------- d-----w- c:\program files\DOSBox-0.65 2009-06-24 19:02 . 2008-09-03 08:26 299008 ----a-w- c:\windows\system32\TubeFinder.exe 2009-06-16 14:40 . 2005-03-07 09:05 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2005-03-07 09:04 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:44 . 2005-03-07 09:05 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:14 . 2005-03-07 09:04 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2005-03-07 17:17 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2005-03-07 09:05 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2005-03-07 09:05 1297408 ----a-w- c:\windows\system32\quartz.dll 2006-05-06 16:42 . 2006-10-01 08:11 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll . ------- Sigcheck ------- [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys [7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\I386\NTFS.SYS [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2009-08-23 15:51 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-23 15:51 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\system32\drivers\ntfs.sys c:\windows\system32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "Anti-Blaxx Manager"="c:\program files\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 225280] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-07 180269] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Regedit32"="c:\windows\system32\regedit.exe" [bU] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-02-21 13783040] "Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-12 113664] Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-01-18 11:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ymetray.lnk] backup=c:\windows\pss\ymetray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "WinampAgent"="c:\program files\Winamp\winampa.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [12/10/2004 05:47 98304] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 15:22 108289] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [12/10/2004 04:40 118784] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [16/06/2007 16:37 19034] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-23 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2008-04-09 20:01] . - - - - ORPHANS REMOVED - - - - HKLM-Run-braviax - (no file) HKU-Default-Run-braviax - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Transfert par Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm Trusted Zone: sony-europe.com Trusted Zone: sonystyle-europe.com Trusted Zone: vaio-link.com FF - ProfilePath - c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\ FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-23 17:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\wisdstr.exe 190730 bytes executable c:\windows\system32\braviax.exe 11264 bytes executable scan completed successfully hidden files: 2 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1982833410-1739476970-98387861-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(904) c:\windows\system32\VESWinlogon.dll - - - - - - - > 'explorer.exe'(7740) c:\program files\MessengerPlus! 3\MsgPlusLoader.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\eappprxy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Glary Utilities\Integrator.exe c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe c:\program files\Apoint\ApntEx.exe c:\program files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe c:\windows\system32\wscntfy.exe c:\windows\system32\braviax.exe . ************************************************************************** . Completion time: 2009-08-23 17:59 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-23 15:59 ComboFix2.txt 2009-08-20 21:37 ComboFix3.txt 2009-08-20 10:03 Pre-Run: 11 793 776 640 octets libres Post-Run: 11 755 773 952 octets libres 315 --- E O F --- 2009-08-18 12:20

Bonjour, Voici le nouveau rapport Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2669 Windows 5.1.2600 Service Pack 3 23/08/2009 17:32:22 mbam-log-2009-08-23 (17-32-22).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 184886 Temps écoulé: 1 hour(s), 18 minute(s), 53 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 20 Processus mémoire infecté(s): C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\20ABQ64W\Install[1].exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1027\A0335897.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1027\A0335898.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1027\A0335901.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1027\snapshot\MFEX-1.DAT (Trojan.KillAV) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\TEMP\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\TEMP\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

Le rapport MBAM Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2669 Windows 5.1.2600 Service Pack 3 21/08/2009 15:40:31 mbam-log-2009-08-21 (15-40-31).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 184963 Temps écoulé: 44 minute(s), 21 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 3 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 44 Processus mémoire infecté(s): C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Unloaded process successfully. Module(s) mémoire infecté(s): C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Delete on reboot. C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Delete on reboot. C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc antispyware 2010 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\htmlayout.dll.vir (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe.vir (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\Uninstall.exe.vir (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\wscui.cpl.vir (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1019\A0304576.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1019\A0303514.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1020\A0316087.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1023\A0319798.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1023\A0320056.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1026\A0334882.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1026\A0334914.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1026\A0335883.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1026\A0335889.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1026\A0335890.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1021\A0316318.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\temp01\_scui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully. C:\WINDOWS\temp01\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp01\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\temp01\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\TEMP\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\TEMP\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully. C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Le rapport Combofix ComboFix 09-08-19.0C - Cub 20/08/2009 23:14.6.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.282 [GMT 2:00] Running from: c:\documents and settings\Cub\Bureau\ComboFix.exe Command switches used :: c:\documents and settings\Cub\Bureau\CFscriptcube.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: avast! antivirus 4.8.1335 [VPS 090820-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\All Users\Application Data\hyzaxi.dat" "c:\documents and settings\All Users\Application Data\okumeco.dat" "c:\documents and settings\LocalService\Application Data\hexifa.vbs" "c:\documents and settings\LocalService\Local Settings\Application Data\idegasuba.pif" "c:\documents and settings\LocalService\Local Settings\Application Data\ketufat.sys" "c:\program files\Fichiers communs\qabemalo.exe" "c:\program files\Fichiers communs\tulymi.vbs" "c:\program files\Fichiers communs\vexido.dl" "c:\program files\Fichiers communs\vupexaf.dl" "c:\windows\fyju.dat" "c:\windows\rts.exe" "c:\windows\sazocewyw.bin" "c:\windows\system32\drivers\xagnnt07j31.sys" "c:\windows\system32\qofy.dat" "c:\windows\syxu.scr" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\hyzaxi.dat c:\documents and settings\All Users\Application Data\okumeco.dat c:\documents and settings\LocalService\Application Data\hexifa.vbs c:\documents and settings\LocalService\Local Settings\Application Data\idegasuba.pif c:\documents and settings\LocalService\Local Settings\Application Data\ketufat.sys c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd c:\PC_Antispyware2010 c:\pc_antispyware2010\PC_Antispyware2010.lnk c:\pc_antispyware2010\Uninstall.lnk c:\program files\Fichiers communs\qabemalo.exe c:\program files\Fichiers communs\tulymi.vbs c:\program files\Fichiers communs\vexido.dl c:\program files\Fichiers communs\vupexaf.dl c:\windows\fyju.dat c:\windows\Installer\192c52a.msi c:\windows\rts.exe c:\windows\sazocewyw.bin c:\windows\system32\braviax.exe c:\windows\system32\drivers\xagnnt07j31.sys c:\windows\system32\qofy.dat c:\windows\syxu.scr . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_XAGNNT07J31 -------\Service_soqwx32 -------\Service_xagnnt07j31 ((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 ))))))))))))))))))))))))))))))) . 2009-08-20 21:30 . 2009-08-20 21:30 11264 ----a-w- c:\windows\system32\braviax.exe 2009-08-20 21:30 . 2009-08-20 21:27 29184 ----a-w- c:\windows\system32\drivers\beep.sys 2009-08-20 21:30 . 2009-08-20 21:27 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-20 21:27 . 2009-08-20 21:27 29184 -c--a-w- c:\windows\system32\dllcache\figaro.sys 2009-08-19 14:24 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-19 14:24 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-19 14:24 . 2009-08-19 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-19 13:22 . 2009-08-20 09:36 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-19 13:22 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-08-19 13:22 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-08-19 13:22 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\program files\Avira 2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-08-16 11:34 . 2009-08-16 11:34 -------- d-----w- c:\program files\AxBx 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\MSBuild 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\Reference Assemblies 2009-08-16 09:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-16 09:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-16 09:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-16 09:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-16 09:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-16 09:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-16 09:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-15 12:14 . 2009-08-20 21:23 -------- d-----w- c:\windows\temp01 2009-08-13 19:30 . 2009-08-13 19:30 -------- d-----w- c:\documents and settings\LocalService\Bureau 2009-08-13 19:10 . 2009-08-19 13:01 -------- d-----w- c:\program files\Lavasoft 2009-08-13 18:39 . 2009-08-18 12:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-13 18:36 . 2004-08-05 12:00 2944 -c--a-w- c:\windows\system32\dllcache\null.sys 2009-08-13 18:36 . 2004-08-05 12:00 2944 ----a-w- c:\windows\system32\drivers\null.sys 2009-08-13 17:24 . 2009-08-13 17:24 -------- d-----w- c:\documents and settings\Cub\Application Data\Malwarebytes 2009-08-13 17:23 . 2009-08-13 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-13 10:34 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\vsapi32.dll 2009-08-13 10:34 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\BPMNT.dll 2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tmcomm.sys 2009-08-13 10:34 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ssapi32.dll 2009-08-13 10:33 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tsc.exe 2009-08-13 10:33 . 2009-08-13 10:33 183356 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Uninstaller.exe 2009-08-13 10:33 . 2009-08-13 10:33 61440 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Toolkit.dll 2009-08-13 10:33 . 2009-08-13 10:33 98304 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\getMac.exe 2009-08-13 10:33 . 2009-08-13 10:33 69632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80.dll 2009-08-13 10:33 . 2009-08-13 10:33 626688 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcr80.dll 2009-08-13 10:33 . 2009-08-13 10:33 57344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80u.dll 2009-08-13 10:33 . 2009-08-13 10:33 548864 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcp80.dll 2009-08-13 10:33 . 2009-08-13 10:33 479232 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcm80.dll 2009-08-13 10:33 . 2009-08-13 10:33 1093632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80.dll 2009-08-13 10:33 . 2009-08-13 10:33 1079808 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80u.dll 2009-08-13 10:32 . 2009-08-13 10:32 218736 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\patch.exe 2009-08-13 10:32 . 2009-08-13 10:32 189968 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ciussi32.dll 2009-08-13 10:32 . 2009-08-13 10:32 170512 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\PATCHW32.DLL 2009-08-13 10:32 . 2009-08-13 10:32 1267320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmUpdate.dll 2009-08-13 10:32 . 2009-08-13 10:32 116048 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmEngDrv.dll 2009-08-13 10:32 . 2009-08-13 10:32 832776 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\lea.dll 2009-08-13 10:32 . 2009-08-13 10:32 439560 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\jlea.dll 2009-08-13 10:32 . 2009-08-13 10:32 42320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\dsvout.dll 2009-08-13 10:21 . 2009-08-13 10:49 -------- d-----w- c:\documents and settings\Cub\Application Data\HouseCall 6.6 2009-08-12 20:29 . 2009-08-12 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\documents and settings\Cub\Application Data\SUPERAntiSpyware.com 2009-08-12 20:07 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-02 18:41 . 2008-04-14 00:57 32128 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys 2009-08-02 18:41 . 2008-04-14 00:57 32128 ----a-w- c:\windows\system32\drivers\wceusbsh.sys 2009-08-02 13:21 . 2009-08-20 10:44 -------- d-----w- c:\program files\Championship Manager 01-02 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-20 21:30 . 2009-08-20 21:30 190539 ----a-w- c:\windows\system32\wisdstr.exe 2009-08-20 20:55 . 2005-09-10 13:43 75376 ----a-w- c:\documents and settings\Cub\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 17:58 . 2005-09-10 14:19 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-20 10:46 . 2005-03-08 08:55 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-19 13:09 . 2007-11-05 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-19 13:01 . 2007-11-06 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-18 12:24 . 2008-03-17 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO 2009-08-18 12:24 . 2007-12-06 13:48 -------- d-----w- c:\program files\Yahoo! 2009-08-18 12:20 . 2008-10-08 19:05 -------- d-----w- c:\program files\OpenTTD 2009-08-17 19:03 . 2008-04-13 19:15 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-17 18:00 . 2009-08-17 18:00 2048 ----a-w- c:\program files\lmggrq.txt 2009-08-17 16:05 . 2005-03-07 09:05 91524 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-17 16:05 . 2005-03-07 09:05 522440 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-12 20:10 . 2007-04-22 17:29 -------- d-----w- c:\documents and settings\Cub\Application Data\Azureus 2009-08-10 13:57 . 2007-04-22 17:29 -------- d-----w- c:\program files\Azureus 2009-08-05 09:00 . 2005-03-07 09:05 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:03 . 2005-03-07 09:04 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2005-03-07 09:05 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 12:21 . 2008-09-03 08:25 -------- d-----w- c:\program files\Free FLV Converter 2009-07-08 12:12 . 2005-09-10 14:42 -------- d-----w- c:\program files\eMule 2009-07-03 16:57 . 2005-03-07 09:05 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-02 22:42 . 2009-07-02 22:42 52736 ----a-w- c:\windows\ipuninst.exe 2009-06-29 12:11 . 2006-06-22 22:29 -------- d-----w- c:\program files\DOSBox-0.65 2009-06-24 19:02 . 2008-09-03 08:26 299008 ----a-w- c:\windows\system32\TubeFinder.exe 2009-06-16 14:40 . 2005-03-07 09:05 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2005-03-07 09:04 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:44 . 2005-03-07 09:05 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:14 . 2005-03-07 09:04 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2005-03-07 17:17 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2005-03-07 09:05 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2005-03-07 09:05 1297408 ----a-w- c:\windows\system32\quartz.dll 2006-05-06 16:42 . 2006-10-01 08:11 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll . ------- Sigcheck ------- [-] 2009-08-20 21:27 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\system32\dllcache\beep.sys [-] 2009-08-20 21:27 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\system32\drivers\beep.sys [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys [7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\I386\NTFS.SYS [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-17 19:03 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((( SnapShot@2009-08-20_09.58.39 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-20 11:43 . 2009-08-20 11:43 12800 c:\windows\temp01\xpshims.dll + 2009-08-20 10:16 . 2009-08-20 10:16 68096 c:\windows\temp01\xpcom_compat.dll + 2009-08-20 11:41 . 2009-08-20 11:41 12288 c:\windows\temp01\xpcom.dll + 2009-08-20 20:50 . 2009-08-20 20:50 36352 c:\windows\temp01\wups2.dll + 2009-08-20 20:54 . 2009-08-20 20:54 44032 c:\windows\temp01\wuauclt.exe + 2009-08-20 10:41 . 2009-08-20 10:41 99840 c:\windows\temp01\wmpshell.dll + 2009-08-20 20:50 . 2009-08-20 20:50 77824 c:\windows\temp01\VESSemiPnP.dll + 2009-08-20 10:08 . 2009-08-20 10:08 26368 c:\windows\temp01\USBSTOR.SYS + 2009-08-20 10:09 . 2009-08-20 10:09 50688 c:\windows\temp01\twain_32.dll + 2009-08-20 10:08 . 2009-08-20 10:08 98304 c:\windows\temp01\Track2Filter.dll + 2009-08-20 10:08 . 2009-08-20 10:08 98304 c:\windows\temp01\Track1Filter.dll + 2009-08-20 10:16 . 2009-08-20 10:16 40960 c:\windows\temp01\spellchk.dll + 2009-08-20 18:08 . 2009-08-20 18:08 22016 c:\windows\temp01\sclgntfy.dll + 2009-08-20 20:50 . 2009-08-20 20:50 29696 c:\windows\temp01\reader_sl.exe + 2009-08-20 10:08 . 2009-08-20 10:08 73728 c:\windows\temp01\PtPlatform.dll + 2009-08-20 10:04 . 2009-08-20 10:04 17408 c:\windows\temp01\powrprof.dll + 2009-08-20 10:09 . 2009-08-20 10:09 57344 c:\windows\temp01\Plugin.dll + 2009-08-20 10:16 . 2009-08-20 10:16 24576 c:\windows\temp01\plds4.dll + 2009-08-20 10:16 . 2009-08-20 10:16 28672 c:\windows\temp01\plc4.dll + 2009-08-20 20:50 . 2009-08-20 20:50 65536 c:\windows\temp01\OSA9.EXE + 2009-08-20 10:08 . 2009-08-20 10:08 65536 c:\windows\temp01\OperaMgr.dll + 2009-08-20 10:09 . 2009-08-20 10:09 98304 c:\windows\temp01\odbcint.dll + 2009-08-20 10:44 . 2009-08-20 10:44 32768 c:\windows\temp01\objpscnv.dll + 2009-08-20 11:41 . 2009-08-20 11:41 81920 c:\windows\temp01\nssutil3.dll + 2009-08-20 11:43 . 2009-08-20 11:43 98304 c:\windows\temp01\nssdbm3.dll + 2009-08-20 10:16 . 2009-08-20 10:16 24576 c:\windows\temp01\nsldappr32v50.dll + 2009-08-20 11:45 . 2009-08-20 11:45 59904 c:\windows\temp01\npnul32.dll + 2009-08-20 10:03 . 2009-08-20 10:03 70656 c:\windows\temp01\notepad.exe + 2009-08-20 10:16 . 2009-08-20 10:16 29184 c:\windows\temp01\myspell.dll + 2009-08-20 10:42 . 2009-08-20 10:42 91648 c:\windows\temp01\mydocs.dll + 2009-08-20 18:06 . 2009-08-20 18:06 29696 c:\windows\temp01\mspatcha.dll + 2009-08-20 10:44 . 2009-08-20 10:44 78848 c:\windows\temp01\msiexec.exe + 2009-08-20 10:44 . 2009-08-20 10:44 22528 c:\windows\temp01\mfcsubs.dll + 2009-08-20 10:46 . 2009-08-20 10:46 57344 c:\windows\temp01\mfc42loc.dll + 2009-08-20 10:41 . 2009-08-20 10:41 65536 c:\windows\temp01\mbamext.dll + 2009-08-20 10:42 . 2009-08-20 10:42 28160 c:\windows\temp01\lang-1036.dll + 2009-08-20 10:16 . 2009-08-20 10:16 61952 c:\windows\temp01\jar50.dll + 2009-08-20 10:45 . 2009-08-20 10:45 35328 c:\windows\temp01\iTunesRegistry.dll + 2009-08-20 10:45 . 2009-08-20 10:45 49152 c:\windows\temp01\iTunesMiniPlayerLocalized.dll + 2009-08-20 10:45 . 2009-08-20 10:45 80384 c:\windows\temp01\iTunesLocalized.dll + 2009-08-20 10:45 . 2009-08-20 10:45 82432 c:\windows\temp01\iTunes.dll + 2009-08-20 10:44 . 2009-08-20 10:44 73728 c:\windows\temp01\IDriverT.exe + 2009-08-20 11:44 . 2009-08-20 11:44 58880 c:\windows\temp01\helper.exe + 2009-08-20 10:08 . 2009-08-20 10:08 18944 c:\windows\temp01\DiscWriter.dll + 2009-08-20 10:46 . 2009-08-20 10:46 39936 c:\windows\temp01\dfrgsnap.dll + 2009-08-20 10:46 . 2009-08-20 10:46 55808 c:\windows\temp01\dfrgres.dll + 2009-08-20 14:20 . 2009-08-20 14:20 25088 c:\windows\temp01\defrag.exe + 2009-08-20 11:44 . 2009-08-20 11:44 27136 c:\windows\temp01\ddrawex.dll + 2009-08-20 10:41 . 2009-08-20 10:41 31744 c:\windows\temp01\CONTEX~1.DLL + 2009-08-20 11:41 . 2009-08-20 11:41 17408 c:\windows\temp01\browserdirprovider.dll + 2009-08-20 10:04 . 2009-08-20 10:04 29184 c:\windows\temp01\batmeter.dll + 2009-08-20 10:09 . 2009-08-20 10:09 49152 c:\windows\temp01\ashWsFtr.dll + 2009-08-20 10:41 . 2009-08-20 10:41 69632 c:\windows\temp01\ashShell.dll + 2009-08-20 10:09 . 2009-08-20 10:09 53248 c:\windows\temp01\AhResWS.dll + 2009-08-20 21:25 . 2009-08-20 21:25 16384 c:\windows\TEMP\Perflib_Perfdata_d0.dat + 2009-08-20 20:50 . 2009-08-20 20:50 6656 c:\windows\temp01\wuauserv.dll + 2009-08-20 10:16 . 2009-08-20 10:16 8704 c:\windows\temp01\qfaservices.dll + 2009-08-20 18:08 . 2009-08-20 18:08 5632 c:\windows\temp01\kbdus.dll + 2009-08-20 21:04 . 2009-08-20 21:04 3584 c:\windows\temp01\icmp.dll + 2009-08-20 11:43 . 2009-08-20 11:43 121856 c:\windows\temp01\xmllite.dll + 2009-08-20 20:55 . 2009-08-20 20:55 316416 c:\windows\temp01\wucltui.dll + 2009-08-20 10:04 . 2009-08-20 10:04 133632 c:\windows\temp01\WPDShServiceObj.dll + 2009-08-20 20:55 . 2009-08-20 20:55 156672 c:\windows\temp01\wmipcima.dll + 2009-08-20 10:09 . 2009-08-20 10:09 222720 c:\windows\temp01\wmasf.dll + 2009-08-20 10:09 . 2009-08-20 10:09 124928 c:\windows\temp01\wiadss.dll + 2009-08-20 10:04 . 2009-08-20 10:04 236544 c:\windows\temp01\webcheck.dll + 2009-08-20 20:50 . 2009-08-20 20:50 102400 c:\windows\temp01\VESSuPerform.dll + 2009-08-20 20:50 . 2009-08-20 20:50 266240 c:\windows\temp01\VESPowerMgr.dll + 2009-08-20 10:04 . 2009-08-20 10:04 122368 c:\windows\temp01\stobject.dll + 2009-08-20 10:16 . 2009-08-20 10:16 131072 c:\windows\temp01\ssl3.dll + 2009-08-20 11:42 . 2009-08-20 11:42 134144 c:\windows\temp01\sqmapi.dll + 2009-08-20 10:16 . 2009-08-20 10:16 253952 c:\windows\temp01\softokn3.dll + 2009-08-20 10:16 . 2009-08-20 10:16 106496 c:\windows\temp01\smime3.dll + 2009-08-20 10:41 . 2009-08-20 10:41 126464 c:\windows\temp01\RarExt.dll + 2009-08-20 10:08 . 2009-08-20 10:08 102400 c:\windows\temp01\PseProxy.exe + 2009-08-20 10:04 . 2009-08-20 10:04 166912 c:\windows\temp01\PortableDeviceTypes.dll + 2009-08-20 10:04 . 2009-08-20 10:04 284160 c:\windows\temp01\PortableDeviceApi.dll + 2009-08-20 10:09 . 2009-08-20 10:09 249856 c:\windows\temp01\odbc32.dll + 2009-08-20 10:16 . 2009-08-20 10:16 294912 c:\windows\temp01\nssckbi.dll + 2009-08-20 10:16 . 2009-08-20 10:16 155648 c:\windows\temp01\nspr4.dll + 2009-08-20 10:16 . 2009-08-20 10:16 139264 c:\windows\temp01\nsldap32v50.dll + 2009-08-20 20:57 . 2009-08-20 20:57 281600 c:\windows\temp01\mstask.dll + 2009-08-20 10:44 . 2009-08-20 10:44 272896 c:\windows\temp01\mscoree.dll + 2009-08-20 10:46 . 2009-08-20 10:46 174080 c:\windows\temp01\mmcbase.dll + 2009-08-20 20:55 . 2009-08-20 20:55 235008 c:\windows\temp01\metrics-ff3.dll + 2009-08-20 10:44 . 2009-08-20 10:44 184320 c:\windows\temp01\IUserCnv.dll + 2009-08-20 10:45 . 2009-08-20 10:45 102400 c:\windows\temp01\iTunesMiniPlayer.dll + 2009-08-20 10:43 . 2009-08-20 10:43 306688 c:\windows\temp01\IsUninst.exe + 2009-08-20 10:44 . 2009-08-20 10:44 274432 c:\windows\temp01\IScrCnv.dll + 2009-08-20 10:44 . 2009-08-20 10:44 200704 c:\windows\temp01\iGdiCnv.dll + 2009-08-20 11:42 . 2009-08-20 11:42 164352 c:\windows\temp01\ieui.dll + 2009-08-20 11:42 . 2009-08-20 11:42 246272 c:\windows\temp01\ieproxy.dll + 2009-08-20 11:43 . 2009-08-20 11:43 184320 c:\windows\temp01\iepeers.dll + 2009-08-20 10:09 . 2009-08-20 10:09 146944 c:\windows\temp01\hotplug.dll + 2009-08-20 10:16 . 2009-08-20 10:16 143360 c:\windows\temp01\fullsoft.dll + 2009-08-20 10:16 . 2009-08-20 10:16 200704 c:\windows\temp01\freebl3.dll + 2009-08-20 11:42 . 2009-08-20 11:42 159744 c:\windows\temp01\FlashGot.exe + 2009-08-20 11:41 . 2009-08-20 11:41 302080 c:\windows\temp01\firefox.exe + 2009-08-20 10:08 . 2009-08-20 10:08 143744 c:\windows\temp01\Fastfat.SYS + 2009-08-20 11:44 . 2009-08-20 11:44 216064 c:\windows\temp01\dxtrans.dll + 2009-08-20 11:44 . 2009-08-20 11:44 348160 c:\windows\temp01\dxtmsft.dll + 2009-08-20 20:55 . 2009-08-20 20:55 138752 c:\windows\temp01\dssenh.dll + 2009-08-20 10:46 . 2009-08-20 10:46 124416 c:\windows\temp01\dfrgui.dll + 2009-08-20 10:46 . 2009-08-20 10:46 105472 c:\windows\temp01\dfrgntfs.exe + 2009-08-20 10:42 . 2009-08-20 10:42 139264 c:\windows\temp01\CtxMenu.dll + 2009-08-20 10:03 . 2009-08-20 10:03 337920 c:\windows\temp01\cscui.dll + 2009-08-20 10:03 . 2009-08-20 10:03 102912 c:\windows\temp01\cscdll.dll + 2009-08-20 20:50 . 2009-08-20 20:50 336896 c:\windows\temp01\contactsUX.dll + 2009-08-20 10:44 . 2009-08-20 10:44 226304 c:\windows\temp01\catsrv.dll + 2009-08-20 11:42 . 2009-08-20 11:42 129024 c:\windows\temp01\brwsrcmp.dll + 2009-08-20 10:08 . 2009-08-20 10:08 180224 c:\windows\temp01\Bib.dll + 2009-08-20 10:08 . 2009-08-20 10:08 151552 c:\windows\temp01\AXE8SharedExpat.dll + 2009-08-20 10:09 . 2009-08-20 10:09 276992 c:\windows\temp01\audiodev.dll + 2009-08-20 10:08 . 2009-08-20 10:08 245760 c:\windows\temp01\Asn.er.dll + 2009-08-20 10:08 . 2009-08-20 10:08 186368 c:\windows\temp01\ARE.dll + 2009-08-20 10:43 . 2009-08-20 10:43 245248 c:\windows\temp01\acspecfc.dll + 2009-08-20 20:50 . 2009-08-20 20:50 217088 c:\windows\temp01\acrotray.exe + 2009-08-20 10:44 . 2009-08-20 10:44 176128 c:\windows\temp01\_ISUSER.DLL + 2009-08-20 10:44 . 2009-08-20 10:44 339968 c:\windows\temp01\_ISRES.DLL + 2005-03-07 18:12 . 2009-08-20 20:49 301232 c:\windows\system32\FNTCACHE.DAT . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "Anti-Blaxx Manager"="c:\program files\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 225280] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-07 180269] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Regedit32"="c:\windows\system32\regedit.exe" [bU] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-02-21 13783040] "Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-12 113664] Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-01-18 11:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ymetray.lnk] backup=c:\windows\pss\ymetray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "WinampAgent"="c:\program files\Winamp\winampa.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/05/2008 12:42 114768] R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [12/10/2004 05:47 98304] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 15:22 108289] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/05/2008 12:42 20560] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [12/10/2004 04:40 118784] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [16/06/2007 16:37 19034] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-20 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2008-04-09 20:01] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Transfert par Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm Trusted Zone: sony-europe.com Trusted Zone: sonystyle-europe.com Trusted Zone: vaio-link.com FF - ProfilePath - c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\ FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-20 23:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\drivers\beep.sys 29184 bytes executable c:\windows\system32\wisdstr.exe 190539 bytes executable c:\windows\system32\braviax.exe 11264 bytes executable scan completed successfully hidden files: 3 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1982833410-1739476970-98387861-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(900) c:\windows\system32\VESWinlogon.dll - - - - - - - > 'explorer.exe'(4368) c:\program files\MessengerPlus! 3\MsgPlusLoader.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\eappprxy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\Glary Utilities\Integrator.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\Apoint\ApntEx.exe c:\program files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe c:\windows\system32\braviax.exe c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-20 23:37 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-20 21:37 ComboFix2.txt 2009-08-20 10:03 Pre-Run: 11 755 982 848 octets libres Post-Run: 11 599 413 248 octets libres 471 --- E O F --- 2009-08-18 12:20

bonsoir, le lien que tu m'as fourni a expiré. Pourrais tu me le renvoyer?

Bonjour, après plusieurs essais infructueux, voici le rapport Combofix ComboFix 09-08-19.04 - Cub 20/08/2009 11:44.5.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.100 [GMT 2:00] Running from: c:\documents and settings\Cub\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: avast! antivirus 4.8.1335 [VPS 090819-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\bufujyhy.pif c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\inyvucy.bat c:\program files\PC_Antispyware2010 c:\program files\PC_Antispyware2010\AVEngn.dll c:\program files\PC_Antispyware2010\data\daily.cvd c:\program files\PC_Antispyware2010\htmlayout.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe c:\program files\PC_Antispyware2010\pthreadVC2.dll c:\program files\PC_Antispyware2010\Uninstall.exe c:\program files\PC_Antispyware2010\wscui.cpl c:\windows\system32\_scui.cpl c:\windows\system32\braviax.exe c:\windows\system32\wisdstr.exe . ((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 ))))))))))))))))))))))))))))))) . 2009-08-20 09:40 . 2009-08-20 09:40 18446 ----a-w- c:\windows\fyju.dat 2009-08-20 09:40 . 2009-08-20 09:40 17600 ----a-w- c:\windows\system32\qofy.dat 2009-08-20 09:40 . 2009-08-20 09:40 17473 ----a-w- c:\program files\Fichiers communs\qabemalo.exe 2009-08-20 09:40 . 2009-08-20 09:40 14927 ----a-w- c:\program files\Fichiers communs\tulymi.vbs 2009-08-20 09:40 . 2009-08-20 09:40 13748 ----a-w- c:\windows\syxu.scr 2009-08-20 09:40 . 2009-08-20 09:40 12173 ----a-w- c:\windows\sazocewyw.bin 2009-08-20 09:40 . 2009-08-20 09:40 11302 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ketufat.sys 2009-08-20 09:40 . 2009-08-20 09:40 11180 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\idegasuba.pif 2009-08-20 09:39 . 2009-08-20 09:39 -------- d-----w- C:\PC_Antispyware2010 2009-08-19 14:24 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-19 14:24 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-19 14:24 . 2009-08-19 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-19 13:22 . 2009-08-20 09:36 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-19 13:22 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-08-19 13:22 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-08-19 13:22 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\program files\Avira 2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-08-16 11:34 . 2009-08-16 11:34 -------- d-----w- c:\program files\AxBx 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\MSBuild 2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\Reference Assemblies 2009-08-16 09:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-16 09:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-16 09:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-16 09:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-16 09:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-16 09:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-16 09:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-15 12:14 . 2009-08-20 09:58 -------- d-----w- c:\windows\temp01 2009-08-14 15:05 . 2009-08-14 15:05 3584 ----a-w- c:\windows\system32\drivers\xagnnt07j31.sys 2009-08-14 15:05 . 2009-08-14 14:57 50688 ----a-w- c:\windows\rts.exe 2009-08-13 19:30 . 2009-08-13 19:30 -------- d-----w- c:\documents and settings\LocalService\Bureau 2009-08-13 19:10 . 2009-08-19 13:01 -------- d-----w- c:\program files\Lavasoft 2009-08-13 18:39 . 2009-08-18 12:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-13 18:36 . 2004-08-05 12:00 2944 -c--a-w- c:\windows\system32\dllcache\null.sys 2009-08-13 18:36 . 2004-08-05 12:00 2944 ----a-w- c:\windows\system32\drivers\null.sys 2009-08-13 17:24 . 2009-08-13 17:24 -------- d-----w- c:\documents and settings\Cub\Application Data\Malwarebytes 2009-08-13 17:23 . 2009-08-13 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-13 10:34 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\vsapi32.dll 2009-08-13 10:34 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\BPMNT.dll 2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tmcomm.sys 2009-08-13 10:34 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ssapi32.dll 2009-08-13 10:33 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tsc.exe 2009-08-13 10:33 . 2009-08-13 10:33 183356 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Uninstaller.exe 2009-08-13 10:33 . 2009-08-13 10:33 61440 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Toolkit.dll 2009-08-13 10:33 . 2009-08-13 10:33 98304 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\getMac.exe 2009-08-13 10:33 . 2009-08-13 10:33 69632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80.dll 2009-08-13 10:33 . 2009-08-13 10:33 626688 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcr80.dll 2009-08-13 10:33 . 2009-08-13 10:33 57344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80u.dll 2009-08-13 10:33 . 2009-08-13 10:33 548864 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcp80.dll 2009-08-13 10:33 . 2009-08-13 10:33 479232 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcm80.dll 2009-08-13 10:33 . 2009-08-13 10:33 1093632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80.dll 2009-08-13 10:33 . 2009-08-13 10:33 1079808 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80u.dll 2009-08-13 10:32 . 2009-08-13 10:32 218736 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\patch.exe 2009-08-13 10:32 . 2009-08-13 10:32 189968 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ciussi32.dll 2009-08-13 10:32 . 2009-08-13 10:32 170512 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\PATCHW32.DLL 2009-08-13 10:32 . 2009-08-13 10:32 1267320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmUpdate.dll 2009-08-13 10:32 . 2009-08-13 10:32 116048 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmEngDrv.dll 2009-08-13 10:32 . 2009-08-13 10:32 832776 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\lea.dll 2009-08-13 10:32 . 2009-08-13 10:32 439560 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\jlea.dll 2009-08-13 10:32 . 2009-08-13 10:32 42320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\dsvout.dll 2009-08-13 10:21 . 2009-08-13 10:49 -------- d-----w- c:\documents and settings\Cub\Application Data\HouseCall 6.6 2009-08-12 20:29 . 2009-08-12 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\documents and settings\Cub\Application Data\SUPERAntiSpyware.com 2009-08-12 20:07 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-02 18:41 . 2008-04-14 00:57 32128 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys 2009-08-02 18:41 . 2008-04-14 00:57 32128 ----a-w- c:\windows\system32\drivers\wceusbsh.sys 2009-08-02 13:21 . 2009-08-18 12:28 -------- d-----w- c:\program files\Championship Manager 01-02 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-20 09:40 . 2009-08-20 09:40 18750 ----a-w- c:\documents and settings\LocalService\Application Data\hexifa.vbs 2009-08-20 09:40 . 2009-08-20 09:40 18006 ----a-w- c:\program files\Fichiers communs\vupexaf.dl 2009-08-20 09:40 . 2009-08-20 09:40 12650 ----a-w- c:\documents and settings\All Users\Application Data\hyzaxi.dat 2009-08-20 09:40 . 2009-08-20 09:40 11848 ----a-w- c:\program files\Fichiers communs\vexido.dl 2009-08-20 09:40 . 2009-08-20 09:40 10587 ----a-w- c:\documents and settings\All Users\Application Data\okumeco.dat 2009-08-19 13:09 . 2007-11-05 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-19 13:01 . 2007-11-06 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-18 12:24 . 2008-03-17 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO 2009-08-18 12:24 . 2007-12-06 13:48 -------- d-----w- c:\program files\Yahoo! 2009-08-18 12:20 . 2008-10-08 19:05 -------- d-----w- c:\program files\OpenTTD 2009-08-17 19:03 . 2008-04-13 19:15 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-17 18:00 . 2009-08-17 18:00 2048 ----a-w- c:\program files\lmggrq.txt 2009-08-17 16:05 . 2005-03-07 09:05 91524 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-17 16:05 . 2005-03-07 09:05 522440 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-16 21:05 . 2005-09-10 13:43 75768 ----a-w- c:\documents and settings\Cub\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-15 12:37 . 2005-09-10 14:19 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-12 20:10 . 2007-04-22 17:29 -------- d-----w- c:\documents and settings\Cub\Application Data\Azureus 2009-08-10 22:01 . 2005-03-08 08:55 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-10 13:57 . 2007-04-22 17:29 -------- d-----w- c:\program files\Azureus 2009-08-05 09:00 . 2005-03-07 09:05 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:03 . 2005-03-07 09:04 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2005-03-07 09:05 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 12:21 . 2008-09-03 08:25 -------- d-----w- c:\program files\Free FLV Converter 2009-07-08 12:12 . 2005-09-10 14:42 -------- d-----w- c:\program files\eMule 2009-07-03 16:57 . 2005-03-07 09:05 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-02 22:42 . 2009-07-02 22:42 52736 ----a-w- c:\windows\ipuninst.exe 2009-06-29 12:11 . 2006-06-22 22:29 -------- d-----w- c:\program files\DOSBox-0.65 2009-06-24 19:02 . 2008-09-03 08:26 299008 ----a-w- c:\windows\system32\TubeFinder.exe 2009-06-16 14:40 . 2005-03-07 09:05 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2005-03-07 09:04 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:44 . 2005-03-07 09:05 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:14 . 2005-03-07 09:04 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2005-03-07 17:17 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2005-03-07 09:05 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2005-03-07 09:05 1297408 ----a-w- c:\windows\system32\quartz.dll 2006-05-06 16:42 . 2006-10-01 08:11 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "Anti-Blaxx Manager"="c:\program files\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 225280] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-07 180269] "rts"="c:\windows\rts.exe" [2009-08-14 50688] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-02-21 13783040] "Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-12 113664] Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-01-18 11:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ymetray.lnk] backup=c:\windows\pss\ymetray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "WinampAgent"="c:\program files\Winamp\winampa.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/05/2008 12:42 114768] R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [12/10/2004 05:47 98304] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 15:22 108289] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/05/2008 12:42 20560] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [12/10/2004 04:40 118784] R2 xagnnt07j31;xagnnt07j31;c:\windows\system32\drivers\xagnnt07j31.sys [14/08/2009 17:05 3584] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [16/06/2007 16:37 19034] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-20 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2008-04-09 20:01] . - - - - ORPHANS REMOVED - - - - HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Transfert par Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm Trusted Zone: sony-europe.com Trusted Zone: sonystyle-europe.com Trusted Zone: vaio-link.com FF - ProfilePath - c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\ FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-20 11:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1982833410-1739476970-98387861-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(916) c:\windows\system32\VESWinlogon.dll . Completion time: 2009-08-20 12:03 ComboFix-quarantined-files.txt 2009-08-20 10:03 Pre-Run: 10 815 430 656 octets libres Post-Run: 10 817 142 784 octets libres 288 --- E O F --- 2009-08-18 12:20

Ok merci je vais essayer ca et je posterai le rapport combofix

Merci de ta réponse, mais Combofix ne fonctionne pas: une fois que je l'ai lancé, il se bloque toujours au même moment: il va jusqu'à: Deleting Files: C:\WINDOWS\system32\braviax.exe C:\WINDOWS\system32\DelSelf.bat C:\WINDOWS\system32\wisdstr.exe Et là il bloque. J'ai testé en mode normal et en mode sans échec. Que puis je faire pour que Combofix aille jusqu'au bout?

Bonjour à tous, Je suis nouveau sur le forum. Voici la raison de mon inscription: Mon PC portable est infecté depuis quelques jours par plusieurs virus dont braviax. J'ai tenté d'y remédier par des scans avec Malwarebyte (qui supprime bien les fichiers infectés, mais lors du redémarrage proposé, impossible de revenir sous Windows, l'ordinateur redémarre,), Trojan Remover, et de supprimer manuellement les fichiers en cause. Tant que je ne suis pas connecté à Internet, les virus semblent avoir disparus, mais dès que je me reconnecte, Avast me signale que l'ordinateur est toujours infecté. Y aurait il quelqu'un qui serait en mesure de m'aider? Merci d'avance PS: en recherchant su le net, j'ai vu qu'un rapport HijackThis pouvait être utile, je l'inclus donc dans le message suivant. Le rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:23:26, on 19/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ICO.EXE C:\Program Files\Apoint\Apntex.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Glary Utilities\Integrator.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Search Settings\SearchSettings.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\rts.exe C:\windows\ld12.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Documents and Settings\Cub\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [rts] C:\WINDOWS\rts.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'SYSTEM') O4 - .DEFAULT Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user') O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user') O4 - Startup: ikowin32.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Transfert par Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://el-cub.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126363648660 O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 11907 bytes