Infection beep.sys [Résolu]

[Cube]

Bonjour à tous,

 

Je suis nouveau sur le forum.

 

Voici la raison de mon inscription:

 

Mon PC portable est infecté depuis quelques jours par plusieurs virus dont braviax.

 

J'ai tenté d'y remédier par des scans avec Malwarebyte (qui supprime bien les fichiers infectés, mais lors du redémarrage proposé, impossible de revenir sous Windows, l'ordinateur redémarre,), Trojan Remover, et de supprimer manuellement les fichiers en cause.

 

Tant que je ne suis pas connecté à Internet, les virus semblent avoir disparus, mais dès que je me reconnecte, Avast me signale que l'ordinateur est toujours infecté.

 

Y aurait il quelqu'un qui serait en mesure de m'aider?

 

Merci d'avance

 

PS: en recherchant su le net, j'ai vu qu'un rapport HijackThis pouvait être utile, je l'inclus donc dans le message suivant.

 

Le rapport Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:23:26, on 19/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Glary Utilities\Integrator.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\rts.exe

C:\windows\ld12.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Documents and Settings\Cub\Bureau\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [rts] C:\WINDOWS\rts.exe

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')

O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')

O4 - Startup: ikowin32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Transfert par Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://el-cub.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126363648660

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

 

--

End of file - 11907 bytes

Modifié le 26 août 2009 par Cube

[Falkra]

Bonjour, bienvenue.

 

poste le rapport HijackThis stp.

 

 

 

OK, tu as posté pendant que j'écrivais.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  
• On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  
• Le bureau disparaît, c'est normal, et il va revenir.
  
• Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

[Cube]

Merci de ta réponse, mais Combofix ne fonctionne pas: une fois que je l'ai lancé, il se bloque toujours au même moment: il va jusqu'à:

 

Deleting Files:

C:\WINDOWS\system32\braviax.exe

C:\WINDOWS\system32\DelSelf.bat

C:\WINDOWS\system32\wisdstr.exe

 

Et là il bloque.

 

J'ai testé en mode normal et en mode sans échec.

 

Que puis je faire pour que Combofix aille jusqu'au bout?

[Falkra]

Renomme combofix.exe en svchost.exe et essaie de relancer, après un scan Malwarebytes (sans redémarrer la machine si proposé pr malwarebytes).

Tout ça en mode normal, l'antivirus étant préalablement désactivé.

[Cube]

Ok merci je vais essayer ca et je posterai le rapport combofix

[Falkra]

N'oublie pas de lui laisser le temps, parfois certains cycles sont longs, ce qui fait partie du processus.

[Cube]

Bonjour, après plusieurs essais infructueux, voici le rapport Combofix

 

ComboFix 09-08-19.04 - Cub 20/08/2009 11:44.5.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.100 [GMT 2:00]

Running from: c:\documents and settings\Cub\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1335 [VPS 090819-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\bufujyhy.pif

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\inyvucy.bat

c:\program files\PC_Antispyware2010

c:\program files\PC_Antispyware2010\AVEngn.dll

c:\program files\PC_Antispyware2010\data\daily.cvd

c:\program files\PC_Antispyware2010\htmlayout.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll

c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg

c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe

c:\program files\PC_Antispyware2010\pthreadVC2.dll

c:\program files\PC_Antispyware2010\Uninstall.exe

c:\program files\PC_Antispyware2010\wscui.cpl

c:\windows\system32\_scui.cpl

c:\windows\system32\braviax.exe

c:\windows\system32\wisdstr.exe

 

.

((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))

.

 

2009-08-20 09:40 . 2009-08-20 09:40 18446 ----a-w- c:\windows\fyju.dat

2009-08-20 09:40 . 2009-08-20 09:40 17600 ----a-w- c:\windows\system32\qofy.dat

2009-08-20 09:40 . 2009-08-20 09:40 17473 ----a-w- c:\program files\Fichiers communs\qabemalo.exe

2009-08-20 09:40 . 2009-08-20 09:40 14927 ----a-w- c:\program files\Fichiers communs\tulymi.vbs

2009-08-20 09:40 . 2009-08-20 09:40 13748 ----a-w- c:\windows\syxu.scr

2009-08-20 09:40 . 2009-08-20 09:40 12173 ----a-w- c:\windows\sazocewyw.bin

2009-08-20 09:40 . 2009-08-20 09:40 11302 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ketufat.sys

2009-08-20 09:40 . 2009-08-20 09:40 11180 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\idegasuba.pif

2009-08-20 09:39 . 2009-08-20 09:39 -------- d-----w- C:\PC_Antispyware2010

2009-08-19 14:24 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-19 14:24 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-19 14:24 . 2009-08-19 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-19 13:22 . 2009-08-20 09:36 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-19 13:22 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-19 13:22 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-19 13:22 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\program files\Avira

2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-08-16 11:34 . 2009-08-16 11:34 -------- d-----w- c:\program files\AxBx

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\MSBuild

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\Reference Assemblies

2009-08-16 09:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-16 09:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-16 09:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-16 09:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-16 09:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-16 09:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-16 09:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-15 12:14 . 2009-08-20 09:58 -------- d-----w- c:\windows\temp01

2009-08-14 15:05 . 2009-08-14 15:05 3584 ----a-w- c:\windows\system32\drivers\xagnnt07j31.sys

2009-08-14 15:05 . 2009-08-14 14:57 50688 ----a-w- c:\windows\rts.exe

2009-08-13 19:30 . 2009-08-13 19:30 -------- d-----w- c:\documents and settings\LocalService\Bureau

2009-08-13 19:10 . 2009-08-19 13:01 -------- d-----w- c:\program files\Lavasoft

2009-08-13 18:39 . 2009-08-18 12:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-13 18:36 . 2004-08-05 12:00 2944 -c--a-w- c:\windows\system32\dllcache\null.sys

2009-08-13 18:36 . 2004-08-05 12:00 2944 ----a-w- c:\windows\system32\drivers\null.sys

2009-08-13 17:24 . 2009-08-13 17:24 -------- d-----w- c:\documents and settings\Cub\Application Data\Malwarebytes

2009-08-13 17:23 . 2009-08-13 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-13 10:34 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\vsapi32.dll

2009-08-13 10:34 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\BPMNT.dll

2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tmcomm.sys

2009-08-13 10:34 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ssapi32.dll

2009-08-13 10:33 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tsc.exe

2009-08-13 10:33 . 2009-08-13 10:33 183356 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Uninstaller.exe

2009-08-13 10:33 . 2009-08-13 10:33 61440 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Toolkit.dll

2009-08-13 10:33 . 2009-08-13 10:33 98304 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\getMac.exe

2009-08-13 10:33 . 2009-08-13 10:33 69632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80.dll

2009-08-13 10:33 . 2009-08-13 10:33 626688 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcr80.dll

2009-08-13 10:33 . 2009-08-13 10:33 57344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80u.dll

2009-08-13 10:33 . 2009-08-13 10:33 548864 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcp80.dll

2009-08-13 10:33 . 2009-08-13 10:33 479232 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcm80.dll

2009-08-13 10:33 . 2009-08-13 10:33 1093632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80.dll

2009-08-13 10:33 . 2009-08-13 10:33 1079808 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80u.dll

2009-08-13 10:32 . 2009-08-13 10:32 218736 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\patch.exe

2009-08-13 10:32 . 2009-08-13 10:32 189968 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ciussi32.dll

2009-08-13 10:32 . 2009-08-13 10:32 170512 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\PATCHW32.DLL

2009-08-13 10:32 . 2009-08-13 10:32 1267320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmUpdate.dll

2009-08-13 10:32 . 2009-08-13 10:32 116048 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmEngDrv.dll

2009-08-13 10:32 . 2009-08-13 10:32 832776 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\lea.dll

2009-08-13 10:32 . 2009-08-13 10:32 439560 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\jlea.dll

2009-08-13 10:32 . 2009-08-13 10:32 42320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\dsvout.dll

2009-08-13 10:21 . 2009-08-13 10:49 -------- d-----w- c:\documents and settings\Cub\Application Data\HouseCall 6.6

2009-08-12 20:29 . 2009-08-12 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\documents and settings\Cub\Application Data\SUPERAntiSpyware.com

2009-08-12 20:07 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-02 18:41 . 2008-04-14 00:57 32128 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys

2009-08-02 18:41 . 2008-04-14 00:57 32128 ----a-w- c:\windows\system32\drivers\wceusbsh.sys

2009-08-02 13:21 . 2009-08-18 12:28 -------- d-----w- c:\program files\Championship Manager 01-02

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-20 09:40 . 2009-08-20 09:40 18750 ----a-w- c:\documents and settings\LocalService\Application Data\hexifa.vbs

2009-08-20 09:40 . 2009-08-20 09:40 18006 ----a-w- c:\program files\Fichiers communs\vupexaf.dl

2009-08-20 09:40 . 2009-08-20 09:40 12650 ----a-w- c:\documents and settings\All Users\Application Data\hyzaxi.dat

2009-08-20 09:40 . 2009-08-20 09:40 11848 ----a-w- c:\program files\Fichiers communs\vexido.dl

2009-08-20 09:40 . 2009-08-20 09:40 10587 ----a-w- c:\documents and settings\All Users\Application Data\okumeco.dat

2009-08-19 13:09 . 2007-11-05 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-19 13:01 . 2007-11-06 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-08-18 12:24 . 2008-03-17 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO

2009-08-18 12:24 . 2007-12-06 13:48 -------- d-----w- c:\program files\Yahoo!

2009-08-18 12:20 . 2008-10-08 19:05 -------- d-----w- c:\program files\OpenTTD

2009-08-17 19:03 . 2008-04-13 19:15 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys

2009-08-17 18:00 . 2009-08-17 18:00 2048 ----a-w- c:\program files\lmggrq.txt

2009-08-17 16:05 . 2005-03-07 09:05 91524 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-17 16:05 . 2005-03-07 09:05 522440 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-16 21:05 . 2005-09-10 13:43 75768 ----a-w- c:\documents and settings\Cub\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-15 12:37 . 2005-09-10 14:19 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-08-12 20:10 . 2007-04-22 17:29 -------- d-----w- c:\documents and settings\Cub\Application Data\Azureus

2009-08-10 22:01 . 2005-03-08 08:55 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-10 13:57 . 2007-04-22 17:29 -------- d-----w- c:\program files\Azureus

2009-08-05 09:00 . 2005-03-07 09:05 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:03 . 2005-03-07 09:04 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2005-03-07 09:05 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-10 12:21 . 2008-09-03 08:25 -------- d-----w- c:\program files\Free FLV Converter

2009-07-08 12:12 . 2005-09-10 14:42 -------- d-----w- c:\program files\eMule

2009-07-03 16:57 . 2005-03-07 09:05 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-02 22:42 . 2009-07-02 22:42 52736 ----a-w- c:\windows\ipuninst.exe

2009-06-29 12:11 . 2006-06-22 22:29 -------- d-----w- c:\program files\DOSBox-0.65

2009-06-24 19:02 . 2008-09-03 08:26 299008 ----a-w- c:\windows\system32\TubeFinder.exe

2009-06-16 14:40 . 2005-03-07 09:05 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2005-03-07 09:04 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2005-03-07 09:05 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:14 . 2005-03-07 09:04 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2005-03-07 17:17 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2005-03-07 09:05 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2005-03-07 09:05 1297408 ----a-w- c:\windows\system32\quartz.dll

2006-05-06 16:42 . 2006-10-01 08:11 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

"Anti-Blaxx Manager"="c:\program files\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 225280]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-07 180269]

"rts"="c:\windows\rts.exe" [2009-08-14 50688]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-02-21 13783040]

"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-12 113664]

Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-01-18 11:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ymetray.lnk]

backup=c:\windows\pss\ymetray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

"WinampAgent"="c:\program files\Winamp\winampa.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/05/2008 12:42 114768]

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [12/10/2004 05:47 98304]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 15:22 108289]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/05/2008 12:42 20560]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [12/10/2004 04:40 118784]

R2 xagnnt07j31;xagnnt07j31;c:\windows\system32\drivers\xagnnt07j31.sys [14/08/2009 17:05 3584]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [16/06/2007 16:37 19034]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-20 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2008-04-09 20:01]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe

HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe

HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Transfert par Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm

Trusted Zone: sony-europe.com

Trusted Zone: sonystyle-europe.com

Trusted Zone: vaio-link.com

FF - ProfilePath - c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\

FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-20 11:58

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1982833410-1739476970-98387861-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(916)

c:\windows\system32\VESWinlogon.dll

.

Completion time: 2009-08-20 12:03

ComboFix-quarantined-files.txt 2009-08-20 10:03

 

Pre-Run: 10 815 430 656 octets libres

Post-Run: 10 817 142 784 octets libres

 

288 --- E O F --- 2009-08-18 12:20

[Falkra]

Ca va mieux, mais il reste de la bestiole.

 

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

• Télécharge le fichier CFscript.txt depuis ce site :
  http://senduit.com/3deec5
   
  
• Place-le sur le bureau, près de l'icône de combofix.
  
• Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple
  

• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

 

-------

 

Après le redémarrage de combofix (et avoir posté le rapport), mets à jour MBAM et fais un scan stp (poste le rapport de MBAM).

[Cube]

bonsoir,

 

le lien que tu m'as fourni a expiré.

 

Pourrais tu me le renvoyer?

[Falkra]

Voici un nouveau lien :

http://senduit.com/8c9bb6