Spyware destroytracks insupprimable... help

nathrv -  
 nathrv -
Bonjour,

J'ai chopé un spyware depuis 1 semaine et impossible de m'en débarasser (le spyware consiste à me rediriger inlassablement sur des sites destroytacks.com et alphawipe.com via la barre d'outil google search dans ie7). Avast, AVG Anti-spyware et Rogue Remover ne m'ont pas réussi à l'éradiquer complètement.

Voici le rapport de HiJackThis, merci pour votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:02, on 17/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\cmd.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NVideoSupport Class - {15C3F151-CC22-4146-8F73-05D0CD987982} - C:\Windows\system32nvideo.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Quick Access Toolbar - {1813785D-9CFB-45A0-9CBC-3E84F7A8471F} - C:\Windows\system32GSearchTB.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [alert.exe] C:\windows\system32\alert.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: China Adoption Progress Report.lnk = C:\Program Files\China Adoption Progress Report\capr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - https://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1223760205553&h=390fec9fc86bae4b3868fb4c5577e5a1/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 8690 bytes
Configuration: Windows Vista
Internet Explorer 7.0

4 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt analyse ces deux fichiers sur virus total et colle les rapports: https://www.virustotal.com/gui/

    C:\Windows\system32nvideo.dll
    C:\windows\system32\alert.exe

    ________________

    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
    0
    1. nathrv
       
      Merci jlpjlp pour ton aide

      Voici les rapports demandés :

      =============================================================
      =============================================================
      ANALYSE VIRUS TOTAL DU FICHIER C:\Windows\system32nvideo.dll

      Antivirus Version Dernière mise à jour Résultat
      AhnLab-V3 2008.11.18.2 2008.11.18 -
      AntiVir 7.9.0.31 2008.11.18 ADSPY/Bho.ade
      Authentium 5.1.0.4 2008.11.18 -
      Avast 4.8.1281.0 2008.11.17 -
      AVG 8.0.0.199 2008.11.17 -
      BitDefender 7.2 2008.11.18 -
      CAT-QuickHeal 10.00 2008.11.18 -
      ClamAV 0.94.1 2008.11.18 -
      DrWeb 4.44.0.09170 2008.11.18 -
      eSafe 7.0.17.0 2008.11.17 -
      eTrust-Vet 31.6.6210 2008.11.14 -
      Ewido 4.0 2008.11.18 -
      F-Prot 4.4.4.56 2008.11.17 -
      F-Secure 8.0.14332.0 2008.11.18 -
      Fortinet 3.117.0.0 2008.11.18 -
      GData 19 2008.11.18 -
      Ikarus T3.1.1.45.0 2008.11.18 -
      K7AntiVirus 7.10.526 2008.11.15 -
      Kaspersky 7.0.0.125 2008.11.18 -
      McAfee 5437 2008.11.17 -
      Microsoft 1.4104 2008.11.17 -
      NOD32 3621 2008.11.18 -
      Norman 5.80.02 2008.11.17 -
      Panda 9.0.0.4 2008.11.17 -
      PCTools 4.4.2.0 2008.11.17 -
      Prevx1 V2 2008.11.18 -
      Rising 21.04.12.00 2008.11.18 -
      SecureWeb-Gateway 6.7.6 2008.11.18 Ad-Spyware.Bho.ade
      Sophos 4.35.0 2008.11.18 -
      Sunbelt 3.1.1801.2 2008.11.14 -
      Symantec 10 2008.11.18 -
      TheHacker 6.3.1.1.157 2008.11.18 -
      TrendMicro 8.700.0.1004 2008.11.18 TROJ_ROBOTASK.A
      VBA32 3.12.8.9 2008.11.17 -
      ViRobot 2008.11.18.1474 2008.11.18 -
      VirusBuster 4.5.11.0 2008.11.17 -
      Information additionnelle
      File size: 196608 bytes
      MD5...: 9607e1f3acca571195c60f697268c401
      SHA1..: f39ece3262ebea7a82c0dd818d5896594d628337
      SHA256: bf056e68eb54d00fd697188ba908f2295ac7e388144d32d717b5fa61cfcee4e3
      SHA512: ec724fa9110e9a52b835fcdf19ae59dee0b4c45f5f7cad104a162c5ffecdca74
      0a26e230bd42fb8bd980b9282a36ac3157b6c9216b82abe71b3c935c5e0ca76d
      PEiD..: -
      TrID..: File type identification
      DirectShow filter (52.6%)
      Windows OCX File (32.2%)
      Win32 Executable MS Visual C++ (generic) (9.8%)
      Win32 Executable Generic (2.2%)
      Win32 Dynamic Link Library (generic) (1.9%)
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x10014c92
      timedatestamp.....: 0x4875c4c1 (Thu Jul 10 08:13:53 2008)
      machinetype.......: 0x14c (I386)

      ( 5 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0x21e56 0x22000 6.65 bbbd7b59e9391477daa0dc3ddb05f0a6
      .rdata 0x23000 0x76f3 0x7800 5.14 75ba034999da2a05bd5df0cd1111ad89
      .data 0x2b000 0x3bbc 0x1e00 4.10 803852160154c27778aa2e6d762e2a1d
      .rsrc 0x2f000 0x10e0 0x1200 4.77 366fa186433c3675aa409c537b83fe64
      .reloc 0x31000 0x3230 0x3400 4.94 3e14cb08e91c4fdf205110fd8816d465

      ( 8 imports )
      > WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
      > WS2_32.dll: WSASend, WSAGetOverlappedResult, WSARecv, WSACreateEvent, WSASetEvent, WSAEventSelect, WSACloseEvent, WSASocketA, WSAEnumNetworkEvents, WSAConnect, WSAResetEvent
      > KERNEL32.dll: GetConsoleCP, SetFilePointer, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, FindResourceA, SizeofResource, LockResource, LoadResource, FindResourceExA, WideCharToMultiByte, InitializeCriticalSection, HeapAlloc, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetLastError, GetSystemDirectoryA, lstrlenA, HeapFree, LoadLibraryA, GetProcAddress, FreeLibrary, WaitForSingleObject, GetProcessHeap, MultiByteToWideChar, HeapReAlloc, InterlockedDecrement, lstrcmpiA, GetConsoleMode, GetThreadLocale, SetThreadLocale, LoadLibraryExA, GetModuleHandleA, RaiseException, GetModuleFileNameA, lstrlenW, InterlockedIncrement, CloseHandle, CreateFileA, GetWindowsDirectoryA, lstrcmpA, GetFileSize, lstrcpynA, lstrcatA, CreateFileMappingA, MapViewOfFileEx, UnmapViewOfFile, InterlockedExchange, SetLastError, VirtualProtect, FlushInstructionCache, GetCurrentProcess, VirtualQuery, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, LCMapStringW, LCMapStringA, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, FlushFileBuffers, IsDBCSLeadByte, Sleep, GetStringTypeW, GetStringTypeA, GetStdHandle, WriteFile, ExitProcess, HeapCreate, VirtualFree, IsValidCodePage, GetOEMCP, GetCPInfo, RtlUnwind, GetCommandLineA, GetCurrentThreadId, GetSystemInfo, VirtualAlloc, HeapSize, HeapDestroy, GetVersionExA, GetLocaleInfoA, GetACP
      > USER32.dll: UnregisterClassA, SendMessageA, LockWindowUpdate, GetClassNameA, GetWindow, EnumChildWindows, CharNextA
      > ADVAPI32.dll: RegSetValueExA, RegCreateKeyExA, RegEnumKeyExA, RegOpenKeyExA, RegQueryInfoKeyA, RegCloseKey, RegDeleteKeyA, RegDeleteValueA
      > ole32.dll: CoUninitialize, CoCreateInstance, CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, StringFromGUID2, CoInitialize
      > OLEAUT32.dll: -, -, -, -, -, -, -, -, -
      > SHLWAPI.dll: UrlUnescapeA, StrRStrIA

      ( 4 exports )
      DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

      =============================================================
      =============================================================
      ANALYSE VIRUS TOTAL DU FICHIER C:\windows\system32\alert.exe

      ce fichier n'existe pas sur mon PC

      =============================================================
      =============================================================
      RAPPORT smitfraudfix



      SmitFraudFix v2.375

      Rapport fait à 20:13:35,36, 18/11/2008
      Executé à partir de
      C:\Users\Nathalie & Herv‚\Desktop\SmitfraudFix
      OS: Microsoft Windows [version 6.0.6001] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Windows\System32\spoolsv.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
      C:\Windows\system32\igfxsrvc.exe
      C:\Program Files\Logitech\QuickCam\Quickcam.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\system32\cmd.exe
      C:\Windows\system32\wbem\wmiprvse.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles




      »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\NATHAL~1\AppData\Local\Temp




      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\NATHAL~1\FAVORI~1


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



      »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      o4Patch
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""
      "LoadAppInit_DLLs"=dword:00000000


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\Windows\\system32\\userinit.exe,"


      »»»»»»»»»»»»»»»»»»»»»»»» RK



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Carte réseau Broadcom 802.11 multibande
      DNS Server Search Order: 212.27.40.241
      DNS Server Search Order: 212.27.40.240

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{BA9A7734-E393-46F3-8DA4-BDECDEE3F463}: DhcpNameServer=212.27.40.241 212.27.40.240
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{BA9A7734-E393-46F3-8DA4-BDECDEE3F463}: DhcpNameServer=212.27.40.241 212.27.40.240
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{BA9A7734-E393-46F3-8DA4-BDECDEE3F463}: DhcpNameServer=212.27.40.241 212.27.40.240
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
      HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt
    http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.

    :files
    C:\Windows\system32nvideo.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ____________________

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
    1. nathrv
       
      rapport OTMoveIt pour le fichier C:\Windows\system32nvideo.dll

      Error: Unable to interpret <C:\Windows\system32nvideo.dll > in the current context!
      OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11182008_232158


      rapport OTMoveIt pour le fichier C:\Windows\system32\nvideo.dll

      Error: Unable to interpret < C:\Windows\system32\nvideo.dll > in the current context!
      OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11182008_232237


      ======================================================================
      ======================================================================


      rapport combofix :

      ComboFix 08-11-18.02 - Nathalie & Hervé 2008-11-18 22:56:59.1 - NTFSx86
      Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.300 [GMT 1:00]
      Lancé depuis: c:\users\Nathalie & Hervé\Desktop\ComboFix.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\Update.exe

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
      .

      2008-11-18 22:48 . 2008-11-18 22:48 <REP> d-------- C:\_OTMoveIt
      2008-11-17 20:56 . 2008-11-17 20:57 <REP> d-------- c:\program files\RogueRemover FREE
      2008-11-17 20:49 . 2008-11-18 20:13 3,616 --a------ c:\windows\System32\tmp.reg
      2008-11-15 15:04 . 2008-11-15 15:04 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\Grisoft
      2008-11-15 15:04 . 2008-11-15 15:04 <REP> d-------- c:\users\All Users\Grisoft
      2008-11-15 15:04 . 2008-11-15 15:04 <REP> d-------- c:\programdata\Grisoft
      2008-11-15 15:04 . 2007-05-30 13:10 10,872 --a------ c:\windows\System32\drivers\AvgAsCln.sys
      2008-11-15 14:51 . 2008-11-15 14:51 <REP> d-------- c:\program files\Trend Micro
      2008-11-12 18:56 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
      2008-11-12 18:53 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
      2008-11-12 18:47 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
      2008-11-11 21:08 . 2008-11-11 21:11 196,608 --a------ c:\windows\system32nvideo.dll
      2008-11-11 21:08 . 2008-11-11 21:11 167,936 --a------ c:\windows\system32GSearchTB.dll
      2008-11-11 21:08 . 2008-11-11 21:08 57,344 --a------ c:\windows\System32\MalwareKiller.exe
      2008-10-28 23:37 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
      2008-10-28 23:37 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
      2008-10-28 23:37 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
      2008-10-27 21:00 . 2008-10-27 21:00 <REP> d-------- c:\users\All Users\WindowsSearch
      2008-10-27 21:00 . 2008-10-27 21:00 <REP> d-------- c:\programdata\WindowsSearch
      2008-10-26 12:54 . 2008-11-03 22:53 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\FileZilla
      2008-10-26 12:54 . 2008-10-26 12:54 <REP> d-------- c:\program files\FileZilla FTP Client
      2008-10-26 12:45 . 2008-10-26 12:54 <REP> d-------- c:\program files\LeechFTP
      2008-10-26 12:45 . 1998-07-08 17:30 18,944 --a------ c:\windows\eraser.exe
      2008-10-22 21:31 . 2008-10-22 21:31 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\LinkedIn
      2008-10-19 17:26 . 2008-10-19 17:26 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\Blackberry Desktop
      2008-10-19 10:52 . 2008-10-19 10:52 <REP> d-------- c:\users\Nathalie & Hervé\AppData\Roaming\Research In Motion
      2008-10-19 10:03 . 2008-10-19 10:03 <REP> d-------- c:\program files\Common Files\PX Storage Engine
      2008-10-19 10:02 . 2008-10-19 10:03 <REP> d-------- c:\program files\Roxio
      2008-10-19 10:02 . 2008-10-19 10:02 <REP> d-------- c:\program files\Common Files\Sonic Shared
      2008-10-19 09:51 . 2008-10-19 09:51 <REP> d-------- c:\program files\Research In Motion
      2008-10-19 09:51 . 2008-10-28 22:37 <REP> d-------- c:\program files\Common Files\Research In Motion
      2008-10-18 14:01 . 2008-10-18 14:01 <REP> d-------- c:\users\All Users\Messenger Plus!
      2008-10-18 14:01 . 2008-10-18 14:01 <REP> d-------- c:\programdata\Messenger Plus!

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-11-18 22:02 2,359,296 --sha-w c:\users\Nathalie & Hervé\NTUSER.DAT
      2008-11-18 22:02 2,359,296 --sha-w c:\users\Nathalie & Hervé\NTUSER.DAT
      2008-11-15 14:04 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Grisoft
      2008-11-12 23:12 --------- d-----w c:\programdata\Microsoft Help
      2008-11-11 20:41 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\NewsBin
      2008-11-11 20:11 --------- d-----w c:\program files\NewsBin
      2008-11-11 20:08 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\LimeWire
      2008-11-11 20:08 --------- d-----w c:\program files\LimeWire
      2008-11-03 21:53 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\FileZilla
      2008-10-22 20:31 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\LinkedIn
      2008-10-19 16:26 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Blackberry Desktop
      2008-10-19 09:52 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Research In Motion
      2008-10-19 09:48 --------- d-----w c:\programdata\Logishrd
      2008-10-19 09:03 --------- d-----w c:\program files\Common Files\Roxio Shared
      2008-10-19 09:02 --------- d-----w c:\programdata\Roxio
      2008-10-19 07:31 --------- d-----w c:\program files\Rar Repair Tool
      2008-10-17 20:41 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Leadertech
      2008-10-17 20:41 --------- d-----w c:\program files\Common Files\Logishrd
      2008-10-17 20:40 --------- d-----w c:\program files\Logitech
      2008-10-17 20:40 --------- d-----w c:\program files\Common Files\Logitech
      2008-10-17 20:20 --------- d-----w c:\program files\Messenger Plus! Live
      2008-10-17 04:47 --------- d-----w c:\program files\Windows Mail
      2008-10-11 21:28 --------- d-----w c:\program files\Java
      2008-10-11 21:24 --------- d-----w c:\program files\Common Files\Java
      2008-10-06 19:15 --------- d-----w c:\program files\XPC Tools
      2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
      2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
      2008-09-28 19:34 --------- d-s---w c:\users\Nathalie & Hervé\AppData\Roaming\Microsoft
      2008-09-28 18:09 --------- d-----w c:\users\Nathalie & Hervé\AppData\Roaming\Roxio
      2008-09-28 18:01 --------- d-----w c:\programdata\InstallShield
      2008-09-28 18:00 --------- d-----w c:\programdata\Sonic
      2008-09-28 17:57 --------- d-----w c:\program files\Common Files\InstallShield
      2008-09-27 18:35 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
      2008-09-22 21:19 --------- d-----w c:\programdata\Office Genuine Advantage
      2008-09-22 18:01 --------- d-----w c:\program files\MSXML 4.0
      2008-09-22 18:01 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
      2008-09-21 21:24 --------- d--h--w c:\program files\CanonBJ
      2008-09-21 18:27 --------- d-----w c:\program files\Canon
      2008-09-21 17:55 --------- d-----w c:\programdata\Logitech
      2008-09-21 08:57 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
      2008-09-20 18:19 --------- d-----w c:\program files\QuickPar
      2008-09-20 10:48 --------- d-----w c:\program files\China Adoption Progress Report
      2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
      2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
      2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
      2008-09-14 17:19 174 --sha-w c:\program files\desktop.ini
      2008-09-14 16:50 82,432 ----a-w c:\windows\System32\axaltocm.dll
      2008-09-14 16:50 101,888 ----a-w c:\windows\System32\ifxcardm.dll
      2008-09-14 08:39 269,312 ----a-w c:\windows\System32\es.dll
      2008-09-13 19:39 61,440 ----a-w c:\windows\System32\winipsec.dll
      2008-09-13 19:39 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
      2008-09-13 19:39 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
      2008-09-13 19:39 272,896 ----a-w c:\windows\System32\polstore.dll
      2008-09-13 19:37 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
      2008-09-13 19:37 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
      2008-09-13 19:37 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
      2008-09-13 19:37 28,160 ----a-w c:\windows\System32\Apphlpdm.dll
      2008-09-13 19:37 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
      2008-09-13 19:37 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
      2008-09-13 19:37 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
      2008-09-13 19:37 1,695,744 ----a-w c:\windows\System32\gameux.dll
      2008-09-13 19:27 2,048 ----a-w c:\windows\System32\tzres.dll
      2008-09-13 19:25 303,616 ----a-w c:\windows\System32\wmpeffects.dll
      2008-09-13 19:13 181,760 ----a-w c:\windows\System32\fsquirt.exe
      2008-09-13 19:11 988,216 ----a-w c:\windows\System32\winload.exe
      2008-09-13 19:11 927,288 ----a-w c:\windows\System32\winresume.exe
      2008-09-13 19:11 615,992 ----a-w c:\windows\System32\ci.dll
      2008-09-13 19:11 6,656 ----a-w c:\windows\System32\kbd106n.dll
      2008-09-13 19:11 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
      2008-09-13 19:11 40,960 ----a-w c:\windows\System32\srclient.dll
      2008-09-13 19:11 378,368 ----a-w c:\windows\System32\srcore.dll
      2008-09-13 19:11 318,464 ----a-w c:\windows\System32\rstrui.exe
      2008-09-13 19:11 19,000 ----a-w c:\windows\System32\kd1394.dll
      2008-09-13 19:11 14,848 ----a-w c:\windows\System32\srdelayed.exe
      2008-09-13 19:09 295,936 ----a-w c:\windows\System32\gdi32.dll
      2008-09-13 19:06 14,848 ----a-w c:\windows\System32\wshrm.dll
      2008-09-13 19:04 84,480 ----a-w c:\windows\System32\INETRES.dll
      2008-09-13 19:04 738,304 ----a-w c:\windows\System32\inetcomm.dll
      2008-09-13 19:04 1,314,816 ----a-w c:\windows\System32\quartz.dll
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
      "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
      "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-28 141848]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-28 166424]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-28 133656]
      "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
      "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
      "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
      "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
      "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
      "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

      c:\users\Nathalie & Herv‚\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      China Adoption Progress Report.lnk - c:\program files\China Adoption Progress Report\capr.exe [2008-02-04 217088]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "TCP Query User{D4BF2266-06C2-4D99-BF82-B7552736AA59}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
      "UDP Query User{AA65123A-D407-4224-B4E4-637ED25D8D3A}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
      "{487850AA-F4C0-4CCD-890C-D0E72AA56787}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
      "{FAFC9690-A199-4165-8B60-4B608CBC9018}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "{B9027560-DFB4-4893-B517-973CB619E485}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "TCP Query User{2BDC21AA-ED91-4E98-93B6-C4A21C7B4145}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
      "UDP Query User{49CEBB07-A77F-436C-8901-0E50478B931E}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
      "TCP Query User{DB0731DD-E1F2-45C6-8557-A49190A864D1}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
      "UDP Query User{15A4C545-AA3C-40A8-8476-DFE21841C2B1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
      "TCP Query User{F0D0F157-9303-4E09-BB17-ECB5D2AB1565}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
      "UDP Query User{C272708A-60F4-4DF4-BC4B-0F282F4F4FBE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
      "{77AE6809-69AC-4AC3-B6D0-D3C5823A8749}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
      "{ACECD69F-74FB-4C9B-BC8F-96C3072A6D71}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
      "TCP Query User{F40BFF19-6A39-425E-9FCA-4E4CD5F85ABE}c:\\program files\\leechftp\\leechftp.exe"= UDP:c:\program files\leechftp\leechftp.exe:LeechFTP
      "UDP Query User{C16AC4EC-E154-4B97-BE49-1C2E3E8AE4D7}c:\\program files\\leechftp\\leechftp.exe"= TCP:c:\program files\leechftp\leechftp.exe:LeechFTP

      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-14 78416]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-14 20560]
      R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-09-14 51280]
      R3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-09-14 179712]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
      bthsvcs REG_MULTI_SZ BthServ

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{681cbe0a-8265-11dd-a85c-001641b1e969}]
      \shell\AutoRun\command - E:\SETUP.EXE
      \shell\configure\command - E:\SETUP.EXE
      \shell\install\command - E:\SETUP.EXE

      *Newly Created Service* - PROCEXP90
      .
      Contenu du dossier 'Tâches planifiées'

      2008-11-18 c:\windows\Tasks\User_Feed_Synchronization-{B53B6D6B-6856-4748-B963-EA76D0199114}.job
      - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe



      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-11-18 23:02:01
      Windows 6.0.6001 Service Pack 1 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      Heure de fin: 2008-11-18 23:04:09
      ComboFix-quarantined-files.txt 2008-11-18 22:04:02

      Avant-CF: 26 920 796 160 octets libres
      Après-CF: 27,472,179,200 octets libres

      202 --- E O F --- 2008-11-16 02:01:50
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    c'est quoi ton lecteur e ? . Refais otmovit en mettant bien :files devant le fichier . Remets ensuite un rapport hijackthis et dis tes soucis actuels
    0
  4. nathrv
     
    Merci jlpjlp pour ton aide
    mon problème est résolu : le spyware a été éradiquer... ;-)
    0