Probleme de Spyware

romaingicien Messages postés 7 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour, a tous et a toutes, j'ai quelques soucis avec mon ordinateur portable. Depuis quelques jour, j'ai un spyware ( je pense, sa peut être autre chose ) qui fait que je ne peut plus entrer dans mes document, y compris "poste de travail". Les fichier de mon bureau disparaisse et le laisse plus que leur nom ( un peu comme des icônes fantômes ).
Je suis sous windows vista basic, et le problème est que je n'ai aucun cd de réinstallation !
J'ai fait une analyse avec, avast et spybot et rien de tous ce que j'ai supprimé a remis le pc en état.
J'aime même fait une restauration a partir d'un point, le problème est que celui ci datait d'une semaine, et il n'y avait pas plus ancien.
Et je ne suis pas très doué en Informatique.
J'ai entendu dire que je pouvais formater le pc pour le remettre a son état d'origine, mais ce qui me fait peur c'est que si je formate le disque dur, je n'aurai plus windows... ce qu'il me faudrai c'est que je puisse mettre mon ordinateur comme à sa sortie d'usine :) ( tant pis pour mes programme, tant que je peu réutiliser l'ordinateur comme il était au début c'est bon !
J'espère que vous pourrez m'aider car la je suis vraiment désespéré !
Merci !
( désolé pour les fautes d'orthographes je me suis relus mais je suis sur qu'il en reste )
Configuration: Windows Vista
Firefox 2.0

13 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    bonjour romaingicien,

    on va voire ce que l´on peut faire...

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Télécharge HijackThis ici :

    -> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Post les rapports générés ici stp...

    @+
    0
  2. romaingicien Messages postés 7 Statut Membre
     
    ComboFix 08-03-22.3 - romain 2008-03-23 18:00:32.1 - NTFSx86
    Endroit: C:\Users\romain\Desktop\ComboFix.exe
    .
    -- Other TimeOuts --
    VFind -td "C:\Windows\system32\baiso*"
    C:\Windows\system32\conime.exe
    CF34.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
    pv -d10000 * -t -l

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\romain\AppData\Local\lhykfuyts_navfx.dat
    c:\Users\romain\AppData\Local\spusltf.dat
    c:\users\romain\appdata\local\spusltf.exe
    c:\Users\romain\AppData\Local\spusltf_nav.dat
    C:\Users\romain\AppData\Local\spusltf_navps.dat
    C:\Windows\dialerexe.ini
    C:\Windows\system32\drivers\Phibtn.exe
    C:\Windows\system32\drivers\Tray900.exe
    C:\Windows\system32\tar.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-23 16:38 --------- d---a-w C:\ProgramData\TEMP
    2008-03-23 16:26 --------- d-----w C:\Users\romain\AppData\Roaming\Skype
    2008-03-23 15:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-22 21:18 --------- d-----w C:\Program Files\Spyware Doctor
    2008-03-22 19:30 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-03-22 18:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-22 18:12 --------- d-----w C:\Program Files\ToniArts
    2008-03-22 17:04 --------- d-----w C:\Users\romain\AppData\Roaming\uTorrent
    2008-03-22 16:01 --------- d-----w C:\Program Files\Windows Mail
    2008-03-21 16:49 --------- d-----w C:\Users\romain\AppData\Roaming\PC Tools
    2008-03-16 10:29 --------- d-----w C:\Program Files\Eurobarre
    2008-03-15 21:30 --------- d-----w C:\Users\romain\AppData\Roaming\OpenOffice.org2
    2008-03-09 08:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-07 14:00 --------- d-----w C:\Program Files\Norton Security Scan
    2008-03-05 22:13 --------- d-----w C:\Program Files\DivX
    2008-03-04 16:02 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-04 15:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-04 15:51 --------- d-----w C:\Program Files\Windows Live
    2008-03-04 15:48 --------- d-----w C:\ProgramData\WLInstaller
    2008-03-02 20:26 --------- d-----w C:\Users\romain\AppData\Roaming\ma-config.com
    2008-03-02 18:31 85,458,946 ----a-w C:\.rer.reg
    2008-02-29 14:08 --------- d-----w C:\Users\romain\AppData\Roaming\MAGIX
    2008-02-29 14:05 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
    2008-02-29 14:02 --------- d-----w C:\Program Files\MAGIX
    2008-02-29 13:57 --------- d-----w C:\ProgramData\MAGIX
    2008-02-29 13:27 --------- d-----w C:\Program Files\Bodrag
    2008-02-13 13:20 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-13 13:15 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
    2008-02-13 13:15 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
    2008-02-13 13:15 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
    2008-02-13 13:15 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
    2008-02-13 13:15 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
    2008-02-13 13:15 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
    2008-02-13 13:15 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
    2008-02-13 13:07 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-13 13:07 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-13 13:07 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-13 13:07 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-13 13:07 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-13 13:06 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-13 13:06 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-13 13:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-13 13:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-13 13:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-13 13:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-13 12:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-01 11:55 42,376 ----a-w C:\Windows\system32\drivers\ikfilesec.sys
    2008-01-26 16:54 --------- d-----w C:\Program Files\InternetVelocity
    2008-01-26 15:12 --------- d-----w C:\Users\romain\AppData\Roaming\TuneUp Software
    2008-01-26 11:25 --------- d-----w C:\Program Files\Whisper Technology
    2008-01-23 16:42 --------- d-----w C:\Program Files\RegCleaner
    2007-09-10 19:13 2,293,712 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
    2007-09-10 19:11 3,655,488 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2007-09-10 19:09 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-08-30 10:29 174 --sha-w C:\Program Files\desktop.ini
    2007-12-12 15:49 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-12-12 15:49 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-12-12 15:49 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-03-09 07:12 27,648 --sha-w C:\Windows\System32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2007-07-31 15:33 1391640 --a------ C:\Program Files\Freecorder\tbFree.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43F7497C-7687-4DEA-A057-F21BD81BC896}]
    2006-11-02 10:46 108032 --a------ C:\Windows\system32\msjava32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2007-07-31 15:33 1391640]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFree.dll [2007-07-31 15:33 1391640]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
    "InternetVelocity"="C:\PROGRA~1\INTERN~2\INTERN~1.EXE" [ ]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 20:05 68856]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-03 11:14 1006264]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 13:58 815104]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-12-06 12:08 20480]
    "snpstd"="C:\Windows\vsnpstd.exe" [2005-10-11 12:54 339968]
    "SlipStream"="C:\Program Files\ONSPEED\onspeedcore.exe" [2005-11-29 10:43 253952]
    "TrayServer"="C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 13:58 90112]
    "MSConfig"="C:\Windows\system32\Msconfig.exe" [2006-11-02 10:45 222208]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoInstrumentation"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Users^romain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
    path=C:\Users\romain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
    backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhiBtn]
    C:\Windows\System32\Drivers\PhiBtn.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-09-01 14:57 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2007-09-13 12:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-08-08 20:05 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{EC92E223-CCDB-49F9-AEFD-965EDB30A319}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{6B5215AE-E535-4993-98B4-B414E591143A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{116CB330-39DC-4D2D-8D5E-8A41301C4AB1}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{0EAC3D8E-2D9E-4D29-A635-5D573979DF02}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{4F2812E4-A869-4794-B2F7-F6965E9F16E2}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{C54A81F8-D3FD-48D3-BF6E-BF4DA9A6FEC9}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{30A806E7-6E88-4224-A6A0-A501052D3BF2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{8CE81986-00A6-4427-B57B-714B459D5F86}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{D5A0A9E1-ADD1-48ED-9BE4-6E7E74AFF05A}C:\\users\\romain\\documents\\emulev0.48a.-morphxtv10.1-bin[1]\\emule\\emule.exe"= UDP:C:\users\romain\documents\emulev0.48a.-morphxtv10.1-bin[1]\emule\emule.exe:emule.exe
    "UDP Query User{E7689B7E-B94B-4D73-B660-9439F3CC7234}C:\\users\\romain\\documents\\emulev0.48a.-morphxtv10.1-bin[1]\\emule\\emule.exe"= TCP:C:\users\romain\documents\emulev0.48a.-morphxtv10.1-bin[1]\emule\emule.exe:emule.exe
    "TCP Query User{33B2B71D-9D7E-49F7-BE7B-46900CFDAF26}C:\\program files\\webcamxp\\webcamxp.exe"= UDP:C:\program files\webcamxp\webcamxp.exe:webcamXP 2007
    "UDP Query User{F9802BD8-8C88-46D7-B9AE-5757942D060E}C:\\program files\\webcamxp\\webcamxp.exe"= TCP:C:\program files\webcamxp\webcamxp.exe:webcamXP 2007
    "TCP Query User{149E6578-53C1-4BD2-A8E4-701C56827B62}C:\\program files\\media player classic\\mplayerc.exe"= UDP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
    "UDP Query User{04E0F83A-F83F-462F-8CF9-FA76F62A2FF7}C:\\program files\\media player classic\\mplayerc.exe"= TCP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
    "TCP Query User{0A7FA86C-F34B-47C2-AF38-B8380CF26053}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{3830B65A-3B5D-49C0-B212-E3AEC05AD559}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "TCP Query User{BB5C18C1-2792-4626-ABA0-1B9DEF170BFA}C:\\users\\romain\\desktop\\cl08secu13\\routerrecorder.exe"= UDP:C:\users\romain\desktop\cl08secu13\routerrecorder.exe:routerrecorder.exe
    "UDP Query User{24BB2314-B226-432E-9BF2-054319CDA762}C:\\users\\romain\\desktop\\cl08secu13\\routerrecorder.exe"= TCP:C:\users\romain\desktop\cl08secu13\routerrecorder.exe:routerrecorder.exe
    "TCP Query User{85B259C6-0A17-4806-B74C-AD6488E7C136}C:\\users\\romain\\desktop\\cl08secu13\\routerclient.exe"= UDP:C:\users\romain\desktop\cl08secu13\routerclient.exe:routerclient.exe
    "UDP Query User{7CCF3D48-0003-4673-9036-0C9F08AD54BE}C:\\users\\romain\\desktop\\cl08secu13\\routerclient.exe"= TCP:C:\users\romain\desktop\cl08secu13\routerclient.exe:routerclient.exe
    "TCP Query User{235BC9C1-1B04-4686-886C-FC4D0632B1AD}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= UDP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
    "UDP Query User{1F1A4A73-1EA6-4BFD-8FAC-B696E9C2A39C}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= TCP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
    "TCP Query User{A70D7D3F-5205-410C-8547-90C0A649C641}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
    "UDP Query User{F0877EBC-BD69-4D5B-A99C-A8C9C41C3A57}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
    "TCP Query User{E401702D-51E2-4FFA-8BD4-5C4600618D74}C:\\program files\\morpheus\\morpheus.exe"= UDP:C:\program files\morpheus\morpheus.exe:Morpheus
    "UDP Query User{3BEFA2EC-A05B-4BD8-AC1C-1B6B10DC39D6}C:\\program files\\morpheus\\morpheus.exe"= TCP:C:\program files\morpheus\morpheus.exe:Morpheus
    "TCP Query User{CCFE3F0B-621C-4595-9FBF-B1FBB57C8C68}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{4DB43520-071E-4DE9-A709-E30E720FD8B1}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "{8D681832-DE0E-4386-869A-4F40AA4A579D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{A4779EF8-0C51-4DE0-B977-4FC6ED7F35B8}C:\\users\\romain\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\romain\program files\utorrent\utorrent.exe:utorrent.exe
    "UDP Query User{EF351055-C0AA-4893-A076-B15316471F6B}C:\\users\\romain\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\romain\program files\utorrent\utorrent.exe:utorrent.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
    R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-18 19:03]
    R3 RTL85n86;Pilote du périphérique sans fil Realtek 8180/8185 Extensible 802.11;C:\Windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 08:30]
    R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 08:30]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    S3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    *Newly Created Service* - CATCHME

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
    msiexec /fums {D67616C5-EA96-1367-DE26-01E83704FBDB} /qb

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-04 10:27:12 C:\Windows\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-03-14 16:15:10 C:\Windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    "2008-03-07 16:40:27 C:\Windows\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2008-03-22 19:58:52 C:\Windows\Tasks\User_Feed_Synchronization-{ACD76467-F70A-4332-9EB8-461FE63D13DA}.job"
    - C:\Windows\system32\msfeedssync.exe
    "2008-03-23 17:01:58 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-23 18:09:27
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-23 18:12:34
    ComboFix-quarantined-files.txt 2008-03-23 17:12:27
    .
    2008-03-14 16:20:24 --- E O F ---

    Alors diagnostique docteur :)
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    il y a quelques fichiers infectés qui ont ete supprimés ;-)

    C:\Users\romain\AppData\Local\lhykfuyts_navfx.dat
    c:\Users\romain\AppData\Local\spusltf.dat
    c:\users\romain\appdata\local\spusltf.exe
    c:\Users\romain\AppData\Local\spusltf_nav.dat
    C:\Users\romain\AppData\Local\spusltf_navps.dat
    C:\Windows\dialerexe.ini
    C:\Windows\system32\drivers\Phibtn.exe
    C:\Windows\system32\drivers\Tray900.exe
    C:\Windows\system32\tar.exe


    j´aimerais que tu post également le rapport hijack this comme je te l´avais demandé :

    Télécharge HijackThis ici :

    -> https://www.commentcamarche.net/telecharger/ 159 hijackthis

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Post le rapport généré ici stp...

    et ce que la situation; a, ne serait-c´qu´un peu evoluée positivement ?

    @+
    0
  4. romaingicien Messages postés 7 Statut Membre
     
    Ha oui pardon.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:47:43, on 23/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Windows\CameraFixer.exe
    C:\Program Files\ONSPEED\onspeedcore.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\sdclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\Windows\system32\msjava32.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
    O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\Msconfig.exe" /auto
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [InternetVelocity] C:\PROGRA~1\INTERN~2\INTERN~1.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &Save Video As... - res://C:\Program Files\videodetect\videodetect.dll/201
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
    O9 - Extra 'Tools' menuitem: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    la suite :

    Copie le texte ci-dessous :

    File::
    C:\Windows\system32\msjava32.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43F7497C-7687-4DEA-A057-F21BD81BC896}]

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    puis

    appuie sur la touche vista et sur r simulatanement dans la boite de dialogue tape > cmd et valide

    dans la fenetre noir tape ceci : ipconfig /flushdns et valide par entree

    a l´aide de hijack this coche et fix les lignes suivantes :

    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72

    comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    telecharge malwarebytes

    -> http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm

    tu l´instales, le programme va se mettre a jour automatiquement.

    une fois a jour le programme va se lancer, clcik sur l´onglet parametre, tu coche la case : Arreter internet explorer pendant la suppression.

    click sur l´onglet recherche maintenant et coche la case : executer un examun complet.

    puis click sur rechercher.

    laisses le scanner le pc, a la fin un rapport va s´ouvrir copie et colle le ici stp

    @+
    0
  7. romaingicien Messages postés 7 Statut Membre
     
    Rapport pour combofix:

    ComboFix 08-03-22.3 - romain 2008-03-23 19:42:03.2 - NTFSx86
    Endroit: C:\Users\romain\Desktop\ComboFix.exe
    Command switches used :: C:\Users\romain\Desktop\CFScript.txt

    FILE ::
    C:\Windows\system32\msjava32.dll
    .
    -- Other TimeOuts --
    VFind -td "C:\Windows\system32\baiso*"
    C:\Windows\system32\conime.exe
    CF21335.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\* >Windir.dat"
    VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\*
    CF21335.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
    pv -d10000 * -t -l

    \SystemRoot\System32\smss.exe
    C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\SearchIndexer.exe /Embedding
    "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) " "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
    "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
    "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
    "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
    "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\spoolsv.exe
    "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
    "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    taskeng.exe {28C54596-0B81-4E92-A3BB-F6E489F839AC}
    C:\Windows\system32\sdclt.exe /DETECTFAILURE
    taskeng.exe {3D200551-2EC0-4A22-9244-0F73CDBF9E54}
    taskeng.exe {F73E3CC5-1B82-4317-ABA4-9BDE183FB5D9}
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    "C:\Windows\system32\Dwm.exe"
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\Ati2evxx.exe
    Ati2evxx.exe -Client
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    winlogon.exe
    "Taskmgr.exe"
    "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "C:\Windows\CameraFixer.exe"
    "C:\Program Files\ONSPEED\onspeedcore.exe"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" /SILENT
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    MTEE /+ d-delA.dat
    VFind -tf "C:\ProgramData.\microsoft\iehelper*"
    C:\Windows\system32\conime.exe
    CF21335.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\* >Windir.dat"
    VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\*
    CF21335.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
    pv -d10000 * -t -l

    \SystemRoot\System32\smss.exe
    C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\SearchIndexer.exe /Embedding
    "C:\Windows\system32\SearchFilterHost.exe" 0 624 628 636 65536 632
    "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) " "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
    "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
    "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
    "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
    "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\spoolsv.exe
    "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
    "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    taskeng.exe {28C54596-0B81-4E92-A3BB-F6E489F839AC}
    C:\Windows\system32\sdclt.exe /DETECTFAILURE
    taskeng.exe {3D200551-2EC0-4A22-9244-0F73CDBF9E54}
    taskeng.exe {F73E3CC5-1B82-4317-ABA4-9BDE183FB5D9}
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    "C:\Windows\system32\Dwm.exe"
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\Ati2evxx.exe
    Ati2evxx.exe -Client
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    winlogon.exe
    "Taskmgr.exe"
    "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "C:\Windows\CameraFixer.exe"
    "C:\Program Files\ONSPEED\onspeedcore.exe"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" /SILENT
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
    GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
    VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
    C:\Windows\system32\conime.exe
    CF21335.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
    pv -d20000 * -t -l

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\msjava32.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-23 18:53 --------- d-----w C:\Users\romain\AppData\Roaming\Skype
    2008-03-23 17:46 --------- d-----w C:\Program Files\Trend Micro
    2008-03-23 16:38 --------- d---a-w C:\ProgramData\TEMP
    2008-03-23 15:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-22 21:18 --------- d-----w C:\Program Files\Spyware Doctor
    2008-03-22 19:30 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-03-22 18:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-22 18:12 --------- d-----w C:\Program Files\ToniArts
    2008-03-22 17:04 --------- d-----w C:\Users\romain\AppData\Roaming\uTorrent
    2008-03-22 16:01 --------- d-----w C:\Program Files\Windows Mail
    2008-03-21 16:49 --------- d-----w C:\Users\romain\AppData\Roaming\PC Tools
    2008-03-16 10:29 --------- d-----w C:\Program Files\Eurobarre
    2008-03-15 21:30 --------- d-----w C:\Users\romain\AppData\Roaming\OpenOffice.org2
    2008-03-09 08:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-07 14:00 --------- d-----w C:\Program Files\Norton Security Scan
    2008-03-05 22:13 --------- d-----w C:\Program Files\DivX
    2008-03-04 16:02 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-04 15:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-04 15:51 --------- d-----w C:\Program Files\Windows Live
    2008-03-04 15:48 --------- d-----w C:\ProgramData\WLInstaller
    2008-03-02 20:26 --------- d-----w C:\Users\romain\AppData\Roaming\ma-config.com
    2008-03-02 18:31 85,458,946 ----a-w C:\.rer.reg
    2008-02-29 14:08 --------- d-----w C:\Users\romain\AppData\Roaming\MAGIX
    2008-02-29 14:05 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
    2008-02-29 14:02 --------- d-----w C:\Program Files\MAGIX
    2008-02-29 13:57 --------- d-----w C:\ProgramData\MAGIX
    2008-02-29 13:27 --------- d-----w C:\Program Files\Bodrag
    2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe
    2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll
    2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll
    2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
    2008-02-13 13:20 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-13 13:20 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-13 13:07 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-13 13:07 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-13 13:07 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-13 13:07 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-13 13:07 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-13 13:07 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-13 13:07 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-13 13:06 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-13 13:06 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-13 13:06 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-13 13:06 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-13 13:06 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-13 13:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-13 13:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-13 13:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-13 13:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-13 13:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-13 13:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-13 12:57 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-13 12:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-13 12:56 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-13 12:56 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-01 11:55 42,376 ----a-w C:\Windows\system32\drivers\ikfilesec.sys
    2008-01-26 16:54 --------- d-----w C:\Program Files\InternetVelocity
    2008-01-26 15:12 --------- d-----w C:\Users\romain\AppData\Roaming\TuneUp Software
    2008-01-26 11:25 --------- d-----w C:\Program Files\Whisper Technology
    2008-01-23 16:42 --------- d-----w C:\Program Files\RegCleaner
    2008-01-10 06:30 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2007-12-30 16:24 90,112 ----a-w C:\Windows\System32\stacsv.exe
    2007-12-30 16:24 535,552 ----a-w C:\Windows\System32\stapo.dll
    2007-12-30 16:24 197,632 ----a-w C:\Windows\System32\stcplx.dll
    2007-12-30 16:24 1,458,176 ----a-w C:\Windows\System32\stlang.dll
    2007-09-10 19:13 2,293,712 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
    2007-09-10 19:11 3,655,488 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2007-09-10 19:09 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-08-30 10:29 174 --sha-w C:\Program Files\desktop.ini
    2007-12-12 15:49 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-12-12 15:49 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-12-12 15:49 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-03-09 07:12 27,648 --sha-w C:\Windows\System32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2007-07-31 15:33 1391640 --a------ C:\Program Files\Freecorder\tbFree.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2007-07-31 15:33 1391640]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFree.dll [2007-07-31 15:33 1391640]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
    "InternetVelocity"="C:\PROGRA~1\INTERN~2\INTERN~1.EXE" [ ]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 20:05 68856]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-03 11:14 1006264]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 13:58 815104]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-12-06 12:08 20480]
    "snpstd"="C:\Windows\vsnpstd.exe" [2005-10-11 12:54 339968]
    "SlipStream"="C:\Program Files\ONSPEED\onspeedcore.exe" [2005-11-29 10:43 253952]
    "TrayServer"="C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 13:58 90112]
    "MSConfig"="C:\Windows\system32\Msconfig.exe" [2006-11-02 10:45 222208]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoInstrumentation"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Users^romain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
    path=C:\Users\romain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
    backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhiBtn]
    C:\Windows\System32\Drivers\PhiBtn.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-09-01 14:57 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2007-09-13 12:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-08-08 20:05 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{EC92E223-CCDB-49F9-AEFD-965EDB30A319}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{6B5215AE-E535-4993-98B4-B414E591143A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{116CB330-39DC-4D2D-8D5E-8A41301C4AB1}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{0EAC3D8E-2D9E-4D29-A635-5D573979DF02}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{4F2812E4-A869-4794-B2F7-F6965E9F16E2}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{C54A81F8-D3FD-48D3-BF6E-BF4DA9A6FEC9}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{30A806E7-6E88-4224-A6A0-A501052D3BF2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{8CE81986-00A6-4427-B57B-714B459D5F86}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{D5A0A9E1-ADD1-48ED-9BE4-6E7E74AFF05A}C:\\users\\romain\\documents\\emulev0.48a.-morphxtv10.1-bin[1]\\emule\\emule.exe"= UDP:C:\users\romain\documents\emulev0.48a.-morphxtv10.1-bin[1]\emule\emule.exe:emule.exe
    "UDP Query User{E7689B7E-B94B-4D73-B660-9439F3CC7234}C:\\users\\romain\\documents\\emulev0.48a.-morphxtv10.1-bin[1]\\emule\\emule.exe"= TCP:C:\users\romain\documents\emulev0.48a.-morphxtv10.1-bin[1]\emule\emule.exe:emule.exe
    "TCP Query User{33B2B71D-9D7E-49F7-BE7B-46900CFDAF26}C:\\program files\\webcamxp\\webcamxp.exe"= UDP:C:\program files\webcamxp\webcamxp.exe:webcamXP 2007
    "UDP Query User{F9802BD8-8C88-46D7-B9AE-5757942D060E}C:\\program files\\webcamxp\\webcamxp.exe"= TCP:C:\program files\webcamxp\webcamxp.exe:webcamXP 2007
    "TCP Query User{149E6578-53C1-4BD2-A8E4-701C56827B62}C:\\program files\\media player classic\\mplayerc.exe"= UDP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
    "UDP Query User{04E0F83A-F83F-462F-8CF9-FA76F62A2FF7}C:\\program files\\media player classic\\mplayerc.exe"= TCP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
    "TCP Query User{0A7FA86C-F34B-47C2-AF38-B8380CF26053}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{3830B65A-3B5D-49C0-B212-E3AEC05AD559}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "TCP Query User{BB5C18C1-2792-4626-ABA0-1B9DEF170BFA}C:\\users\\romain\\desktop\\cl08secu13\\routerrecorder.exe"= UDP:C:\users\romain\desktop\cl08secu13\routerrecorder.exe:routerrecorder.exe
    "UDP Query User{24BB2314-B226-432E-9BF2-054319CDA762}C:\\users\\romain\\desktop\\cl08secu13\\routerrecorder.exe"= TCP:C:\users\romain\desktop\cl08secu13\routerrecorder.exe:routerrecorder.exe
    "TCP Query User{85B259C6-0A17-4806-B74C-AD6488E7C136}C:\\users\\romain\\desktop\\cl08secu13\\routerclient.exe"= UDP:C:\users\romain\desktop\cl08secu13\routerclient.exe:routerclient.exe
    "UDP Query User{7CCF3D48-0003-4673-9036-0C9F08AD54BE}C:\\users\\romain\\desktop\\cl08secu13\\routerclient.exe"= TCP:C:\users\romain\desktop\cl08secu13\routerclient.exe:routerclient.exe
    "TCP Query User{235BC9C1-1B04-4686-886C-FC4D0632B1AD}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= UDP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
    "UDP Query User{1F1A4A73-1EA6-4BFD-8FAC-B696E9C2A39C}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= TCP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
    "TCP Query User{A70D7D3F-5205-410C-8547-90C0A649C641}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
    "UDP Query User{F0877EBC-BD69-4D5B-A99C-A8C9C41C3A57}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
    "TCP Query User{E401702D-51E2-4FFA-8BD4-5C4600618D74}C:\\program files\\morpheus\\morpheus.exe"= UDP:C:\program files\morpheus\morpheus.exe:Morpheus
    "UDP Query User{3BEFA2EC-A05B-4BD8-AC1C-1B6B10DC39D6}C:\\program files\\morpheus\\morpheus.exe"= TCP:C:\program files\morpheus\morpheus.exe:Morpheus
    "TCP Query User{CCFE3F0B-621C-4595-9FBF-B1FBB57C8C68}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{4DB43520-071E-4DE9-A709-E30E720FD8B1}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "{8D681832-DE0E-4386-869A-4F40AA4A579D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{A4779EF8-0C51-4DE0-B977-4FC6ED7F35B8}C:\\users\\romain\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\romain\program files\utorrent\utorrent.exe:utorrent.exe
    "UDP Query User{EF351055-C0AA-4893-A076-B15316471F6B}C:\\users\\romain\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\romain\program files\utorrent\utorrent.exe:utorrent.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
    R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-18 19:03]
    R3 RTL85n86;Pilote du périphérique sans fil Realtek 8180/8185 Extensible 802.11;C:\Windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 08:30]
    R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 08:30]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    S3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    *Newly Created Service* - CATCHME

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
    msiexec /fums {D67616C5-EA96-1367-DE26-01E83704FBDB} /qb

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-04 10:27:12 C:\Windows\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-03-14 16:15:10 C:\Windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    "2008-03-07 16:40:27 C:\Windows\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2008-03-22 19:58:52 C:\Windows\Tasks\User_Feed_Synchronization-{ACD76467-F70A-4332-9EB8-461FE63D13DA}.job"
    - C:\Windows\system32\msfeedssync.exe
    "2008-03-23 18:01:45 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-23 19:54:16
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-23 19:57:38
    ComboFix-quarantined-files.txt 2008-03-23 18:57:28
    ComboFix2.txt 2008-03-23 17:12:35
    .
    2008-03-14 16:20:24 --- E O F ---

    Rapport pour hijack this ( celui si a ete fait juste avant que je fix:
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72 ) :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:03:54, on 23/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Windows\CameraFixer.exe
    C:\Program Files\ONSPEED\onspeedcore.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\sdclt.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\servicing\TrustedInstaller.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
    O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\Msconfig.exe" /auto
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [InternetVelocity] C:\PROGRA~1\INTERN~2\INTERN~1.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &Save Video As... - res://C:\Program Files\videodetect\videodetect.dll/201
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
    O9 - Extra 'Tools' menuitem: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    repost un nouveau hijack this stp

    @+
    0
  9. romaingicien Messages postés 7 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:03:54, on 23/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Windows\CameraFixer.exe
    C:\Program Files\ONSPEED\onspeedcore.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\sdclt.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\servicing\TrustedInstaller.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
    O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\Msconfig.exe" /auto
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [InternetVelocity] C:\PROGRA~1\INTERN~2\INTERN~1.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &Save Video As... - res://C:\Program Files\videodetect\videodetect.dll/201
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
    O9 - Extra 'Tools' menuitem: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    oui post le rapport de malwarebytes stp

    @+
    0
  11. romaingicien Messages postés 7 Statut Membre
     
    Malwarebytes' Anti-Malware 1.09
    Version de la base de données: 526

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 111301
    Temps écoulé: 1 hour(s), 33 minute(s), 8 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    instale ce par feu : zone alarm :

    https://www.generation-nt.com/zonealarm-vista-checkpoint-firewall-telecharger-actualite-42256.html

    https://www.zonealarm.com/software/free-firewall

    https://www.malekal.com/tutoriel-zonealarm-firewall/

    puis

    refais ceci :

    appuie sur la touche vista et sur r simulatanement dans la boite de dialogue tape > cmd et valide

    dans la fenetre noir tape ceci : ipconfig /flushdns et valide par entree

    a l´aide de hijack this coche et fix les lignes suivantes :

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72

    et

    regarde ceci concernant avast :

    antivir vs avast :

    -> http://forum.malekal.com/ftopic3528.php

    alors je te conseille de le desinstaller et d´installer antivir a la place

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    https://www.avira.com/en/prime

    http://mickael.barroux.free.fr/securite/antivir.php
    http://speedweb1.free.fr/frames2.php?page=tuto5
    <- tutoriel configuration du scanner...

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

    @+
    0
  13. romaingicien Messages postés 7 Statut Membre
     
    Re bonjour, le problème ayant empiré je ne pouvais plus me connecter a internet :s
    Au lieu de sa, j'ai creer un nouveau compte utilisateur, et supprié l'ancien qui etait infecter !
    Et merci encore pour ton aide g!rly !!!
    ++
    0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    romaingicien,

    et bien...

    peux tu reposter un nouveau rapport hijack this stp

    @+
    0