Infection beep.sys [Résolu]

[Cube]

ComboFix 09-08-24.06 - Cub 25/08/2009 21:10.9.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.254 [GMT 2:00]

Running from: c:\documents and settings\Cub\Bureau\ComboFix.exe

Command switches used :: c:\documents and settings\Cub\Bureau\CFscriptCube2.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Pare-feu Online Armor *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

"c:\documents and settings\All Users\Application Data\umeg.vbs"

"c:\documents and settings\LocalService\Application Data\anage.exe"

"c:\documents and settings\LocalService\Application Data\icufegyg.pif"

"c:\documents and settings\LocalService\Application Data\qozitizari.dat"

"c:\documents and settings\LocalService\Local Settings\Application Data\pylo.vbs"

"c:\program files\Fichiers communs\nenad.inf"

"c:\program files\lmggrq.txt"

"c:\program files\vbtoyak.txt"

"c:\windows\awis.vbs"

"c:\windows\luhihyp.com"

"c:\windows\puwexahi.bat"

"c:\windows\system32\omebolyvyq.sys"

"c:\windows\system32\wisdstr.VIR"

"c:\windows\system32\yreceloru.dat"

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\banepi.dl

c:\documents and settings\All Users\Application Data\umeg.vbs

c:\documents and settings\All Users\Application Data\vetarik._dl

c:\documents and settings\All Users\Application Data\vudu.ban

c:\documents and settings\All Users\Documents\byjeguho.pif

c:\documents and settings\All Users\Documents\kelexe.vbs

c:\documents and settings\All Users\Documents\ufizoqu.dl

c:\documents and settings\All Users\Documents\zinuto.sys

c:\documents and settings\Cub\Mes documents\cc_20071224_1859.reg

c:\documents and settings\LocalService\Application Data\anage.exe

c:\documents and settings\LocalService\Application Data\icufegyg.pif

c:\documents and settings\LocalService\Application Data\iricogizu._sy

c:\documents and settings\LocalService\Application Data\nuxycobab.inf

c:\documents and settings\LocalService\Application Data\qozitizari.dat

c:\documents and settings\LocalService\Local Settings\Application Data\pylo.vbs

C:\PC_Antispyware2010

c:\pc_antispyware2010\PC_Antispyware2010.lnk

c:\pc_antispyware2010\Uninstall.lnk

c:\program files\Fichiers communs\nenad.inf

c:\program files\lmggrq.txt

c:\windows\awis.vbs

c:\windows\biwa.ban

c:\windows\luhihyp.com

c:\windows\puwexahi.bat

c:\windows\system32\omebolyvyq.sys

c:\windows\system32\wisdstr.VIR

c:\windows\system32\yreceloru.dat

c:\windows\tugibofyti.dl

c:\windows\zikec.inf

 

.

((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))

.

 

2009-08-25 19:00 . 2001-08-28 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-08-25 19:00 . 2001-08-28 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2009-08-25 11:12 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-25 11:12 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-25 11:12 . 2009-08-25 11:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-24 15:41 . 2009-08-25 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor

2009-08-24 15:41 . 2009-08-24 15:41 -------- d-----w- c:\documents and settings\Cub\Application Data\OnlineArmor

2009-08-24 15:39 . 2009-07-11 03:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys

2009-08-24 15:39 . 2009-07-11 04:04 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys

2009-08-24 15:39 . 2009-07-11 03:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys

2009-08-24 15:39 . 2009-08-24 15:39 -------- d-----w- c:\program files\Tall Emu

2009-08-23 16:01 . 2009-07-13 18:52 380928 ----a-w- c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

2009-08-19 13:22 . 2009-08-20 09:36 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-19 13:22 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-19 13:22 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-19 13:22 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\program files\Avira

2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-08-16 11:34 . 2009-08-16 11:34 -------- d-----w- c:\program files\AxBx

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\MSBuild

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\Reference Assemblies

2009-08-16 09:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-16 09:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-16 09:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-16 09:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-16 09:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-16 09:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-16 09:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-15 12:14 . 2009-08-21 13:40 -------- d-----w- c:\windows\temp01

2009-08-13 19:30 . 2009-08-13 19:30 -------- d-----w- c:\documents and settings\LocalService\Bureau

2009-08-13 19:10 . 2009-08-19 13:01 -------- d-----w- c:\program files\Lavasoft

2009-08-13 18:39 . 2009-08-18 12:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-13 18:36 . 2004-08-05 12:00 2944 -c--a-w- c:\windows\system32\dllcache\null.sys

2009-08-13 18:36 . 2004-08-05 12:00 2944 ------w- c:\windows\system32\drivers\null.sys

2009-08-13 17:24 . 2009-08-25 11:13 -------- d-----w- c:\documents and settings\Cub\Application Data\Malwarebytes

2009-08-13 17:23 . 2009-08-25 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-13 10:34 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\vsapi32.dll

2009-08-13 10:34 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\BPMNT.dll

2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tmcomm.sys

2009-08-13 10:34 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ssapi32.dll

2009-08-13 10:33 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tsc.exe

2009-08-13 10:33 . 2009-08-13 10:33 183356 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Uninstaller.exe

2009-08-13 10:33 . 2009-08-13 10:33 61440 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Toolkit.dll

2009-08-13 10:33 . 2009-08-13 10:33 98304 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\getMac.exe

2009-08-13 10:33 . 2009-08-13 10:33 69632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80.dll

2009-08-13 10:33 . 2009-08-13 10:33 626688 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcr80.dll

2009-08-13 10:33 . 2009-08-13 10:33 57344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80u.dll

2009-08-13 10:33 . 2009-08-13 10:33 548864 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcp80.dll

2009-08-13 10:33 . 2009-08-13 10:33 479232 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcm80.dll

2009-08-13 10:33 . 2009-08-13 10:33 1093632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80.dll

2009-08-13 10:33 . 2009-08-13 10:33 1079808 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80u.dll

2009-08-13 10:32 . 2009-08-13 10:32 218736 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\patch.exe

2009-08-13 10:32 . 2009-08-13 10:32 189968 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ciussi32.dll

2009-08-13 10:32 . 2009-08-13 10:32 170512 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\PATCHW32.DLL

2009-08-13 10:32 . 2009-08-13 10:32 1267320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmUpdate.dll

2009-08-13 10:32 . 2009-08-13 10:32 116048 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmEngDrv.dll

2009-08-13 10:32 . 2009-08-13 10:32 832776 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\lea.dll

2009-08-13 10:32 . 2009-08-13 10:32 439560 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\jlea.dll

2009-08-13 10:32 . 2009-08-13 10:32 42320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\dsvout.dll

2009-08-13 10:21 . 2009-08-13 10:49 -------- d-----w- c:\documents and settings\Cub\Application Data\HouseCall 6.6

2009-08-12 20:29 . 2009-08-12 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\documents and settings\Cub\Application Data\SUPERAntiSpyware.com

2009-08-12 20:07 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-02 18:41 . 2008-04-14 00:57 32128 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys

2009-08-02 18:41 . 2008-04-14 00:57 32128 ----a-w- c:\windows\system32\drivers\wceusbsh.sys

2009-08-02 13:21 . 2009-08-20 10:44 -------- d-----w- c:\program files\Championship Manager 01-02

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-24 15:28 . 2005-03-07 09:05 88774 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-24 15:28 . 2005-03-07 09:05 515922 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-20 20:55 . 2005-09-10 13:43 75376 ----a-w- c:\documents and settings\Cub\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-20 17:58 . 2005-09-10 14:19 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-08-20 10:46 . 2005-03-08 08:55 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-19 13:09 . 2007-11-05 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-19 13:01 . 2007-11-06 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-08-18 12:24 . 2008-03-17 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO

2009-08-18 12:24 . 2007-12-06 13:48 -------- d-----w- c:\program files\Yahoo!

2009-08-18 12:20 . 2008-10-08 19:05 -------- d-----w- c:\program files\OpenTTD

2009-08-12 20:10 . 2007-04-22 17:29 -------- d-----w- c:\documents and settings\Cub\Application Data\Azureus

2009-08-10 13:57 . 2007-04-22 17:29 -------- d-----w- c:\program files\Azureus

2009-08-05 09:00 . 2005-03-07 09:05 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:03 . 2005-03-07 09:04 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2005-03-07 09:05 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-10 12:21 . 2008-09-03 08:25 -------- d-----w- c:\program files\Free FLV Converter

2009-07-08 12:12 . 2005-09-10 14:42 -------- d-----w- c:\program files\eMule

2009-07-03 16:57 . 2005-03-07 09:05 915456 ------w- c:\windows\system32\wininet.dll

2009-07-02 22:42 . 2009-07-02 22:42 52736 ----a-w- c:\windows\ipuninst.exe

2009-06-29 12:11 . 2006-06-22 22:29 -------- d-----w- c:\program files\DOSBox-0.65

2009-06-24 19:02 . 2008-09-03 08:26 299008 ----a-w- c:\windows\system32\TubeFinder.exe

2009-06-16 14:40 . 2005-03-07 09:05 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2005-03-07 09:04 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2005-03-07 09:05 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:14 . 2005-03-07 09:04 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2005-03-07 17:17 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2005-03-07 09:05 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2005-03-07 09:05 1297408 ----a-w- c:\windows\system32\quartz.dll

2006-05-06 16:42 . 2006-10-01 08:11 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

"Anti-Blaxx Manager"="c:\program files\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 225280]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-07 180269]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-02-21 13783040]

"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-12 113664]

Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-01-18 11:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ymetray.lnk]

backup=c:\windows\pss\ymetray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

"WinampAgent"="c:\program files\Winamp\winampa.exe"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [24/08/2009 17:39 200784]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [24/08/2009 17:39 24656]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [24/08/2009 17:39 29776]

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [12/10/2004 05:47 98304]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 15:22 108289]

R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [24/08/2009 17:39 362184]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [12/10/2004 04:40 118784]

R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [24/08/2009 17:39 3142344]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [16/06/2007 16:37 19034]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-25 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2008-04-09 20:01]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Transfert par Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm

Trusted Zone: sony-europe.com

Trusted Zone: sonystyle-europe.com

Trusted Zone: vaio-link.com

FF - ProfilePath - c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\

FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-25 21:29

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1982833410-1739476970-98387861-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(560)

c:\windows\system32\VESWinlogon.dll

 

- - - - - - - > 'explorer.exe'(3572)

c:\program files\Tall Emu\Online Armor\OAwatch.dll

c:\program files\MessengerPlus! 3\MsgPlusLoader.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Sony\VAIO Cooperated Initialisation\VCI_TASK.exe

c:\program files\Glary Utilities\Integrator.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

c:\program files\Apoint\ApntEx.exe

c:\program files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

c:\program files\Tall Emu\Online Armor\oahlp.exe

.

**************************************************************************

.

Completion time: 2009-08-25 21:36 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-25 19:36

ComboFix2.txt 2009-08-25 18:06

ComboFix3.txt 2009-08-23 15:59

ComboFix4.txt 2009-08-20 21:37

ComboFix5.txt 2009-08-25 19:06

 

Pre-Run: 11 573 137 408 octets libres

Post-Run: 11 532 697 600 octets libres

 

333 --- E O F --- 2009-08-18 12:20

[Falkra]

Ha, hô, un beau rapport ça !

 

Je commande un dernier scan MBAM (mis à jour) par prudence, suivi d'un rapport HijackThis, mais à mon avis, ton PC doit mieux respirer, tu confirmes ?

[Cube]

Tout a fait merci beaucoup.

Je te poste les rapports MBAM et Highjackthis.

[Cube]

Le rapport MBAM

 

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2551

Windows 5.1.2600 Service Pack 3 (Safe Mode)

 

26/08/2009 00:07:42

mbam-log-2009-08-26 (00-07-42).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 183271

Temps écoulé: 2 hour(s), 10 minute(s), 5 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

Et le rapport Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:35:47, on 26/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Tall Emu\Online Armor\OAcat.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_Task.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Glary Utilities\Integrator.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Tall Emu\Online Armor\OAhlp.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Cub\Bureau\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')

O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Transfert par Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://el-cub.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126363648660

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

 

--

End of file - 11148 bytes

[Falkra]

Impeccable.

 

Désinstalle combofix : entre combofix /u dans la boite exécuter du menu démarrer.

=> combofix espace slasht u

Après cela, efface ce dossier s'il existe encore :

C:\QooBox

 

Tu peux garder MBAM, il t'a été utile, et c'est un outil tout public, contrairement à certains utilisés pour nettoyer les machines.

Le module résident (qui tourne à l'arrière plan) est payant, mais le programme fonctionne en mode gratuit, ce module ne s'active simplement pas. Du coup dans sa version gratuite il cohabite avec tout, en tant que scanneur à la demande.

Spybot et Ad-aware sont de conception obsolète, le modèle de MBAM est bien plus pertinent face aux infections actuelles, et donne d'excellents résultats.

 

Garde évidemment online armor.

 

Il faut bien garder ton système et les logiciels à jour pour éviter les vulnérabilités.

PSI de Secunia peut t'y aider. https://psi.secunia.com/

JavaRa peut t'y aider pour Java : http://raproducts.org/

Et voici un tuto JavaRa

Et bien sûr, Windows Updates.

 

Rends toi sur cette page de configuration du plugin Flash.

Coche la case "M'avertir de la disponibilité d'une mise à jour de Adobe Flash Player", et règle l'intervalle de recherche sur le minimum, ici 7 jours.

Ferme le navigateur et retourne sur la page pour confirmer la prise en compte du réglage.

 

Il faut passer au SP3 de windows XP. (lien)

Puis passer par windows updates régulièrement.

 

Voici un peu de lecture, une compilation de conseils pour éviter une réinfection et sécuriser la machine.

 

Un petit point sur les risques du P2P en matière de sécurité logicielle (par Ogu) :

(clique sur l'image).

 

N'hésite pas à poser des questions, cette partie est aussi importante que la désinfection.

 

Tu peux marquer résolu dans le titre, (en éditant le premier post, le titre devient modifiable).

[Cube]

OK merci beaucoup de m'avoir accordé du temps et pour ton aide, j'y serai pas arrivé sans toi.

 

a bientot