résolu

[catetmic]

impossible de le supprimr

il me dit que le fichier est ouvert par un autre programme

ou que je ne dispose pas d'autorisation alors que je suis en mode administrateur

[toutoune]

Je suis désolé mais j'avoue être dépassé, en plus avec vista que je ne connais pas j'ai peur de faire des boulettes !! Je vais demander à un ami de venir t'aider mais je ne te promets rien, demande de l'aide à d'autres membres de ton côté.

 

Désolé !

[catetmic]

tu mas déja beaucoup aidé, merci beaucoup

là de dois partir je suis attendu a un anniv, je ne voudrais pas arriver a la fiesta en retard !!!

bonne soirée a toi

[Thanos]

salut à vous deux

 

Voici la suite des manipulations >

 

1) Commence par désactiver l'UAC si ce n'est déjà fait >

 

http://www.zebulon.fr/astuces/220-desactiv...dans-vista.html

 

2) Rend toi sur cette page afin de télécharger le fichier CFScript > http://www.sendspace.com/file/j9n2m0

pour cela, clique sur le lien en bas de page > Download Link: CFScript

• Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
  
  
• Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
  

3) Assure toi que les contrôles activeX soient bien configurés dans les options internet comme décrit sur ce lien=> Cybersécurité

• Fais un scan en ligne Kaspersky
  
• Clique sur Accept
  
• Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
  
• clique une nouvelle fois sur "Accept"
  
• Les bases de mises à jour vont s'installer, patiente un moment
  
• Clique sur Next.
  
• Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
  

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle la totalité du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

Aide en cas de problème :Cybersécurité

 

NOTE: Le scan est à faire avec Internet Explorer.

[catetmic]

Bonjour Thanos

merci pour ton aide

voici le rapport :

---------------------------------------------------------------------------------------------------------------

 

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Monday, February 25, 2008 6:27:36 PM

Operating System: Microsoft Windows Vista Home Edition, (Build 6000)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 25/02/2008

Kaspersky Anti-Virus database records: 580051

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C:\

D:\

F:\

G:\

H:\

I:\

J:\

 

Scan Statistics:

Total number of scanned objects: 84833

Number of viruses found: 3

Number of infected objects: 7

Number of suspicious objects: 0

Duration of the scan process: 01:05:29

 

Infected Object Name / Virus Name / Last Action

C:\Boot\BCD Object is locked skipped

C:\Boot\BCD.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc69816d90388ccddd306c20e5b34654_192024c0-460d-4b2f-8466-9717c5e49b6b Object is locked skipped

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce0342c240ad55dd89fbf597318e4036_fc8543c6-9b25-44fe-8d6a-24566b9957e3 Object is locked skipped

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d2463a2926adde5e1d212be1624d92b8_fc8543c6-9b25-44fe-8d6a-24566b9957e3 Object is locked skipped

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eca2d771bc083698767e081b57df53d6_fc8543c6-9b25-44fe-8d6a-24566b9957e3 Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.119.Crwl Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.119.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010001.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010002.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010003.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010004.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010005.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010006.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010007.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010008.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010009.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01000A.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01000B.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01000C.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01000D.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01000E.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01000F.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010010.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010011.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010012.ci Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010012.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010012.wsb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010013.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010014.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010015.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010016.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010017.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010018.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010019.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001A.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001B.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001C.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001D.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001E.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001F.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010020.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010021.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010022.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010024.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010025.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010028.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010029.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01002B.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy177.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfA36F.tmp Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfA370.tmp Object is locked skipped

C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtETmp\20156F6C.TMP Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtETmp\8385378C.TMP Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtETmp\9F0C6565.TMP Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped

C:\QooBox\Quarantine\catchme2008-02-24_212343.52.zip/andt.sys Infected: Trojan-Downloader.Win32.Delf.evt skipped

C:\QooBox\Quarantine\catchme2008-02-24_212343.52.zip/Indt2.sys Infected: not-a-virus:AdWare.Win32.VB.bh skipped

C:\QooBox\Quarantine\catchme2008-02-24_212343.52.zip/ndt2.sys Infected: Trojan-Downloader.Win32.Delf.evt skipped

C:\QooBox\Quarantine\catchme2008-02-24_212343.52.zip ZIP: infected - 3 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\Users\neojunior\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Users\neojunior\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\Users\neojunior\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\neojunior\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008022520080226\index.dat Object is locked skipped

C:\Users\neojunior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\neojunior\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\neojunior\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\neojunior\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\neojunior\AppData\Local\Microsoft\Windows\UsrClass.dat{00f9827a-6e8b-11dc-8bf2-001921588781}.TM.blf Object is locked skipped

C:\Users\neojunior\AppData\Local\Microsoft\Windows\UsrClass.dat{00f9827a-6e8b-11dc-8bf2-001921588781}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\neojunior\AppData\Local\Microsoft\Windows\UsrClass.dat{00f9827a-6e8b-11dc-8bf2-001921588781}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\neojunior\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\neojunior\ntuser.dat Object is locked skipped

C:\Users\neojunior\ntuser.dat.LOG1 Object is locked skipped

C:\Users\neojunior\ntuser.dat.LOG2 Object is locked skipped

C:\Users\neojunior\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Users\neojunior\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\neojunior\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\catroot2\edb.log Object is locked skipped

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\config\components Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\Windows\System32\config\default Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped

C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped

C:\Windows\System32\config\RegBack\SAM Object is locked skipped

C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped

C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped

C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped

C:\Windows\System32\config\sam Object is locked skipped

C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

C:\Windows\System32\config\security Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

C:\Windows\System32\config\software Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\Windows\System32\config\system Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5JCW1EXH\index[1].htm Infected: Trojan-Downloader.JS.IstBar.ai skipped

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5JCW1EXH\w[1].bin Infected: Trojan-Downloader.Win32.Delf.evt skipped

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T95W2Q7H\discover[1].exe Infected: not-a-virus:AdWare.Win32.VB.bh skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped

C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped

C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped

C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped

C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped

C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped

C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\Windows\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

Scan process completed.

[Thanos]

Salut,

 

Le rapport du scan Kaspersky montre que l'infection est bien éradiquée (dans la quarantaine de ComboFix, donc inactive).

 

Ceci dit, relis bien mon post: tu as oublié de me poster le rapport C:\ComboFix.txt

C'est important pour voir si tout a bien été nettoyé.

 

@+

[catetmic]

ComboFix 08-02-23.2 - neojunior 2008-02-25 19:48:54.4 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.508 [GMT 1:00]

Endroit: D:\Mes Documents\téléchargements\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Program Files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate

C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE

C:\Program Files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll

C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

C:\Program Files\Symantec\LiveUpdate\AUPDATERES.DLL

C:\Program Files\Symantec\LiveUpdate\Lisezmoi.txt

C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE

C:\Program Files\Symantec\LiveUpdate\LUALL.EXE

C:\Program Files\Symantec\LiveUpdate\LUALLRES.DLL

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LUCheck.exe

C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE

C:\Program Files\Symantec\LiveUpdate\LuConfig.EXE

C:\Program Files\Symantec\LiveUpdate\ludirloc.dat

C:\Program Files\Symantec\LiveUpdate\LUINFO.INF

C:\Program Files\Symantec\LiveUpdate\LUInit.exe

C:\Program Files\Symantec\LiveUpdate\LUInit.ini

C:\Program Files\Symantec\LiveUpdate\LUINSDLL.DLL

C:\Program Files\Symantec\LiveUpdate\LuInsRes.dll

C:\Program Files\Symantec\LiveUpdate\LuPreCon.DLL

C:\Program Files\Symantec\LiveUpdate\LuResult.txt

C:\Program Files\Symantec\LiveUpdate\LUSETUP.EXE

C:\Program Files\Symantec\LiveUpdate\LUUPDATE.EXE

C:\Program Files\Symantec\LiveUpdate\MFC71.DLL

C:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL

C:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL

C:\Program Files\Symantec\LiveUpdate\NetDetectController_3_2.DLL

C:\Program Files\Symantec\LiveUpdate\NotifyHA.exe

C:\Program Files\Symantec\LiveUpdate\ProductRegCom_3_2.DLL

C:\Program Files\Symantec\LiveUpdate\ResLuComServer_3_2.DLL

C:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL

C:\Program Files\Symantec\LiveUpdate\S32LUCP1RES.DLL

C:\Program Files\Symantec\LiveUpdate\S32LUCP2.CPL

C:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL

C:\Program Files\Symantec\LiveUpdate\S32LUWI1.DLL

C:\Program Files\Symantec\LiveUpdate\Settings.Default.LiveUpdate

C:\Program Files\Symantec\LiveUpdate\SETUPRES.DLL

C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe

C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.log

C:\Program Files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll

C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL

C:\Program Files\Symantec\S32EVNT1.DLL

C:\Windows\System32\andt.sys

C:\Windows\System32\Indt2.sys

C:\Windows\System32\ndt2.sys

C:\Windows\System32\routing.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\Planificateur LiveUpdate automatique

 

 

 

 

((((((((((((((((((((((((((((( Fichiers créés 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))))))))

.

 

Pas de nouveau fichier créé dans cet espace de temps

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-25 18:45 --------- d-----w C:\PROGRA~2\Symantec

2008-02-25 12:09 --------- d-----w C:\PROGRA~2\Google Updater

2008-02-24 20:31 --------- d-----w C:\PROGRA~2\Kaspersky Lab

2008-02-24 12:30 --------- d-----w C:\Program Files\Lavalys

2008-02-24 11:43 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF

2008-02-24 11:43 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS

2008-02-24 11:43 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT

2008-02-24 11:43 --------- d-----w C:\Program Files\Norton Internet Security

2008-02-24 11:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-23 18:21 --------- d-----w C:\Program Files\adslTV

2008-02-23 16:47 --------- d-----w C:\Program Files\Hijackthis Version Française

2008-02-23 13:49 --------- d-----w C:\Program Files\Panda Security

2008-02-23 12:14 --------- d-----w C:\Users\neojunior\AppData\Roaming\Download Manager

2008-02-23 10:30 --------- d-----w C:\Users\neojunior\AppData\Roaming\Azureus

2008-02-19 19:43 --------- d-----w C:\Program Files\IncrediMail

2008-02-18 15:55 --------- d-----w C:\Program Files\FpTest

2008-02-17 14:58 --------- d-----w C:\Users\neojunior\AppData\Roaming\dvdcss

2008-02-16 17:28 --------- d-----w C:\PROGRA~2\DVD Shrink

2008-02-16 17:27 --------- d-----w C:\Program Files\DVD Shrink

2008-02-16 08:03 --------- d-----w C:\Program Files\Google

2008-02-13 16:49 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 16:48 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys

2008-02-13 16:48 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys

2008-02-13 16:48 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys

2008-02-13 16:48 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys

2008-02-13 16:48 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys

2008-02-13 16:48 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys

2008-02-13 16:48 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys

2008-02-13 16:46 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-13 16:46 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-13 16:46 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-13 16:46 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-13 16:46 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-02-13 16:46 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-13 16:46 --------- d-----w C:\PROGRA~2\Microsoft Help

2008-02-13 16:45 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-08 19:19 --------- d-----w C:\Users\neojunior\AppData\Roaming\Todae

2008-02-07 18:50 --------- d-----w C:\Users\neojunior\AppData\Roaming\XnView

2008-02-07 18:28 --------- d-----w C:\Program Files\XnView

2008-02-03 21:06 --------- d-----w C:\Program Files\Planestate

2008-02-01 19:07 --------- d-----w C:\Users\neojunior\AppData\Roaming\vlc

2008-02-01 18:44 --------- d-----w C:\Program Files\HomePlayer1.5.3.1

2008-02-01 18:39 --------- d-----w C:\Program Files\Freeplayer

2008-01-20 12:43 --------- d-----w C:\Program Files\Alwil Software

2008-01-19 10:56 --------- d-----w C:\Users\neojunior\AppData\Roaming\LimeWire

2008-01-17 15:49 --------- d-----w C:\PROGRA~2\IM

2008-01-17 15:48 --------- d-----w C:\PROGRA~2\IncrediMail

2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat

2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-01-13 13:59 --------- d-----w C:\Program Files\Common Files\MAGIX Shared

2008-01-13 13:58 --------- d-----w C:\Program Files\MAGIX

2008-01-13 13:58 --------- d-----w C:\PROGRA~2\MAGIX

2008-01-12 23:23 --------- d-----w C:\Users\neojunior\AppData\Roaming\Media Player Classic

2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-01-09 05:28 --------- d-----w C:\Program Files\Windows Mail

2008-01-09 05:24 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-01-09 05:24 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-01-09 05:23 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-06 10:14 --------- d-----w C:\Program Files\DivX

2008-01-06 09:54 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-01-04 19:25 --------- d-----w C:\Program Files\Azureus

2008-01-03 20:02 --------- d-----w C:\Program Files\Foxit Software

2008-01-03 16:49 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-03 16:48 --------- d-----w C:\Program Files\eBay

2008-01-03 16:48 --------- d-----w C:\PROGRA~2\eBay

2008-01-02 22:29 --------- d-----w C:\Program Files\Picasa2

2008-01-02 22:29 --------- d-----w C:\Program Files\Microsoft Works

2008-01-02 22:29 --------- d-----w C:\Program Files\Microsoft Picture It! 9

2008-01-02 22:29 --------- d-----w C:\PROGRA~2\Ulead Systems

2008-01-02 15:46 --------- d-----w C:\Users\neojunior\AppData\Roaming\Symantec

2007-12-29 14:09 --------- d-----w C:\PROGRA~2\Azureus

2007-09-15 11:24 174 --sha-w C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"????r"="" []

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-15 15:24 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-15 12:32 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 03:57 3784704 C:\Windows\RtHDVCpl.exe]

"eRecoveryService"="" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 04:28 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 04:28 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 04:28 81920]

"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-15 15:27 185632]

"TrayServer"="C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 13:58 90112]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-15 15:24:16 126136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"mt"= SVVH0ST.EXE

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{CBA664D7-7845-4748-A78F-A801EA076BBF}"= UDP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite

"{88ECF735-BA95-4C4C-B1DD-F8A0505D0210}"= TCP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite

"{BDE6C266-D4E0-412E-8BDC-137FDAFD962D}"= UDP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess

"{95A589C8-AC04-4F93-BBA6-CFE965C0573A}"= TCP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess

"{9357837E-EEB8-4804-AEE7-FBB2A61280F4}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess

"{6539D799-7174-4EA6-AFEC-7E368AF33207}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess

"{3644AAC3-5A91-49CD-AFF0-3574437F4077}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess

"{BDD9BF01-7BE7-4893-B26C-DBF76962231A}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess

"{D107C740-DFB4-4E00-9C4E-0465AC8388A5}"= UDP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA

"{E2EC3638-EB6F-463F-AD0E-8C6100D6E4DD}"= TCP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA

"{582B234A-2EDA-4496-ACF3-432D2680BA55}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{1E8DF448-EECC-4757-A187-477D0F6DE5E3}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{A6AF243E-3A6B-476B-B97E-9AF101C48F03}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|

"{688C1D77-79C3-4CCB-A2B3-A4DAC6791371}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

"{3ABDB307-A8DB-4B39-BEA8-28F597BF19D9}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{BF57F5F5-4216-4471-83B5-319650D4EC95}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{2B8925AA-D197-49A0-A5A0-66473832B174}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{12D966A4-5EA8-4E2B-BDAD-599F380EBDB2}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{47D9AE8D-E94B-4205-B349-72D36033631A}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{456FA2CD-7B28-44FB-B342-668BC32B915F}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"TCP Query User{5B2644DC-0EB4-4001-95FD-EA332A9FAC4D}C:\program files\adsltv\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv|Desc=adsltv

"UDP Query User{E5145B18-140E-4C7B-8902-FAE3507AAC88}C:\program files\adsltv\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv|Desc=adsltv

"TCP Query User{A761E0BD-53AC-48DC-9FB2-6124ADC088E6}C:\program files\adsltv\vlc.exe"= UDP:C:\program files\adsltv\vlc.exe:VLC media player|Desc=VLC media player

"UDP Query User{69F4105D-B29D-468F-BF35-4E813984EAFA}C:\program files\adsltv\vlc.exe"= TCP:C:\program files\adsltv\vlc.exe:VLC media player|Desc=VLC media player

"TCP Query User{4E014A16-CF61-4839-8A80-61D6FEB4F738}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus

"UDP Query User{FAE9906E-C9EC-471E-8588-DC6F02D6BAE7}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus

"TCP Query User{17D2B551-462C-427F-ABF1-F4D4840C1096}C:\program files\homeplayer1.5.1.2\homeplayer.exe"= UDP:C:\program files\homeplayer1.5.1.2\homeplayer.exe:HomePlayer|Desc=HomePlayer

"UDP Query User{CBED141E-B8AF-40F0-AF06-2A094E08CFAB}C:\program files\homeplayer1.5.1.2\homeplayer.exe"= TCP:C:\program files\homeplayer1.5.1.2\homeplayer.exe:HomePlayer|Desc=HomePlayer

"TCP Query User{D4773AAF-C287-489A-9E1D-2DBE748A83A1}C:\program files\freeplayer\vlc\vlc.exe"= UDP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player|Desc=VLC media player

"UDP Query User{734EEDCA-77C9-4529-A14F-B4252901E386}C:\program files\freeplayer\vlc\vlc.exe"= TCP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player|Desc=VLC media player

"TCP Query User{91D6016E-B905-409D-A49E-BE688931C1FE}C:\program files\adsltv\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv|Desc=adsltv

"UDP Query User{0602E324-C378-44F0-8459-97D2B75B9961}C:\program files\adsltv\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv|Desc=adsltv

"TCP Query User{9DE06431-B0F9-4185-93F6-68E930F68578}C:\program files\adsltv\vlc.exe"= UDP:C:\program files\adsltv\vlc.exe:VLC media player|Desc=VLC media player

"UDP Query User{68B44CD2-2E9F-4E02-A917-132CEF23ED7D}C:\program files\adsltv\vlc.exe"= TCP:C:\program files\adsltv\vlc.exe:VLC media player|Desc=VLC media player

"TCP Query User{75D46E29-2BB6-4CC0-83BE-7C0808338EFD}C:\program files\homeplayer1.5.3.1\homeplayer.exe"= UDP:C:\program files\homeplayer1.5.3.1\homeplayer.exe:HomePlayer|Desc=HomePlayer

"UDP Query User{12778A4F-6E32-49F1-8CB0-5581ABF5AD0B}C:\program files\homeplayer1.5.3.1\homeplayer.exe"= TCP:C:\program files\homeplayer1.5.3.1\homeplayer.exe:HomePlayer|Desc=HomePlayer

"TCP Query User{04674E89-3B87-4197-B2CD-76654BE18266}C:\users\neojunior\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe"= UDP:C:\users\neojunior\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe|Desc=octoshapeclient.exe

"UDP Query User{1F28E1CC-9C76-4FE3-822A-BC17A3825189}C:\users\neojunior\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe"= TCP:C:\users\neojunior\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe|Desc=octoshapeclient.exe

"TCP Query User{9BB719DD-A684-4E9F-831B-7F4F4FE50566}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus

"UDP Query User{99926E98-E439-462B-844B-4FBAA0AD0646}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus

"{B93315E9-0135-4F63-96FC-27F5BD8D027B}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{D9BA60C0-E478-49EA-8941-B317F822AFF1}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{EDE27E2E-871B-4898-A304-9399356EC617}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{F3653967-1DC0-4C23-8AAE-2D24ADF3B1AC}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{87B2A954-D809-47FB-BA00-C6CBC81CD1A3}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{6DA01B39-CAEA-4E39-9A74-4B49B06170A9}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 14:10]

R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 14:21]

R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 15:11]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080221.003\IDSvix86.sys [2008-02-14 02:51]

R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]

R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-25 06:46]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\shell\AutoRun\command - E:\start.exe /checksection

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\shell\AutoRun\command - K:\start.exe /checksection

 

*Newly Created Service* - COMHOST

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-02-24 20:21:15 C:\Windows\Tasks\At1.job"

- C:\Windows\system32\kmd.exe%/d /c start C:\ComboFix\sYs.bat /\c@

"2008-02-24 11:41:05 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - neojunior.job"

[Thanos]

salut

 

Il y a du mieux catemic

 

On va éliminer les traces restantes dans le registre comme ceci >

 

1) Démarre Hijackthis, clique sur "Do a system scan only", et coche les lignes suivantes :

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

 

O1 - Hosts: 82.98.86.172 incridimail.com

O1 - Hosts: 210.72.13.14 lxszn.com

 

O4 - HKLM\..\Policies\Explorer\Run: [mt] SVVH0ST.EXE

 

-Ferme tous les programmes et clique sur "Fix Checked"

 

2) Rend toi sur cette page afin de télécharger le fichier CFScript > http://www.sendspace.com/file/41uak7

pour cela, clique sur le lien en bas de page > Download Link: CFScript

• Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
  
  
• Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
  

Poste le rapport de ComboFix ( ne lance pas Combofix sans le script surtout).

[catetmic]

Salut

merci beaucoup de t'occuper de mon problème

 

 

 

ComboFix 08-02-23.2 - neojunior 2008-02-26 19:57:03.5 - NTFSx86

Microsoft® Windows Vistaâ„¢ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.355 [GMT 1:00]

Endroit: D:\Mes Documents\téléchargements\ComboFix.exe

Command switches used :: D:\Mes Documents\téléchargements\CFScript.txt

* Création d'un nouveau point de restauration

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Program Files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate

C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE

C:\Program Files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll

C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

C:\Program Files\Symantec\LiveUpdate\AUPDATERES.DLL

C:\Program Files\Symantec\LiveUpdate\Lisezmoi.txt

C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE

C:\Program Files\Symantec\LiveUpdate\LUALL.EXE

C:\Program Files\Symantec\LiveUpdate\LUALLRES.DLL

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LUCheck.exe

C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE

C:\Program Files\Symantec\LiveUpdate\LuConfig.EXE

C:\Program Files\Symantec\LiveUpdate\ludirloc.dat

C:\Program Files\Symantec\LiveUpdate\LUINFO.INF

C:\Program Files\Symantec\LiveUpdate\LUInit.exe

C:\Program Files\Symantec\LiveUpdate\LUInit.ini

C:\Program Files\Symantec\LiveUpdate\LUINSDLL.DLL

C:\Program Files\Symantec\LiveUpdate\LuInsRes.dll

C:\Program Files\Symantec\LiveUpdate\LuPreCon.DLL

C:\Program Files\Symantec\LiveUpdate\LuResult.txt

C:\Program Files\Symantec\LiveUpdate\LUSETUP.EXE

C:\Program Files\Symantec\LiveUpdate\LUUPDATE.EXE

C:\Program Files\Symantec\LiveUpdate\MFC71.DLL

C:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL

C:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL

C:\Program Files\Symantec\LiveUpdate\NetDetectController_3_2.DLL

C:\Program Files\Symantec\LiveUpdate\NotifyHA.exe

C:\Program Files\Symantec\LiveUpdate\ProductRegCom_3_2.DLL

C:\Program Files\Symantec\LiveUpdate\ResLuComServer_3_2.DLL

C:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL

C:\Program Files\Symantec\LiveUpdate\S32LUCP1RES.DLL

C:\Program Files\Symantec\LiveUpdate\S32LUCP2.CPL

C:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL

C:\Program Files\Symantec\LiveUpdate\S32LUWI1.DLL

C:\Program Files\Symantec\LiveUpdate\Settings.Default.LiveUpdate

C:\Program Files\Symantec\LiveUpdate\SETUPRES.DLL

C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe

C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.log

C:\Program Files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll

C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL

C:\Program Files\Symantec\S32EVNT1.DLL

C:\Windows\System32\andt.sys

C:\Windows\System32\Indt2.sys

C:\Windows\System32\ndt2.sys

C:\Windows\System32\routing.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\Planificateur LiveUpdate automatique

 

 

 

 

 

 

((((((((((((((((((((((((((((( Fichiers créés 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))))))))

.

 

Pas de nouveau fichier créé dans cet espace de temps

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-26 13:09 --------- d-----w C:\PROGRA~2\Google Updater

2008-02-25 19:22 86,094 ----a-w C:\Windows\BPMNT.dll

2008-02-25 19:22 71,749 ----a-w C:\Windows\hcextoutput.dll

2008-02-25 19:22 267,845 ----a-w C:\Windows\tsc.exe

2008-02-25 19:22 1,163,344 ----a-w C:\Windows\vsapi32.dll

2008-02-25 19:20 --------- d-----w C:\PROGRA~2\Symantec

2008-02-24 20:31 --------- d-----w C:\PROGRA~2\Kaspersky Lab

2008-02-24 12:30 --------- d-----w C:\Program Files\Lavalys

2008-02-24 11:43 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF

2008-02-24 11:43 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS

2008-02-24 11:43 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT

2008-02-24 11:43 --------- d-----w C:\Program Files\Norton Internet Security

2008-02-24 11:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-23 18:21 --------- d-----w C:\Program Files\adslTV

2008-02-23 16:47 --------- d-----w C:\Program Files\Hijackthis Version Française

2008-02-23 13:49 --------- d-----w C:\Program Files\Panda Security

2008-02-23 12:14 --------- d-----w C:\Users\neojunior\AppData\Roaming\Download Manager

2008-02-23 10:30 --------- d-----w C:\Users\neojunior\AppData\Roaming\Azureus

2008-02-19 19:43 --------- d-----w C:\Program Files\IncrediMail

2008-02-18 15:55 --------- d-----w C:\Program Files\FpTest

2008-02-17 14:58 --------- d-----w C:\Users\neojunior\AppData\Roaming\dvdcss

2008-02-16 17:28 --------- d-----w C:\PROGRA~2\DVD Shrink

2008-02-16 17:27 --------- d-----w C:\Program Files\DVD Shrink

2008-02-16 08:03 --------- d-----w C:\Program Files\Google

2008-02-13 16:49 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-13 16:49 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 16:46 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-13 16:46 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-13 16:46 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-13 16:46 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-13 16:46 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-13 16:46 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-13 16:46 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-13 16:46 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-13 16:46 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-13 16:46 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-02-13 16:46 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-13 16:46 --------- d-----w C:\PROGRA~2\Microsoft Help

2008-02-13 16:45 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-13 16:45 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 16:45 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 16:45 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-13 16:45 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 16:45 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 16:45 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-13 16:43 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-13 16:43 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-13 16:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-13 16:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-08 19:19 --------- d-----w C:\Users\neojunior\AppData\Roaming\Todae

2008-02-07 18:50 --------- d-----w C:\Users\neojunior\AppData\Roaming\XnView

2008-02-07 18:28 --------- d-----w C:\Program Files\XnView

2008-02-03 21:06 --------- d-----w C:\Program Files\Planestate

2008-02-01 19:07 --------- d-----w C:\Users\neojunior\AppData\Roaming\vlc

2008-02-01 18:44 --------- d-----w C:\Program Files\HomePlayer1.5.3.1

2008-02-01 18:39 --------- d-----w C:\Program Files\Freeplayer

2008-01-26 12:08 69,689 ----a-w C:\Windows\UNZIP.DLL

2008-01-26 12:08 507,904 ----a-w C:\Windows\TMUPDATE.DLL

2008-01-26 12:08 286,720 ----a-w C:\Windows\PATCH.EXE

2008-01-20 12:43 --------- d-----w C:\Program Files\Alwil Software

2008-01-19 10:56 --------- d-----w C:\Users\neojunior\AppData\Roaming\LimeWire

2008-01-17 15:49 --------- d-----w C:\PROGRA~2\IM

2008-01-17 15:48 --------- d-----w C:\PROGRA~2\IncrediMail

2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat

2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-01-13 13:59 --------- d-----w C:\Program Files\Common Files\MAGIX Shared

2008-01-13 13:58 --------- d-----w C:\Program Files\MAGIX

2008-01-13 13:58 --------- d-----w C:\PROGRA~2\MAGIX

2008-01-12 23:23 --------- d-----w C:\Users\neojunior\AppData\Roaming\Media Player Classic

2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-01-09 14:01 53,248 ----a-w C:\Windows\bdoscandel.exe

2008-01-09 05:28 --------- d-----w C:\Program Files\Windows Mail

2008-01-09 05:24 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-01-09 05:24 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-01-09 05:23 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-01-09 05:23 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-06 10:14 --------- d-----w C:\Program Files\DivX

2008-01-06 09:54 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-01-04 19:25 --------- d-----w C:\Program Files\Azureus

2008-01-03 20:02 --------- d-----w C:\Program Files\Foxit Software

2008-01-03 16:49 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-03 16:48 --------- d-----w C:\Program Files\eBay

2008-01-03 16:48 --------- d-----w C:\PROGRA~2\eBay

2008-01-02 22:29 --------- d-----w C:\Program Files\Picasa2

2008-01-02 22:29 --------- d-----w C:\Program Files\Microsoft Works

2008-01-02 22:29 --------- d-----w C:\Program Files\Microsoft Picture It! 9

2008-01-02 22:29 --------- d-----w C:\PROGRA~2\Ulead Systems

2008-01-02 15:46 --------- d-----w C:\Users\neojunior\AppData\Roaming\Symantec

2007-12-29 14:09 --------- d-----w C:\PROGRA~2\Azureus

2007-12-12 16:24 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2007-12-12 16:24 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2007-12-12 16:24 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll

2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll

2007-12-04 01:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll

2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\DivX.dll

2007-11-29 22:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe

2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"????r"="" []

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-15 15:24 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-15 12:32 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 03:57 3784704 C:\Windows\RtHDVCpl.exe]

"eRecoveryService"="" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 04:28 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 04:28 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 04:28 81920]

"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-15 15:27 185632]

"TrayServer"="C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 13:58 90112]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-15 15:24:16 126136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{CBA664D7-7845-4748-A78F-A801EA076BBF}"= UDP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite

"{88ECF735-BA95-4C4C-B1DD-F8A0505D0210}"= TCP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite

"{BDE6C266-D4E0-412E-8BDC-137FDAFD962D}"= UDP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess

"{95A589C8-AC04-4F93-BBA6-CFE965C0573A}"= TCP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess

"{9357837E-EEB8-4804-AEE7-FBB2A61280F4}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess

"{6539D799-7174-4EA6-AFEC-7E368AF33207}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess

"{3644AAC3-5A91-49CD-AFF0-3574437F4077}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess

"{BDD9BF01-7BE7-4893-B26C-DBF76962231A}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess

"{D107C740-DFB4-4E00-9C4E-0465AC8388A5}"= UDP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA

"{E2EC3638-EB6F-463F-AD0E-8C6100D6E4DD}"= TCP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA

"{582B234A-2EDA-4496-ACF3-432D2680BA55}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{1E8DF448-EECC-4757-A187-477D0F6DE5E3}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{A6AF243E-3A6B-476B-B97E-9AF101C48F03}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|

"{688C1D77-79C3-4CCB-A2B3-A4DAC6791371}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

"{3ABDB307-A8DB-4B39-BEA8-28F597BF19D9}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{BF57F5F5-4216-4471-83B5-319650D4EC95}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{2B8925AA-D197-49A0-A5A0-66473832B174}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{12D966A4-5EA8-4E2B-BDAD-599F380EBDB2}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{47D9AE8D-E94B-4205-B349-72D36033631A}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{456FA2CD-7B28-44FB-B342-668BC32B915F}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"TCP Query User{5B2644DC-0EB4-4001-95FD-EA332A9FAC4D}C:\program files\adsltv\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv|Desc=adsltv

"UDP Query User{E5145B18-140E-4C7B-8902-FAE3507AAC88}C:\program files\adsltv\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv|Desc=adsltv

"TCP Query User{A761E0BD-53AC-48DC-9FB2-6124ADC088E6}C:\program files\adsltv\vlc.exe"= UDP:C:\program files\adsltv\vlc.exe:VLC media player|Desc=VLC media player

"UDP Query User{69F4105D-B29D-468F-BF35-4E813984EAFA}C:\program files\adsltv\vlc.exe"= TCP:C:\program files\adsltv\vlc.exe:VLC media player|Desc=VLC media player

"TCP Query User{4E014A16-CF61-4839-8A80-61D6FEB4F738}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus

"UDP Query User{FAE9906E-C9EC-471E-8588-DC6F02D6BAE7}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus

"TCP Query User{17D2B551-462C-427F-ABF1-F4D4840C1096}C:\program files\homeplayer1.5.1.2\homeplayer.exe"= UDP:C:\program files\homeplayer1.5.1.2\homeplayer.exe:HomePlayer|Desc=HomePlayer

"UDP Query User{CBED141E-B8AF-40F0-AF06-2A094E08CFAB}C:\program files\homeplayer1.5.1.2\homeplayer.exe"= TCP:C:\program files\homeplayer1.5.1.2\homeplayer.exe:HomePlayer|Desc=HomePlayer

"TCP Query User{D4773AAF-C287-489A-9E1D-2DBE748A83A1}C:\program files\freeplayer\vlc\vlc.exe"= UDP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player|Desc=VLC media player

"UDP Query User{734EEDCA-77C9-4529-A14F-B4252901E386}C:\program files\freeplayer\vlc\vlc.exe"= TCP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player|Desc=VLC media player

"TCP Query User{91D6016E-B905-409D-A49E-BE688931C1FE}C:\program files\adsltv\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv|Desc=adsltv

"UDP Query User{0602E324-C378-44F0-8459-97D2B75B9961}C:\program files\adsltv\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv|Desc=adsltv

"TCP Query User{9DE06431-B0F9-4185-93F6-68E930F68578}C:\program files\adsltv\vlc.exe"= UDP:C:\program files\adsltv\vlc.exe:VLC media player|Desc=VLC media player

"UDP Query User{68B44CD2-2E9F-4E02-A917-132CEF23ED7D}C:\program files\adsltv\vlc.exe"= TCP:C:\program files\adsltv\vlc.exe:VLC media player|Desc=VLC media player

"TCP Query User{75D46E29-2BB6-4CC0-83BE-7C0808338EFD}C:\program files\homeplayer1.5.3.1\homeplayer.exe"= UDP:C:\program files\homeplayer1.5.3.1\homeplayer.exe:HomePlayer|Desc=HomePlayer

"UDP Query User{12778A4F-6E32-49F1-8CB0-5581ABF5AD0B}C:\program files\homeplayer1.5.3.1\homeplayer.exe"= TCP:C:\program files\homeplayer1.5.3.1\homeplayer.exe:HomePlayer|Desc=HomePlayer

"TCP Query User{04674E89-3B87-4197-B2CD-76654BE18266}C:\users\neojunior\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe"= UDP:C:\users\neojunior\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe|Desc=octoshapeclient.exe

"UDP Query User{1F28E1CC-9C76-4FE3-822A-BC17A3825189}C:\users\neojunior\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe"= TCP:C:\users\neojunior\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe|Desc=octoshapeclient.exe

"TCP Query User{9BB719DD-A684-4E9F-831B-7F4F4FE50566}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus

"UDP Query User{99926E98-E439-462B-844B-4FBAA0AD0646}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus

"{B93315E9-0135-4F63-96FC-27F5BD8D027B}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{D9BA60C0-E478-49EA-8941-B317F822AFF1}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{E045584D-3471-4D8C-96A4-5CD4181057A2}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{CE5C7F1E-2733-4CE0-94B0-71C19833BBB8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{E863A0F5-2890-416D-9CDD-078D49EF5BC7}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{93D879C0-1F14-4212-B3B1-C29CF9EF1648}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 14:10]

R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 14:21]

R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 15:11]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080221.003\IDSvix86.sys [2008-02-14 02:51]

R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]

R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-25 06:46]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\shell\AutoRun\command - E:\start.exe /checksection

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\shell\AutoRun\command - K:\start.exe /checksection

 

*Newly Created Service* - COMHOST

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-02-24 20:21:15 C:\Windows\Tasks\At1.job"

- C:\Windows\system32\kmd.exe%/d /c start C:\ComboFix\sYs.bat /\c@

"2008-02-25 19:20:36 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - neojunior.job"

- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:

"2008-02-25 19:00:00 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - neojunior.job"

- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-26 19:58:57

Windows 6.0.6000 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-02-26 19:59:36

ComboFix-quarantined-files.txt 2008-02-26 18:59:32

ComboFix2.txt 2008-02-23 17:06:55

ComboFix3.txt 2008-02-23 13:02:27

.

2008-02-22 05:15:35 --- E O F ---

------------------------------------------------

Modifié le 26 février 2008 par catetmic

[Thanos]

salut

 

Le problème est le suivant à présent > le parefeu de Vista est désactivé! il est nécéssaire de:

 

-soit le remettre en route.

-soit en installer un autre.

 

Ouvre le panneau de configuration.

- Clique sur Affichage classique.

- Double-clique sur Pare-feu Windows.

- Clique sur "Modifier les paramètres".

- Allez dans l'onglet Avancé.

- Cliquez sur le bouton Par défaut.

 

Tu dois avoir accès au parefeu comme montré ici > http://www.pcastuces.com/pratique/windows/...uvrir/page7.htm

 

Norton est encore présent sur ton pc: afin de nettoyer , télécharge Norton_Removal_Tool sur ton bureau.

 

Double clique sur l'icône de Norton Removal tool pour lancer l'utilitaire. Suis les indications à l'écran : il est possible que tu doives redémarrer plusieurs fois.

 

Poste moi un dernier rapport hijackthis comme ceci >

 

Lance HijackThis.

Clique sur Open Misc Tools Section

Assure toi que les deux cases de droite sont bien cochées:

* List all minor sections(Full)

* List Empty Sections(Complete)

Clique sur Generate StartupList Log

Click sur "oui" lorsque l'on te le demande.

Cela va générer un rapport,copie le et poste le ici.

 

@+