Trojan.Retapu.D

Résolu
matelot069 Messages postés 9 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
Je viens d'etre infecté.
Avez-vous la solution ?
Merci.
Configuration: Windows XP
Firefox 2.0.0.11

18 réponses

  1. reyvax50 Messages postés 360 Statut Membre 23
     
    Bonsoir,

    C'est un virus du a msn?

    Si c'est le cas => MsnFIX (www.malekal.com/tutorial_MSNFix.php)

    ++
    0
  2. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Bonsoir,

    Colle un Log hijackthis

    télécharge HijackThis ici:
    http://telechargement.zebulon.fr/138-hijackthis-1991.html
    Dézippe le dans un dossier
    Par exemple C:\hijackthis < Enregistre le bien dans c:\

    Lance le puis:
    clique sur "do a system scan and save logfile"
    faire un copier coller du log sur le forum

    Ensuite :

    Télécharge MSNFix:

    http://sosvirus.changelog.fr/MSNFix.zip

    Décompresse-le et double clic sur le fichier MSNFix.bat.
    - Exécute l'option R.
    --Si l'infection est détectée, exécute l'option N
    - Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
    Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

    _____________________________________________________
    0
  3. matelot069 Messages postés 9 Statut Membre
     
    Resalut,
    Oui c'est bien sur msn que j'ai chopé ce ver.
    Voici le resumé de Hijack this.
    Logfile of HijackThis v1.99.1
    Scan saved at 09:02:47, on 19/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\DOCUME~1\Margaux\LOCALS~1\Temp\services.exe
    C:\WINDOWS\mrofinu1148.exe
    C:\WINDOWS\system32\Restore\SVCHOST.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\matelot69\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\matelot69\Application Data\Microsoft\Windows\mvudee.exe
    C:\WINDOWS\system32\CROSOF~1.NET\regsvr32.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Hercules\WiFi Station\WifiStation.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\QuickCam10\COCIManager.exe
    C:\Documents and Settings\matelot69\Mes documents\??crosoft.NET\??erinit.exe
    C:\WINDOWS\17PHolmes1148.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3617D16C-19F3-6270-ABBC-63A3958AA8CC} - C:\WINDOWS\system32\atfbfi.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\Margaux\LOCALS~1\Temp\services.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\system32\Restore\SVCHOST.EXE
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\matelot69\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\matelot69\Application Data\Microsoft\Windows\mvudee.exe
    O4 - HKCU\..\Run: [Aase] "C:\WINDOWS\system32\CROSOF~1.NET\regsvr32.exe" -vt yazb
    O4 - HKCU\..\Run: [Ozerbl] "C:\Documents and Settings\matelot69\Mes documents\??crosoft.NET\??erinit.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O4 - Global Startup: WiFi Station.lnk = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.pixum.fr/?p_ref=crm_umleitung_photoreflex_1113
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B0CE92F0-E422-4CFB-885D-BD261EE4BB3A}: NameServer = 192.168.1.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. matelot069 Messages postés 9 Statut Membre
     
    Re,
    J'ai aussi une petite fenetre qui s'affiche et que je n'arrive pas à fermer. " Windows- pas de disque"
    Impossible de l'enlever.
    0
  6. matelot069 Messages postés 9 Statut Membre
     
    Re,
    Pour MSN fix.bat, je le lance, je selectionne R, le scan se lance et la fenetre disparait, puis plus rien !!!!!!!
    C'est une mauvaise manip ou c'est normal ?
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    fais ceci :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    et post un nouveau hijack this stp

    @+
    0
  8. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Aprés le comboFix, pour faire ton log hijackthis,

    telecharge bien la dernière version (2.0.2) :

    http://telechargement.zebulon.fr/138-hijackthis-1991.html
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    merci Saiyen75,
    0
  10. Saiyen75 Messages postés 2699 Statut Membre 184
     
    pas de problème :)
    0
  11. matelot069 Messages postés 9 Statut Membre
     
    re,
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:01, on 2008-01-20
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\WINDOWS\mrofinu1148.exe
    C:\WINDOWS\system32\Restore\SVCHOST.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\matelot69\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\matelot69\Application Data\Microsoft\Windows\mvudee.exe
    C:\WINDOWS\system32\CROSOF~1.NET\regsvr32.exe
    C:\Documents and Settings\matelot69\Mes documents\??crosoft.NET\??erinit.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Hercules\WiFi Station\WifiStation.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\QuickCam10\COCIManager.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\MATELO~1\LOCALS~1\Temp\Rar$EX04.984\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3617D16C-19F3-6270-ABBC-63A3958AA8CC} - C:\WINDOWS\system32\atfbfi.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\Margaux\LOCALS~1\Temp\services.exe
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKCU\..\Run: [Aase] "C:\WINDOWS\system32\CROSOF~1.NET\regsvr32.exe" -vt yazb
    O4 - HKCU\..\Run: [Ozerbl] "C:\Documents and Settings\matelot69\Mes documents\??crosoft.NET\??erinit.exe"
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\matelot69\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\matelot69\Application Data\Microsoft\Windows\mvudee.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O4 - Global Startup: WiFi Station.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.pixum.fr/?p_ref=crm_umleitung_photoreflex_1113
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B0CE92F0-E422-4CFB-885D-BD261EE4BB3A}: NameServer = 192.168.1.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  12. matelot069 Messages postés 9 Statut Membre
     
    re,
    ComboFix 08-01-20.1 - matelot69 2008-01-20 3:30:17.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.520 [GMT 1:00]
    Running from: C:\Documents and Settings\matelot69\Bureau\ComboFix.exe
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .
    [color=purple]The following files were disabled during the run:[/color]
    C:\WINDOWS\system32\sockspy.dll

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Autorun.inf
    C:\Documents and Settings\matelot69\Application Data\WinTouch
    C:\Documents and Settings\matelot69\Application Data\WinTouch\wintouch.cfg
    C:\Documents and Settings\matelot69\Application Data\WinTouch\WinTouch.exe.vzr
    C:\Documents and Settings\matelot69\Application Data\WinTouch\WTUninstaller.exe
    C:\Documents and Settings\matelot69\Menu D‚marrer\Programmes\Outerinfo
    C:\Documents and Settings\matelot69\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
    C:\Documents and Settings\matelot69\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\matelot69\Mes documents\CROSOF~1.NET
    C:\Documents and Settings\matelot69\Mes documents\CROSOF~1.NET\??erinit.exe.vzr
    C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
    C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
    C:\Program Files\inetget2
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\FF\chrome.manifest
    C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
    C:\Program Files\outerinfo\FF\install.rdf
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\Router
    C:\Program Files\Router\UnInstall.exe
    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\WINDOWS\mrofinu1148.exe
    C:\WINDOWS\system32\crosof~1.net
    C:\WINDOWS\system32\crosof~1.net\??crosoft.NET\
    C:\WINDOWS\system32\crosof~1.net\regsvr32.exe.vzr
    C:\WINDOWS\system32\csrs.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-20 03:12 . 2008-01-20 03:12 <REP> d-------- C:\Documents and Settings\Margaux\Application Data\MailFrontier
    2008-01-20 03:08 . 2008-01-20 03:08 <REP> d-------- C:\WINDOWS\srchasst
    2008-01-20 03:08 . 2008-01-20 03:08 <REP> d-------- C:\WINDOWS\msagent
    2008-01-20 02:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-20 02:39 . 2008-01-20 02:39 <REP> d-------- C:\Program Files\SonicWallES
    2008-01-20 02:27 . 2008-01-20 02:39 <REP> d-------- C:\Documents and Settings\matelot69\Application Data\MailFrontier
    2008-01-19 15:19 . 2008-01-20 02:45 3,622 --a------ C:\rollback.ini
    2008-01-19 14:59 . <REP> C:\Documents and Settings\Bérénice\Application Data\MailFrontier
    2008-01-19 14:57 . <REP> C:\Documents and Settings\Bérénice\Application Data\Sunbelt Software
    2008-01-19 09:43 . 2008-01-20 03:20 707,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-19 09:43 . 2008-01-20 03:20 7,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-01-19 09:21 . 2008-01-20 02:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-01-19 09:19 . 2008-01-20 03:33 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-01-19 09:04 . 2008-01-19 09:04 36,864 --a------ C:\WINDOWS\17PHolmes1148.exe
    2008-01-19 03:16 . 2008-01-19 03:16 <REP> d-------- C:\Documents and Settings\matelot69\Application Data\Grisoft
    2008-01-19 03:16 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-19 02:56 . 2008-01-19 02:56 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-18 20:35 . 2008-01-18 20:35 <REP> d-------- C:\Documents and Settings\Margaux\Application Data\Sunbelt Software
    2008-01-18 07:47 . 2008-01-19 09:02 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2008-01-18 07:22 . 2008-01-20 03:26 <REP> d-------- C:\Program Files\Yahoo!
    2008-01-18 07:22 . 2008-01-18 07:22 <REP> d-------- C:\Program Files\CCleaner
    2008-01-18 06:50 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
    2008-01-18 06:50 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
    2008-01-18 06:50 . 2008-01-18 06:50 3,120 --a------ C:\WINDOWS\system32\118290.54
    2008-01-18 06:50 . 2008-01-18 06:50 3,120 --a------ C:\WINDOWS\118294.78
    2008-01-18 06:50 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
    2008-01-18 06:43 . 2008-01-18 06:43 0 --a------ C:\WINDOWS\system32\SBRC.dat
    2008-01-18 06:43 . 2008-01-18 06:43 0 --a------ C:\WINDOWS\system32\SBFC.dat
    2008-01-18 06:32 . 2008-01-18 06:32 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
    2008-01-18 06:31 . 2008-01-18 06:31 <REP> d-------- C:\Program Files\Sunbelt Software
    2008-01-18 06:31 . 2008-01-18 06:31 <REP> d-------- C:\Documents and Settings\matelot69\Application Data\Sunbelt Software
    2008-01-18 06:31 . 2008-01-18 06:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
    2008-01-17 23:39 . 9,296 C:\Documents and Settings\Bérénice\vcxzsn.exe
    2008-01-17 23:35 . 9,296 C:\Documents and Settings\Bérénice\uxaija.exe
    2008-01-17 20:52 . 2008-01-17 21:10 <REP> d-------- C:\Program Files\Dot1XCfg
    2008-01-17 20:49 . 2008-01-18 07:30 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
    2008-01-17 20:29 . 2008-01-17 20:29 2,563 --a------ C:\WINDOWS\image.jpg
    2008-01-14 22:32 . 2008-01-14 22:37 <REP> d-------- C:\Program Files\GoPets Ltd
    2007-12-27 20:12 . 2006-06-22 23:29 513,584 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
    2007-12-27 20:12 . 2003-02-21 13:42 348,160 -ra------ C:\WINDOWS\system\msvcr71.dll
    2007-12-27 20:12 . 2006-06-22 23:29 293,808 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS
    2007-12-27 20:12 . 2006-06-22 23:29 263,728 -ra------ C:\WINDOWS\system32\lvcodec2.dll
    2007-12-27 20:12 . 2006-06-22 23:29 210,480 -ra------ C:\WINDOWS\system32\LVUI2.dll
    2007-12-27 20:12 . 2006-06-22 23:29 116,272 -ra------ C:\WINDOWS\system32\lvcoinst.dll
    2007-12-27 20:12 . 2006-06-22 23:29 38,960 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2007-12-27 20:12 . 2006-06-22 21:51 22,334 -ra------ C:\WINDOWS\system32\lvcoinst.ini
    2007-12-27 20:12 . 2006-06-22 21:51 4,770 -ra------ C:\WINDOWS\system32\Repository.reg
    2007-12-27 20:09 . 2007-12-27 20:09 <REP> d-------- C:\Program Files\Logitech
    2007-12-27 20:09 . 2007-12-27 20:10 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
    2007-12-27 20:09 . 2007-12-27 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
    2007-12-21 22:15 . 2007-12-21 22:32 33 --a------ C:\WINDOWS\Multimedia manager.INI
    2007-12-21 22:06 . <REP> C:\Documents and Settings\Bérénice\Application Data\Samsung

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-20 02:37 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-01-20 02:20 130,048 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-01-20 01:32 81,920 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-01-19 08:02 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-01-19 01:46 10 ----a-w C:\Program Files\.autoreg
    2008-01-18 05:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-18 04:54 --------- d-----w C:\Program Files\MSN Messenger
    2008-01-18 04:54 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-18 04:54 --------- d-----w C:\Documents and Settings\Bérénice\Application Data\Winamp
    2008-01-18 04:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-01-18 04:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-13 15:24 --------- d-----w C:\Program Files\Winamp
    2008-01-13 09:52 --------- d-----w C:\Program Files\eMule
    2008-01-09 20:45 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-17 21:44 --------- d-----w C:\Documents and Settings\Bérénice\Application Data\Adobe
    2007-12-13 18:27 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2007-12-13 18:27 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
    2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
    2007-12-13 18:27 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
    2007-12-13 18:27 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2007-12-12 19:28 --------- d-----w C:\Documents and Settings\Bérénice\Application Data\Apple Computer
    2007-12-09 22:03 --------- d-----w C:\Program Files\IDENCIG
    2007-12-09 21:31 --------- d-----w C:\Documents and Settings\matelot69\Application Data\Template
    2007-12-09 21:21 --------- d-----w C:\Program Files\hp deskjet 920c series
    2007-12-09 21:19 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-12-08 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-12-08 21:04 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2007-12-08 20:53 --------- d-----w C:\Program Files\MSBuild
    2007-12-07 20:14 --------- d-----w C:\Documents and Settings\Margaux\Application Data\Samsung
    2007-12-07 20:09 --------- d-----w C:\Program Files\Samsung
    2007-12-05 11:38 --------- d-----w C:\Program Files\Fichiers communs\Vbox
    2007-12-05 11:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-12-04 14:14 --------- d-----w C:\Documents and Settings\matelot69\Application Data\Apple Computer
    2007-11-26 21:30 --------- d-----w C:\Program Files\Picasa2
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3617D16C-19F3-6270-ABBC-63A3958AA8CC}]
    C:\WINDOWS\system32\atfbfi.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 20:37 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
    "Router"="C:\Program Files\Router\Router.exe" [ ]
    "Aase"="C:\WINDOWS\system32\CROSOF~1.NET\regsvr32.exe" [ ]
    "Ozerbl"="C:\Documents and Settings\matelot69\Mes documents\??crosoft.NET\??erinit.exe" [ ]
    "WinTouch"="C:\Documents and Settings\matelot69\Application Data\WinTouch\WinTouch.exe" [ ]
    "SfKg6w"="C:\Documents and Settings\matelot69\Application Data\Microsoft\Windows\mvudee.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
    "Cmaudio"="cmicnfg.cpl" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
    "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 11:59 24576]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 13:14 311350]
    "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-04 02:01 28739]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 21:31 196608]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 09:46 497200]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 10:34 614960]
    "Flash Player2"="C:\DOCUME~1\Margaux\LOCALS~1\Temp\services.exe" [ ]
    "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStrCmpLogical"= 1 (0x1)
    "NoResolveTrack"= 0 (0x0)
    "NoResolveSearch"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMFUprogramsList"= 0 (0x0)
    "NoUserNameInStartMenu"= 0 (0x0)
    "NoStartMenuMorePrograms"= 0 (0x0)
    "MaxRecentDocs"= 15 (0xf)
    "NoInstrumentation"= 0 (0x0)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 0 (0x0)
    "DisallowCpl"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-01-18 06:32]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
    S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 20:19]
    S3 PID_400C;Video Blaster WebCam 5 (WDM);C:\WINDOWS\system32\DRIVERS\Pd100Vid.sys [2001-09-27 06:00]
    S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-31 15:18:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-20 03:41:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-20 3:43:55
    ComboFix-quarantined-files.txt 2008-01-20 02:43:45
    0
  13. matelot069 Messages postés 9 Statut Membre
     
    encore re,
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:58:05, on 20/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\CROSOF~1.NET\regsvr32.exe
    C:\Documents and Settings\matelot69\Mes documents\??crosoft.NET\??erinit.exe
    C:\Documents and Settings\matelot69\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\matelot69\Application Data\Microsoft\Windows\mvudee.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Hercules\WiFi Station\WifiStation.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\QuickCam10\COCIManager.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\MATELO~1\LOCALS~1\Temp\Rar$EX00.188\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3617D16C-19F3-6270-ABBC-63A3958AA8CC} - C:\WINDOWS\system32\atfbfi.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\Margaux\LOCALS~1\Temp\services.exe
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKCU\..\Run: [Aase] "C:\WINDOWS\system32\CROSOF~1.NET\regsvr32.exe" -vt yazb
    O4 - HKCU\..\Run: [Ozerbl] "C:\Documents and Settings\matelot69\Mes documents\??crosoft.NET\??erinit.exe"
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\matelot69\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\matelot69\Application Data\Microsoft\Windows\mvudee.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O4 - Global Startup: WiFi Station.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.pixum.fr/?p_ref=crm_umleitung_photoreflex_1113
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B0CE92F0-E422-4CFB-885D-BD261EE4BB3A}: NameServer = 192.168.1.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut matelo69,

    tu surf avec internet explorer 6.0 = failles de securitées importantes

    alors fais les mises a jour windows : tu veux la version 7.0

    et pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

    http://www.firefox.fr/

    a l´aide de hijack this coche et fix ceci :

    O2 - BHO: (no name) - {3617D16C-19F3-6270-ABBC-63A3958AA8CC} - C:\WINDOWS\system32\atfbfi.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\Margaux\LOCALS~1\Temp\services.exe
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\matelot69\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\matelot69\Application Data\Microsoft\Windows\mvudee.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
    O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

    comment fixer :

    Tutoriel d´utilisation (video) :

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    EDIT :

    Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
    http://sosvirus.changelog.fr/MSNFix.zip
    Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
    - Exécutez l'option R.
    -- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

    - Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

    puis

    Copie le texte ci-dessous :

    File::
    C:\Program Files\Router\Router.exe
    C:\Documents and Settings\matelot69\Application Data\WinTouch\WinTouch.exe
    C:\DOCUME~1\Margaux\LOCALS~1\Temp\services.exe
    C:\Documents and Settings\matelot69\Application Data\Microsoft\Windows\mvudee.exe
    C:\WINDOWS\Srchasst

    folder::
    C:\WINDOWS\Help\Tours

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3617D16C-19F3-6270-ABBC-63A3958AA8CC}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Router"=-
    "WinTouch"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @´+
    0
  15. matelot069 Messages postés 9 Statut Membre
     
    Salut g!rly,
    Merci pour tout tes renseignements et tes consignes. Mais j'ai l'impression de mettre débarrassé de mon virus.
    Mon ordi tourne comme avant et j'ai scaner via avg et bitdefender et ils ne trouvent plus de virus.
    Peux-tu me dire si c'est normal ou si cela cache quelques choses ?
    Encore un grand merci à toi.
    Amicalement.

    Matelot069.
    0
  16. matelot069 Messages postés 9 Statut Membre
     
    Oh, désolé, mais j'ai oublié de te remercier également Saiyen75.
    Alors voilà merci a vous 2 et bonne continuation.
    Amicalement.

    Matelot069.
    0
  17. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut Matelot069,

    tu as fais tout ce que je t´ai demandé au post 15?

    Pourrais-je voir les rapports stp.

    @+
    0