Scit.exe HELP me svp

Résolu
sephres -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Je suis infecté par un trojan atroce, scit.exe

J'ai ad-aware, qui n'a rien vu, zonealarm, qui me le signale et avast qui trouve rien.
J'ai mis spybotSD qui me trouve plein de merde, sans pouvoir éliminer scit.exe
Je vous poste un rapport hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:15, on 04/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\NetProject\scit.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myownstartpage.net/?cm=108&lt=1&it=2008-02-23%2005%3A05%3A53&dt=2008-03-02%2011%3A19%3A45&q=http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203739584.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Guitard\AppData\Local\Temp\byvwu.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Guitard\AppData\Local\Temp\ddawu.dll,c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [d8896d01] rundll32.exe "C:\Users\Guitard\AppData\Local\Temp\kavbihdu.dll",b
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Guitard\AppData\Local\Temp\dpveevwm.dll",run
O4 - HKCU\..\Run: [BMdbba5e9d] Rundll32.exe "C:\Users\Guitard\AppData\Local\Temp\vuaaptgh.dll",s
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7886 bytes
Configuration: Windows Vista
Firefox 2.0.0.12
TOSHIBA
double coeur 1.6 ghz
2 Go ram

6 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

    3/ refais comme en deux (toujours en mode sans echec) et selectionne l'option pour nettoyer et colle le rapport

    _______________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    secuser en ligne :
    http://www.secuser.com/outils/antivirus.htm

    --------------------

    recolle hijackthis et dis tes soucis
    0
    1. sephres
       
      salut cher ami.

      j'ai suivi les conseils d'un de tes confrères.

      J'ai fait un scan avec smit frau fix, puis j'ai redemarré en sans echec..
      j'ai lancé smit frau fix optin 2 et lorsque j'ai redemarré mon PC, y avait plus de lenteur.

      Par contre, mon PC me dit qu'il y a des processus qui ne peuvent pas se lancer (des .dll). Ils sont situés dans le repertoire "appdata\temp"
      Je n'ai pas le moyen de te donner plus de précisions.
      si tu sais comment regler ça malgré le flou....
      voici le rapport smit frau, puis celui hijack :

      Je te tiens au courant de l'évolution de ma situation.
      en tou cas merci, t'es très sympa, et très rapide

      SmitFraudFix v2.300

      Scan done at 17:42:35,01, 04/03/2008
      Run from C:\Users\Guitard\Desktop\SmitfraudFix
      OS: Microsoft Windows [version 6.0.6000] - Windows_NT
      The filesystem type is NTFS
      Fix run in normal mode

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\ZoneLabs\vsmon.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Synaptics\SynTP\SynToshiba.exe
      C:\Program Files\TrojanHunter 5.0\THGuard.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      \\?\C:\Windows\system32\wbem\WMIADAP.EXE
      C:\Program Files\Windows Media Player\setup_wm.exe
      C:\Windows\servicing\TrustedInstaller.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\cmd.exe
      C:\Windows\system32\conime.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\DllHost.exe
      C:\Windows\system32\SearchFilterHost.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Guitard


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Guitard\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Guitard\FAVORI~1


      »»»»»»»»»»»»»»»»»»»»»»»» Desktop


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


      »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, following keys are not inevitably infected!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, following keys are not inevitably infected!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, following keys are not inevitably infected!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, following keys are not inevitably infected!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""
      "LoadAppInit_DLLs"=dword:00000000


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, following keys are not inevitably infected!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


      »»»»»»»»»»»»»»»»»»»»»»»» Rustock



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Connexion réseau Intel(R) PRO/100
      DNS Server Search Order: 212.27.53.252
      DNS Server Search Order: 212.27.54.252

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{27B081A7-1E8B-483E-AE9F-F33121B38A81}: DhcpNameServer=212.27.53.252 212.27.54.252
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB47B0A4-D5FC-4400-933C-45F397A1EEB9}: DhcpNameServer=192.168.1.1 0.0.0.0
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{27B081A7-1E8B-483E-AE9F-F33121B38A81}: DhcpNameServer=212.27.53.252 212.27.54.252
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{CB47B0A4-D5FC-4400-933C-45F397A1EEB9}: DhcpNameServer=192.168.1.1 0.0.0.0
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252


      »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


      »»»»»»»»»»»»»»»»»»»»»»»» End



      HIJACK

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:36:15, on 04/03/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16609)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\NetProject\scm.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\System32\mobsync.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
      C:\Program Files\Synaptics\SynTP\SynToshiba.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\TrojanHunter 5.0\THGuard.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\Program Files\NetProject\scit.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myownstartpage.net/?cm=108<=1&it=2008-02-23%2005%3A05%3A53&dt=2008-03-02%2011%3A19%3A45&q=http://www.google.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203739584.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Guitard\AppData\Local\Temp\byvwu.dll,#1
      O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Guitard\AppData\Local\Temp\ddawu.dll,c
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [d8896d01] rundll32.exe "C:\Users\Guitard\AppData\Local\Temp\kavbihdu.dll",b
      O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Guitard\AppData\Local\Temp\dpveevwm.dll",run
      O4 - HKCU\..\Run: [BMdbba5e9d] Rundll32.exe "C:\Users\Guitard\AppData\Local\Temp\vuaaptgh.dll",s
      O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O13 - Gopher Prefix:
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    __________________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Program Files\NetProject
    C:\Users\Guitard\AppData\Local\Temp\byvwu.dll
    C:\Users\Guitard\AppData\Local\Temp\ddawu.dll
    C:\Users\Guitard\AppData\Local\Temp\kavbihdu.dll
    C:\Users\Guitard\AppData\Local\Temp\dpveevwm.dll
    C:\Users\Guitard\AppData\Local\Temp\vuaaptgh.dll
    C:\Program Files\NetProject\scit.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
  3. sephres
     
    Bien.

    Le pronlème m'a l'air reglé. Merci mille fois donc, pour ton efficacité et ta rapidité de réponse.
    Quelque chose m'inquiète. Tu as l'air d'avoir eu accès à mon PC (en effet, comment saurais tu le nom de mon répertoire "guitard").

    Bon, t'as pas l'air méchant. Et puis ya peut être une autre explication...
    Merci beaucoup, encore, et bravo. T'es un expert.

    Les messages .dll ne sont pas réapparus. en revanche, dans OTmoveit, il a rien trouvé.
    juges en par toi même :

    COMBOFIX :

    ComboFix 08-03-04.2 - Guitard 2008-03-04 18:41:49.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1199 [GMT 1:00]
    Endroit: C:\Users\Guitard\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-04 17:41 786,432 --sha-w C:\Users\Invité\NTUSER.DAT
    2008-03-04 17:41 786,432 --sha-w C:\Users\Invité\NTUSER.DAT
    2008-03-04 16:42 3,262 ----a-w C:\Windows\System32\tmp.reg
    2008-03-04 16:36 13,119 ----a-w C:\Users\Guitard\AppData\Roaming\nvModes.dat
    2008-03-04 16:36 --------- d-----w C:\Users\Guitard\AppData\Roaming\OpenOffice.org2
    2008-03-04 16:35 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
    2008-03-04 16:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-04 16:34 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-03-04 16:27 1,407,488 ----a-w C:\Windows\Internet Logs\xDB9414.tmp
    2008-03-04 15:35 --------- d-----w C:\Program Files\Trend Micro
    2008-03-02 10:23 95,465 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_03_01_09_38_22_small.dmp.zip
    2008-03-02 10:18 1,239,501 ----a-w C:\Windows\Internet Logs\tvDebug.zip
    2008-03-01 22:12 86,016 ----a-w C:\Windows\System32\VACFix.exe
    2008-02-29 22:48 82,432 ----a-w C:\Windows\System32\IEDFix.exe
    2008-02-25 09:04 --------- d-----w C:\Users\Guitard\AppData\Roaming\TrojanHunter
    2008-02-24 23:04 --------- d-----w C:\Program Files\TrojanHunter 5.0
    2008-02-18 10:44 105,592 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_01_31_18_43_31_small.dmp.zip
    2008-02-14 23:50 --------- d-----w C:\Users\Guitard\AppData\Roaming\Azureus
    2008-02-14 22:59 --------- d-----w C:\Users\Invité\AppData\Roaming\AdobeUM
    2008-02-14 22:52 --------- d-s---w C:\Users\Invité\AppData\Roaming\Microsoft
    2008-02-06 22:41 --------- d-----w C:\Users\Guitard\AppData\Roaming\dvdcss
    2008-01-24 14:24 --------- d-----w C:\Users\Guitard\AppData\Roaming\Talkback
    2008-01-21 10:54 --------- d-----w C:\Users\Guitard\AppData\Roaming\AdobeUM
    2008-01-14 05:23 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-01-14 05:19 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-01-14 05:18 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-01-14 03:16 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-01-14 03:15 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-01-12 04:27 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-01-12 01:45 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-01-09 23:09 --------- d-----w C:\Program Files\MagicISO
    2008-01-09 23:05 --------- d-----w C:\Users\Guitard\AppData\Roaming\DAEMON Tools
    2008-01-09 23:05 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-01-09 22:58 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-09 22:58 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-09 22:55 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-01-06 20:46 --------- d-----w C:\Users\Invité\AppData\Roaming\Adobe
    2008-01-06 18:01 --------- d-----w C:\ProgramData\WLInstaller
    2008-01-06 14:11 13,072 ----a-w C:\Users\Invité\AppData\Roaming\nvModes.dat
    2008-01-06 02:36 --------- d-----w C:\Users\Invité\AppData\Roaming\Macromedia
    2008-01-06 02:28 --------- d-----w C:\Users\Invité\AppData\Roaming\Mozilla
    2007-12-24 23:18 87,040 ----a-w C:\Windows\System32\msoert2.dll
    2007-12-24 23:18 49,664 ----a-w C:\Windows\System32\csrsrv.dll
    2007-12-24 23:18 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
    2007-12-24 23:18 376,320 ----a-w C:\Windows\System32\winsrv.dll
    2007-12-24 23:18 205,824 ----a-w C:\Windows\System32\msoeacct.dll
    2007-12-24 23:17 414,208 ----a-w C:\Windows\System32\msscp.dll
    2007-12-24 23:17 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
    2007-12-24 23:16 86,016 ----a-w C:\Windows\System32\icfupgd.dll
    2007-12-24 23:16 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2007-12-24 23:16 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2007-12-24 23:16 61,952 ----a-w C:\Windows\System32\cmifw.dll
    2007-12-24 23:16 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2007-12-24 23:16 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
    2007-12-24 23:16 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
    2007-12-24 23:16 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
    2007-12-24 23:16 16,896 ----a-w C:\Windows\System32\wfapigp.dll
    2007-12-24 23:15 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
    2007-12-24 23:15 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2007-12-24 23:14 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-24 23:14 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-24 23:14 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2007-12-24 23:14 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-12-24 23:13 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2007-12-24 23:13 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2007-12-24 23:11 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2007-12-24 23:10 5,120 ----a-w C:\Windows\System32\wmi.dll
    2007-12-24 23:10 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2007-12-24 23:10 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
    2007-12-24 23:10 152,576 ----a-w C:\Windows\System32\imagehlp.dll
    2007-12-24 23:09 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2007-12-24 23:09 633,856 ----a-w C:\Windows\System32\user32.dll
    2007-12-24 23:09 2,026,496 ----a-w C:\Windows\System32\win32k.sys
    2007-12-24 22:57 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2007-12-24 22:57 43,352 ----a-w C:\Windows\System32\wups2.dll
    2007-12-24 22:57 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
    2007-12-24 22:57 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
    2007-12-24 22:56 80,896 ----a-w C:\Windows\System32\wudriver.dll
    2007-12-24 22:56 549,720 ----a-w C:\Windows\System32\wuapi.dll
    2007-12-24 22:56 33,624 ----a-w C:\Windows\System32\wups.dll
    2007-12-24 22:56 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2007-12-24 22:56 163,000 ----a-w C:\Windows\System32\wuwebv.dll
    2007-12-06 04:14 224,824 ----a-w C:\Windows\System32\clfs.sys
    2007-12-06 04:10 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
    2007-12-06 04:09 824,832 ----a-w C:\Windows\System32\wininet.dll
    2007-12-06 04:09 595,456 ----a-w C:\Windows\System32\schedsvc.dll
    2007-12-06 04:09 558,080 ----a-w C:\Windows\System32\oleaut32.dll
    2007-12-06 04:09 23,552 ----a-w C:\Windows\System32\nshhttp.dll
    2007-12-06 04:09 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
    2007-12-06 04:09 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
    2007-12-06 04:08 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2007-12-06 04:08 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2007-12-06 04:08 115,200 ----a-w C:\Windows\System32\loadperf.dll
    2007-12-06 04:07 39,424 ----a-w C:\Windows\System32\lodctr.exe
    2007-12-06 04:07 35,328 ----a-w C:\Windows\System32\dispci.dll
    2007-12-06 04:07 32,256 ----a-w C:\Windows\System32\unlodctr.exe
    2007-12-06 04:07 260,096 ----a-w C:\Windows\System32\dpx.dll
    2007-12-06 04:07 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2007-12-06 04:07 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
    2007-12-06 04:07 12,800 ----a-w C:\Windows\System32\batt.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:58 1232896]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 13:01 413696]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 13:34 1004136]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 20:25 90191]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 20:25 7766016]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 20:25 81920]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 13:50 815104]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 14:50 3772416 C:\Windows\RtHDVCpl.exe]
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [ ]
    "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 15:42 554640]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-28 05:17 959976]
    "THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-02-08 11:22 1047712]

    C:\Users\Guitard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{5BA79CF1-2EA2-41D8-8CB4-B0318D63BA38}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
    R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 22:11]
    R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 13:12]
    S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 09:42]
    S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32]
    S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-02-14 18:50]
    S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2006-02-14 18:41]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-04 18:44:07
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????"P???????L? ?L?X?L???L???

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-04 18:45:16
    .
    2008-02-29 08:46:08 --- E O F ---

    OT MOVE IT :

    File/Folder C:\Program Files\NetProject not found.
    File/Folder C:\Users\Guitard\AppData\Local\Temp\byvwu.dll not found.
    File/Folder C:\Users\Guitard\AppData\Local\Temp\ddawu.dll not found.
    File/Folder C:\Users\Guitard\AppData\Local\Temp\kavbihdu.dll not found.
    File/Folder C:\Users\Guitard\AppData\Local\Temp\dpveevwm.dll not found.
    File/Folder C:\Users\Guitard\AppData\Local\Temp\vuaaptgh.dll not found.
    File/Folder C:\Program Files\NetProject\scit.exe not found.

    OTMoveIt2 v1.0.20 log created on 03042008_184701
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt guitard est inscrit dans les rapport hijackthis et combofix, c'est normal, on nous donne l'acces aux fichiers sensibles pour te desinfécter mais on a rien sur ce qu'il y a dans tes dossier !

    ____________

    recolle hijackthis pour verifier
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. sephres Messages postés 1 Statut Membre
     
    Voici le hijack. Désolé pour ces soupçons; mais j'aime bien mon intimité informatique ;-))
    Ca a l'air clean de mon coté en tout cas. no soucy

    Troisième remerciements. Tu me sors d'une belle merde.

    PS : au fait c'est ton taf ou t'es bénévole ?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:36:15, on 04/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\TrojanHunter 5.0\THGuard.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\NetProject\scit.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myownstartpage.net/?cm=108&lt=1&it=2008-02-23%2005%3A05%3A53&dt=2008-03-02%2011%3A19%3A45&q=http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203739584.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Guitard\AppData\Local\Temp\byvwu.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Guitard\AppData\Local\Temp\ddawu.dll,c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [d8896d01] rundll32.exe "C:\Users\Guitard\AppData\Local\Temp\kavbihdu.dll",b
    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Guitard\AppData\Local\Temp\dpveevwm.dll",run
    O4 - HKCU\..\Run: [BMdbba5e9d] Rundll32.exe "C:\Users\Guitard\AppData\Local\Temp\vuaaptgh.dll",s
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    non c'est pas bon tu m'as recoller le rapport hiajkchtis de tous a l'heure!

    refais un nouveau et virifie l'heure inscrite!

    non c'est pas mon metier , je ne suis pas du tout dans l'informatique! c'est que j'aime ça
    0