Sujet Précédent Sujet Suivant

Probleme de Spyware

romaingicien Messages postés 7 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour, a tous et a toutes, j'ai quelques soucis avec mon ordinateur portable. Depuis quelques jour, j'ai un spyware ( je pense, sa peut être autre chose ) qui fait que je ne peut plus entrer dans mes document, y compris "poste de travail". Les fichier de mon bureau disparaisse et le laisse plus que leur nom ( un peu comme des icônes fantômes ).
Je suis sous windows vista basic, et le problème est que je n'ai aucun cd de réinstallation !
J'ai fait une analyse avec, avast et spybot et rien de tous ce que j'ai supprimé a remis le pc en état.
J'aime même fait une restauration a partir d'un point, le problème est que celui ci datait d'une semaine, et il n'y avait pas plus ancien.
Et je ne suis pas très doué en Informatique.
J'ai entendu dire que je pouvais formater le pc pour le remettre a son état d'origine, mais ce qui me fait peur c'est que si je formate le disque dur, je n'aurai plus windows... ce qu'il me faudrai c'est que je puisse mettre mon ordinateur comme à sa sortie d'usine :) ( tant pis pour mes programme, tant que je peu réutiliser l'ordinateur comme il était au début c'est bon !
J'espère que vous pourrez m'aider car la je suis vraiment désespéré !
Merci !
( désolé pour les fautes d'orthographes je me suis relus mais je suis sur qu'il en reste )
A voir également:

13 réponses

Réponse 1 / 13
g!rly Messages postés 18462 Statut Contributeur 406
 
bonjour romaingicien,

on va voire ce que l´on peut faire...

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post les rapports générés ici stp...

@+
0
Réponse 2 / 13
romaingicien Messages postés 7 Statut Membre
 
ComboFix 08-03-22.3 - romain 2008-03-23 18:00:32.1 - NTFSx86
Endroit: C:\Users\romain\Desktop\ComboFix.exe
.
-- Other TimeOuts --
VFind -td "C:\Windows\system32\baiso*"
C:\Windows\system32\conime.exe
CF34.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d10000 * -t -l

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\romain\AppData\Local\lhykfuyts_navfx.dat
c:\Users\romain\AppData\Local\spusltf.dat
c:\users\romain\appdata\local\spusltf.exe
c:\Users\romain\AppData\Local\spusltf_nav.dat
C:\Users\romain\AppData\Local\spusltf_navps.dat
C:\Windows\dialerexe.ini
C:\Windows\system32\drivers\Phibtn.exe
C:\Windows\system32\drivers\Tray900.exe
C:\Windows\system32\tar.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 16:38 --------- d---a-w C:\ProgramData\TEMP
2008-03-23 16:26 --------- d-----w C:\Users\romain\AppData\Roaming\Skype
2008-03-23 15:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-22 21:18 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-22 19:30 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-22 18:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 18:12 --------- d-----w C:\Program Files\ToniArts
2008-03-22 17:04 --------- d-----w C:\Users\romain\AppData\Roaming\uTorrent
2008-03-22 16:01 --------- d-----w C:\Program Files\Windows Mail
2008-03-21 16:49 --------- d-----w C:\Users\romain\AppData\Roaming\PC Tools
2008-03-16 10:29 --------- d-----w C:\Program Files\Eurobarre
2008-03-15 21:30 --------- d-----w C:\Users\romain\AppData\Roaming\OpenOffice.org2
2008-03-09 08:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-07 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-05 22:13 --------- d-----w C:\Program Files\DivX
2008-03-04 16:02 --------- d-----w C:\Program Files\MSN Messenger
2008-03-04 15:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-04 15:51 --------- d-----w C:\Program Files\Windows Live
2008-03-04 15:48 --------- d-----w C:\ProgramData\WLInstaller
2008-03-02 20:26 --------- d-----w C:\Users\romain\AppData\Roaming\ma-config.com
2008-03-02 18:31 85,458,946 ----a-w C:\.rer.reg
2008-02-29 14:08 --------- d-----w C:\Users\romain\AppData\Roaming\MAGIX
2008-02-29 14:05 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2008-02-29 14:02 --------- d-----w C:\Program Files\MAGIX
2008-02-29 13:57 --------- d-----w C:\ProgramData\MAGIX
2008-02-29 13:27 --------- d-----w C:\Program Files\Bodrag
2008-02-13 13:20 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 13:15 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 13:15 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 13:15 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 13:15 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 13:15 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 13:15 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 13:15 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 13:07 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 13:07 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 13:07 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 13:07 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 13:07 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 13:06 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 13:06 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 13:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 13:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 13:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 13:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 12:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-01 11:55 42,376 ----a-w C:\Windows\system32\drivers\ikfilesec.sys
2008-01-26 16:54 --------- d-----w C:\Program Files\InternetVelocity
2008-01-26 15:12 --------- d-----w C:\Users\romain\AppData\Roaming\TuneUp Software
2008-01-26 11:25 --------- d-----w C:\Program Files\Whisper Technology
2008-01-23 16:42 --------- d-----w C:\Program Files\RegCleaner
2007-09-10 19:13 2,293,712 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2007-09-10 19:11 3,655,488 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-09-10 19:09 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-08-30 10:29 174 --sha-w C:\Program Files\desktop.ini
2007-12-12 15:49 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-12 15:49 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-12 15:49 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-03-09 07:12 27,648 --sha-w C:\Windows\System32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2007-07-31 15:33 1391640 --a------ C:\Program Files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43F7497C-7687-4DEA-A057-F21BD81BC896}]
2006-11-02 10:46 108032 --a------ C:\Windows\system32\msjava32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2007-07-31 15:33 1391640]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFree.dll [2007-07-31 15:33 1391640]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"InternetVelocity"="C:\PROGRA~1\INTERN~2\INTERN~1.EXE" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 20:05 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-03 11:14 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 13:58 815104]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-12-06 12:08 20480]
"snpstd"="C:\Windows\vsnpstd.exe" [2005-10-11 12:54 339968]
"SlipStream"="C:\Program Files\ONSPEED\onspeedcore.exe" [2005-11-29 10:43 253952]
"TrayServer"="C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 13:58 90112]
"MSConfig"="C:\Windows\system32\Msconfig.exe" [2006-11-02 10:45 222208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKLM\~\startupfolder\C:^Users^romain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Users\romain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhiBtn]
C:\Windows\System32\Drivers\PhiBtn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 12:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-08 20:05 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{EC92E223-CCDB-49F9-AEFD-965EDB30A319}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6B5215AE-E535-4993-98B4-B414E591143A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{116CB330-39DC-4D2D-8D5E-8A41301C4AB1}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0EAC3D8E-2D9E-4D29-A635-5D573979DF02}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{4F2812E4-A869-4794-B2F7-F6965E9F16E2}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{C54A81F8-D3FD-48D3-BF6E-BF4DA9A6FEC9}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{30A806E7-6E88-4224-A6A0-A501052D3BF2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8CE81986-00A6-4427-B57B-714B459D5F86}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{D5A0A9E1-ADD1-48ED-9BE4-6E7E74AFF05A}C:\\users\\romain\\documents\\emulev0.48a.-morphxtv10.1-bin[1]\\emule\\emule.exe"= UDP:C:\users\romain\documents\emulev0.48a.-morphxtv10.1-bin[1]\emule\emule.exe:emule.exe
"UDP Query User{E7689B7E-B94B-4D73-B660-9439F3CC7234}C:\\users\\romain\\documents\\emulev0.48a.-morphxtv10.1-bin[1]\\emule\\emule.exe"= TCP:C:\users\romain\documents\emulev0.48a.-morphxtv10.1-bin[1]\emule\emule.exe:emule.exe
"TCP Query User{33B2B71D-9D7E-49F7-BE7B-46900CFDAF26}C:\\program files\\webcamxp\\webcamxp.exe"= UDP:C:\program files\webcamxp\webcamxp.exe:webcamXP 2007
"UDP Query User{F9802BD8-8C88-46D7-B9AE-5757942D060E}C:\\program files\\webcamxp\\webcamxp.exe"= TCP:C:\program files\webcamxp\webcamxp.exe:webcamXP 2007
"TCP Query User{149E6578-53C1-4BD2-A8E4-701C56827B62}C:\\program files\\media player classic\\mplayerc.exe"= UDP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
"UDP Query User{04E0F83A-F83F-462F-8CF9-FA76F62A2FF7}C:\\program files\\media player classic\\mplayerc.exe"= TCP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
"TCP Query User{0A7FA86C-F34B-47C2-AF38-B8380CF26053}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{3830B65A-3B5D-49C0-B212-E3AEC05AD559}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{BB5C18C1-2792-4626-ABA0-1B9DEF170BFA}C:\\users\\romain\\desktop\\cl08secu13\\routerrecorder.exe"= UDP:C:\users\romain\desktop\cl08secu13\routerrecorder.exe:routerrecorder.exe
"UDP Query User{24BB2314-B226-432E-9BF2-054319CDA762}C:\\users\\romain\\desktop\\cl08secu13\\routerrecorder.exe"= TCP:C:\users\romain\desktop\cl08secu13\routerrecorder.exe:routerrecorder.exe
"TCP Query User{85B259C6-0A17-4806-B74C-AD6488E7C136}C:\\users\\romain\\desktop\\cl08secu13\\routerclient.exe"= UDP:C:\users\romain\desktop\cl08secu13\routerclient.exe:routerclient.exe
"UDP Query User{7CCF3D48-0003-4673-9036-0C9F08AD54BE}C:\\users\\romain\\desktop\\cl08secu13\\routerclient.exe"= TCP:C:\users\romain\desktop\cl08secu13\routerclient.exe:routerclient.exe
"TCP Query User{235BC9C1-1B04-4686-886C-FC4D0632B1AD}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= UDP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"UDP Query User{1F1A4A73-1EA6-4BFD-8FAC-B696E9C2A39C}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= TCP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"TCP Query User{A70D7D3F-5205-410C-8547-90C0A649C641}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{F0877EBC-BD69-4D5B-A99C-A8C9C41C3A57}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{E401702D-51E2-4FFA-8BD4-5C4600618D74}C:\\program files\\morpheus\\morpheus.exe"= UDP:C:\program files\morpheus\morpheus.exe:Morpheus
"UDP Query User{3BEFA2EC-A05B-4BD8-AC1C-1B6B10DC39D6}C:\\program files\\morpheus\\morpheus.exe"= TCP:C:\program files\morpheus\morpheus.exe:Morpheus
"TCP Query User{CCFE3F0B-621C-4595-9FBF-B1FBB57C8C68}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{4DB43520-071E-4DE9-A709-E30E720FD8B1}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{8D681832-DE0E-4386-869A-4F40AA4A579D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A4779EF8-0C51-4DE0-B977-4FC6ED7F35B8}C:\\users\\romain\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\romain\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{EF351055-C0AA-4893-A076-B15316471F6B}C:\\users\\romain\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\romain\program files\utorrent\utorrent.exe:utorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-18 19:03]
R3 RTL85n86;Pilote du périphérique sans fil Realtek 8180/8185 Extensible 802.11;C:\Windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 08:30]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 08:30]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {D67616C5-EA96-1367-DE26-01E83704FBDB} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-04 10:27:12 C:\Windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-14 16:15:10 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-03-07 16:40:27 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-03-22 19:58:52 C:\Windows\Tasks\User_Feed_Synchronization-{ACD76467-F70A-4332-9EB8-461FE63D13DA}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-03-23 17:01:58 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 18:09:27
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-23 18:12:34
ComboFix-quarantined-files.txt 2008-03-23 17:12:27
.
2008-03-14 16:20:24 --- E O F ---

Alors diagnostique docteur :)
0
Réponse 3 / 13
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

il y a quelques fichiers infectés qui ont ete supprimés ;-)

C:\Users\romain\AppData\Local\lhykfuyts_navfx.dat
c:\Users\romain\AppData\Local\spusltf.dat
c:\users\romain\appdata\local\spusltf.exe
c:\Users\romain\AppData\Local\spusltf_nav.dat
C:\Users\romain\AppData\Local\spusltf_navps.dat
C:\Windows\dialerexe.ini
C:\Windows\system32\drivers\Phibtn.exe
C:\Windows\system32\drivers\Tray900.exe
C:\Windows\system32\tar.exe

j´aimerais que tu post également le rapport hijack this comme je te l´avais demandé :

Télécharge HijackThis ici :

-> https://www.commentcamarche.net/telecharger/ 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...

et ce que la situation; a, ne serait-c´qu´un peu evoluée positivement ?

@+
0
Réponse 4 / 13
romaingicien Messages postés 7 Statut Membre
 
Ha oui pardon.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:43, on 23/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\CameraFixer.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\Windows\system32\msjava32.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\Msconfig.exe" /auto
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [InternetVelocity] C:\PROGRA~1\INTERN~2\INTERN~1.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Save Video As... - res://C:\Program Files\videodetect\videodetect.dll/201
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
O9 - Extra 'Tools' menuitem: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
g!rly Messages postés 18462 Statut Contributeur 406
 
ok

la suite :

Copie le texte ci-dessous :

File::
C:\Windows\system32\msjava32.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43F7497C-7687-4DEA-A057-F21BD81BC896}]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

puis

appuie sur la touche vista et sur r simulatanement dans la boite de dialogue tape > cmd et valide

dans la fenetre noir tape ceci : ipconfig /flushdns et valide par entree

a l´aide de hijack this coche et fix les lignes suivantes :

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

telecharge malwarebytes

-> http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm

tu l´instales, le programme va se mettre a jour automatiquement.

une fois a jour le programme va se lancer, clcik sur l´onglet parametre, tu coche la case : Arreter internet explorer pendant la suppression.

click sur l´onglet recherche maintenant et coche la case : executer un examun complet.

puis click sur rechercher.

laisses le scanner le pc, a la fin un rapport va s´ouvrir copie et colle le ici stp

@+
0
Réponse 6 / 13
romaingicien Messages postés 7 Statut Membre
 
Rapport pour combofix:

ComboFix 08-03-22.3 - romain 2008-03-23 19:42:03.2 - NTFSx86
Endroit: C:\Users\romain\Desktop\ComboFix.exe
Command switches used :: C:\Users\romain\Desktop\CFScript.txt

FILE ::
C:\Windows\system32\msjava32.dll
.
-- Other TimeOuts --
VFind -td "C:\Windows\system32\baiso*"
C:\Windows\system32\conime.exe
CF21335.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\*
CF21335.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d10000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) " "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"C:\Program Files\Windows Live\Messenger\usnsvc.exe"
"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe {28C54596-0B81-4E92-A3BB-F6E489F839AC}
C:\Windows\system32\sdclt.exe /DETECTFAILURE
taskeng.exe {3D200551-2EC0-4A22-9244-0F73CDBF9E54}
taskeng.exe {F73E3CC5-1B82-4317-ABA4-9BDE183FB5D9}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\Ati2evxx.exe
Ati2evxx.exe -Client
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
"Taskmgr.exe"
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"C:\Windows\CameraFixer.exe"
"C:\Program Files\ONSPEED\onspeedcore.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files\Mozilla Firefox\firefox.exe"
MTEE /+ d-delA.dat
VFind -tf "C:\ProgramData.\microsoft\iehelper*"
C:\Windows\system32\conime.exe
CF21335.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\*
CF21335.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d10000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchFilterHost.exe" 0 624 628 636 65536 632
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) " "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"C:\Program Files\Windows Live\Messenger\usnsvc.exe"
"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe {28C54596-0B81-4E92-A3BB-F6E489F839AC}
C:\Windows\system32\sdclt.exe /DETECTFAILURE
taskeng.exe {3D200551-2EC0-4A22-9244-0F73CDBF9E54}
taskeng.exe {F73E3CC5-1B82-4317-ABA4-9BDE183FB5D9}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\Ati2evxx.exe
Ati2evxx.exe -Client
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
"Taskmgr.exe"
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"C:\Windows\CameraFixer.exe"
"C:\Program Files\ONSPEED\onspeedcore.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files\Mozilla Firefox\firefox.exe"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
C:\Windows\system32\conime.exe
CF21335.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d20000 * -t -l

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\msjava32.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 18:53 --------- d-----w C:\Users\romain\AppData\Roaming\Skype
2008-03-23 17:46 --------- d-----w C:\Program Files\Trend Micro
2008-03-23 16:38 --------- d---a-w C:\ProgramData\TEMP
2008-03-23 15:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-22 21:18 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-22 19:30 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-22 18:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 18:12 --------- d-----w C:\Program Files\ToniArts
2008-03-22 17:04 --------- d-----w C:\Users\romain\AppData\Roaming\uTorrent
2008-03-22 16:01 --------- d-----w C:\Program Files\Windows Mail
2008-03-21 16:49 --------- d-----w C:\Users\romain\AppData\Roaming\PC Tools
2008-03-16 10:29 --------- d-----w C:\Program Files\Eurobarre
2008-03-15 21:30 --------- d-----w C:\Users\romain\AppData\Roaming\OpenOffice.org2
2008-03-09 08:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-07 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-05 22:13 --------- d-----w C:\Program Files\DivX
2008-03-04 16:02 --------- d-----w C:\Program Files\MSN Messenger
2008-03-04 15:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-04 15:51 --------- d-----w C:\Program Files\Windows Live
2008-03-04 15:48 --------- d-----w C:\ProgramData\WLInstaller
2008-03-02 20:26 --------- d-----w C:\Users\romain\AppData\Roaming\ma-config.com
2008-03-02 18:31 85,458,946 ----a-w C:\.rer.reg
2008-02-29 14:08 --------- d-----w C:\Users\romain\AppData\Roaming\MAGIX
2008-02-29 14:05 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2008-02-29 14:02 --------- d-----w C:\Program Files\MAGIX
2008-02-29 13:57 --------- d-----w C:\ProgramData\MAGIX
2008-02-29 13:27 --------- d-----w C:\Program Files\Bodrag
2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-02-13 13:20 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 13:20 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 13:07 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 13:07 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 13:07 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 13:07 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 13:07 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 13:07 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 13:07 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 13:06 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 13:06 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 13:06 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 13:06 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 13:06 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 13:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 13:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 13:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 13:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 13:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 13:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 12:57 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 12:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 12:56 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 12:56 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-01 11:55 42,376 ----a-w C:\Windows\system32\drivers\ikfilesec.sys
2008-01-26 16:54 --------- d-----w C:\Program Files\InternetVelocity
2008-01-26 15:12 --------- d-----w C:\Users\romain\AppData\Roaming\TuneUp Software
2008-01-26 11:25 --------- d-----w C:\Program Files\Whisper Technology
2008-01-23 16:42 --------- d-----w C:\Program Files\RegCleaner
2008-01-10 06:30 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-30 16:24 90,112 ----a-w C:\Windows\System32\stacsv.exe
2007-12-30 16:24 535,552 ----a-w C:\Windows\System32\stapo.dll
2007-12-30 16:24 197,632 ----a-w C:\Windows\System32\stcplx.dll
2007-12-30 16:24 1,458,176 ----a-w C:\Windows\System32\stlang.dll
2007-09-10 19:13 2,293,712 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2007-09-10 19:11 3,655,488 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-09-10 19:09 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-08-30 10:29 174 --sha-w C:\Program Files\desktop.ini
2007-12-12 15:49 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-12 15:49 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-12 15:49 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-03-09 07:12 27,648 --sha-w C:\Windows\System32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2007-07-31 15:33 1391640 --a------ C:\Program Files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2007-07-31 15:33 1391640]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFree.dll [2007-07-31 15:33 1391640]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"InternetVelocity"="C:\PROGRA~1\INTERN~2\INTERN~1.EXE" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 20:05 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-03 11:14 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 13:58 815104]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-12-06 12:08 20480]
"snpstd"="C:\Windows\vsnpstd.exe" [2005-10-11 12:54 339968]
"SlipStream"="C:\Program Files\ONSPEED\onspeedcore.exe" [2005-11-29 10:43 253952]
"TrayServer"="C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 13:58 90112]
"MSConfig"="C:\Windows\system32\Msconfig.exe" [2006-11-02 10:45 222208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKLM\~\startupfolder\C:^Users^romain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Users\romain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhiBtn]
C:\Windows\System32\Drivers\PhiBtn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 12:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-08 20:05 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{EC92E223-CCDB-49F9-AEFD-965EDB30A319}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6B5215AE-E535-4993-98B4-B414E591143A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{116CB330-39DC-4D2D-8D5E-8A41301C4AB1}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0EAC3D8E-2D9E-4D29-A635-5D573979DF02}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{4F2812E4-A869-4794-B2F7-F6965E9F16E2}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{C54A81F8-D3FD-48D3-BF6E-BF4DA9A6FEC9}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{30A806E7-6E88-4224-A6A0-A501052D3BF2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8CE81986-00A6-4427-B57B-714B459D5F86}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{D5A0A9E1-ADD1-48ED-9BE4-6E7E74AFF05A}C:\\users\\romain\\documents\\emulev0.48a.-morphxtv10.1-bin[1]\\emule\\emule.exe"= UDP:C:\users\romain\documents\emulev0.48a.-morphxtv10.1-bin[1]\emule\emule.exe:emule.exe
"UDP Query User{E7689B7E-B94B-4D73-B660-9439F3CC7234}C:\\users\\romain\\documents\\emulev0.48a.-morphxtv10.1-bin[1]\\emule\\emule.exe"= TCP:C:\users\romain\documents\emulev0.48a.-morphxtv10.1-bin[1]\emule\emule.exe:emule.exe
"TCP Query User{33B2B71D-9D7E-49F7-BE7B-46900CFDAF26}C:\\program files\\webcamxp\\webcamxp.exe"= UDP:C:\program files\webcamxp\webcamxp.exe:webcamXP 2007
"UDP Query User{F9802BD8-8C88-46D7-B9AE-5757942D060E}C:\\program files\\webcamxp\\webcamxp.exe"= TCP:C:\program files\webcamxp\webcamxp.exe:webcamXP 2007
"TCP Query User{149E6578-53C1-4BD2-A8E4-701C56827B62}C:\\program files\\media player classic\\mplayerc.exe"= UDP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
"UDP Query User{04E0F83A-F83F-462F-8CF9-FA76F62A2FF7}C:\\program files\\media player classic\\mplayerc.exe"= TCP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
"TCP Query User{0A7FA86C-F34B-47C2-AF38-B8380CF26053}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{3830B65A-3B5D-49C0-B212-E3AEC05AD559}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{BB5C18C1-2792-4626-ABA0-1B9DEF170BFA}C:\\users\\romain\\desktop\\cl08secu13\\routerrecorder.exe"= UDP:C:\users\romain\desktop\cl08secu13\routerrecorder.exe:routerrecorder.exe
"UDP Query User{24BB2314-B226-432E-9BF2-054319CDA762}C:\\users\\romain\\desktop\\cl08secu13\\routerrecorder.exe"= TCP:C:\users\romain\desktop\cl08secu13\routerrecorder.exe:routerrecorder.exe
"TCP Query User{85B259C6-0A17-4806-B74C-AD6488E7C136}C:\\users\\romain\\desktop\\cl08secu13\\routerclient.exe"= UDP:C:\users\romain\desktop\cl08secu13\routerclient.exe:routerclient.exe
"UDP Query User{7CCF3D48-0003-4673-9036-0C9F08AD54BE}C:\\users\\romain\\desktop\\cl08secu13\\routerclient.exe"= TCP:C:\users\romain\desktop\cl08secu13\routerclient.exe:routerclient.exe
"TCP Query User{235BC9C1-1B04-4686-886C-FC4D0632B1AD}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= UDP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"UDP Query User{1F1A4A73-1EA6-4BFD-8FAC-B696E9C2A39C}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= TCP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"TCP Query User{A70D7D3F-5205-410C-8547-90C0A649C641}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{F0877EBC-BD69-4D5B-A99C-A8C9C41C3A57}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{E401702D-51E2-4FFA-8BD4-5C4600618D74}C:\\program files\\morpheus\\morpheus.exe"= UDP:C:\program files\morpheus\morpheus.exe:Morpheus
"UDP Query User{3BEFA2EC-A05B-4BD8-AC1C-1B6B10DC39D6}C:\\program files\\morpheus\\morpheus.exe"= TCP:C:\program files\morpheus\morpheus.exe:Morpheus
"TCP Query User{CCFE3F0B-621C-4595-9FBF-B1FBB57C8C68}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{4DB43520-071E-4DE9-A709-E30E720FD8B1}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{8D681832-DE0E-4386-869A-4F40AA4A579D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A4779EF8-0C51-4DE0-B977-4FC6ED7F35B8}C:\\users\\romain\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\romain\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{EF351055-C0AA-4893-A076-B15316471F6B}C:\\users\\romain\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\romain\program files\utorrent\utorrent.exe:utorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-18 19:03]
R3 RTL85n86;Pilote du périphérique sans fil Realtek 8180/8185 Extensible 802.11;C:\Windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 08:30]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 08:30]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {D67616C5-EA96-1367-DE26-01E83704FBDB} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-04 10:27:12 C:\Windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-14 16:15:10 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-03-07 16:40:27 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-03-22 19:58:52 C:\Windows\Tasks\User_Feed_Synchronization-{ACD76467-F70A-4332-9EB8-461FE63D13DA}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-03-23 18:01:45 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 19:54:16
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-23 19:57:38
ComboFix-quarantined-files.txt 2008-03-23 18:57:28
ComboFix2.txt 2008-03-23 17:12:35
.
2008-03-14 16:20:24 --- E O F ---

Rapport pour hijack this ( celui si a ete fait juste avant que je fix:
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72 ) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:54, on 23/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\CameraFixer.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\servicing\TrustedInstaller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\Msconfig.exe" /auto
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [InternetVelocity] C:\PROGRA~1\INTERN~2\INTERN~1.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Save Video As... - res://C:\Program Files\videodetect\videodetect.dll/201
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
O9 - Extra 'Tools' menuitem: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
0
Réponse 7 / 13
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

repost un nouveau hijack this stp

@+
0
Réponse 8 / 13
romaingicien Messages postés 7 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:54, on 23/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\CameraFixer.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\servicing\TrustedInstaller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\Msconfig.exe" /auto
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [InternetVelocity] C:\PROGRA~1\INTERN~2\INTERN~1.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Save Video As... - res://C:\Program Files\videodetect\videodetect.dll/201
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
O9 - Extra 'Tools' menuitem: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
0
Réponse 9 / 13
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

oui post le rapport de malwarebytes stp

@+
0
Réponse 10 / 13
romaingicien Messages postés 7 Statut Membre
 
Malwarebytes' Anti-Malware 1.09
Version de la base de données: 526

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 111301
Temps écoulé: 1 hour(s), 33 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 11 / 13
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

instale ce par feu : zone alarm :

https://www.generation-nt.com/zonealarm-vista-checkpoint-firewall-telecharger-actualite-42256.html

https://www.zonealarm.com/software/free-firewall

https://www.malekal.com/tutoriel-zonealarm-firewall/

puis

refais ceci :

appuie sur la touche vista et sur r simulatanement dans la boite de dialogue tape > cmd et valide

dans la fenetre noir tape ceci : ipconfig /flushdns et valide par entree

a l´aide de hijack this coche et fix les lignes suivantes :

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.197 85.255.112.72

et

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

@+
0
Réponse 12 / 13
romaingicien Messages postés 7 Statut Membre
 
Re bonjour, le problème ayant empiré je ne pouvais plus me connecter a internet :s
Au lieu de sa, j'ai creer un nouveau compte utilisateur, et supprié l'ancien qui etait infecter !
Et merci encore pour ton aide g!rly !!!
++
0
Réponse 13 / 13
g!rly Messages postés 18462 Statut Contributeur 406
 
romaingicien,

et bien...

peux tu reposter un nouveau rapport hijack this stp

@+
0