Tom's Guide > Forum > Sécurité - Virus > Virus qui change le fond d'écran

Virus qui change le fond d'écran

Forum Sécurité - Virus : Virus qui change le fond d'écran

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
Gruic   16-09-2008 à 20:38:09

Bonjour à tous.
Tout d'abord je vous remercie pour le temps que vous consacrez aux noobs comme moi.
En plus du win32 dont je n'arrive pas à me débarrasser sur mes 2 pc, voila que mon pc principal se trouve affecté.
Je vous explique.
Mon fond d'écran à changer et a été remplacé par : Warning spyware detected on your computer. Un fond rouge et blanc. Puis en dessous il est marqué : warning win32/adware.virtumonde detected on your computer

L'icone bureau a disparu quand je fais clique droit. En suivant les indications du forum, j'ai réussit à remettre le bureau et à changer le fond d'écran. Mais à chaque fois que je redémarre l'ecran change à nouveau. Le nom du fond d'écran est :

1hc5a9j0e91e

Je ne le trouve pas sur le pc.

Au bout d'une à deux heures, le pc affiche un écran bleu et je ne peux plus m'en servir.
Que dois-je faire ?

Je précise que je suis mauvais en informatique mais que je vais faire des efforts. J'ajouterais que je ne suis pas du genre à demander sans offrir, et si un jour je peux vous rendre la pareille quelque soit le domaine je le ferais avec grand plaisir.
Si quelqu'un arrive à soigner mes pc mal en point ,je m'engage à lui envoyer des nonnettes à l'abricot ^^

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Angeldark   16-09-2008 à 20:48:11
- 0 +

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   16-09-2008 à 21:52:49
- 0 +

Mon pc principal ne veut plus démarrer :(
En attendant, je vous propose de m'aider sur mon pc auxiliaire, dont voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:48, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [qpd259z] C:\WINDOWS\system32\qpd259z.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O20 - Winlogon Notify: ncczpxva - C:\WINDOWS\SYSTEM32\dbmsrpcng.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6378 bytes

Répondre à Gruic
Angeldark   17-09-2008 à 12:38:49
- 0 +

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   17-09-2008 à 17:25:28
- 0 +

Alors, je crois que j'ai cafouillé. Il m'a demandé de redémarrer à la fin de la recherche donc c'est ce que j'ai fait mais au redémarrage j'avais plus de rapport. J'ai voulu recommencer un scan mais impossible. Du coup, en cherchant dans le logiciel dans la rubrique rapport/log, j'ai quand même trouvé ça :

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1163
Windows 5.1.2600 Service Pack 2

17/09/2008 16:15:46
mbam-log-2008-09-17 (16-15-46).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 78535
Temps écoulé: 51 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{221251be-fb26-44ca-98af-699d55ecafe2} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{221251be-fb26-44ca-98af-699d55ecafe2} (Trojan.BHO.H) -> Delete on reboot.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\AppCert (Trojan.Downloader) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\comsnapv.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\AppCert\hb13a.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AppCert\filter.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AppCert\hb13c.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AppCert\options.dat (Trojan.Downloader) -> Quarantined and deleted successfully.

Sinon mon pc principal redémarre mais je propose de terminer de s'occuper de ce pc avant de faire l'autre, maintenant qu'on a commencé.

Répondre à Gruic
Angeldark   17-09-2008 à 18:01:22
- 0 +

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Valou1310   17-09-2008 à 19:01:15
- 0 +

Bonsoir!

J'ai posté hier un message sur ce forum, dans un topic sensiblement identique, en décrivant exactement les mêmes "symptômes" que "Gruic". J'ai installé et executé "MalwareByte's Anti-Malware" en mode sans-echec, en analyse complete. Il s'est avéré que je ne pouvais pas terminer cette analyse, l'écran devient bleu au bout de 5 min. Cet écran bleu n'est qu'un fond d'écran, il suffit d'un simple "ctrl+alt+supr" pour revenir sur le bureau, ou d'une activité de la souris pour éviter son apparition. J'ai ensuite redémarré mon pc en mode normal : la bestiole était encore là. J'ai mis a jour la base de données "anti-malware", relancé sans convictions un scan "rapide", qui m'a signalé 26 infections diverses. Au redémarrage, plus de fond d'écran alarmant, ni de message proposant d'installer le fameux antivirus. De plus, mon Ie ne me redirige plus vers des sites publicitaires.

Voila mon rapport "MalwareByte's Anti-Malware" avant le redémarrage final (la bête doit se cacher là-dedans) :



Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1164
Windows 5.1.2600 Service Pack 2

17/09/2008 18:37:55
mbam-log-2008-09-17 (18-37-55).txt

Type de recherche: Examen rapide
Eléments examinés: 84287
Temps écoulé: 17 minute(s), 33 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
C:\WINDOWS\system32\lphc3e2j0erba.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\blphc3e2j0erba.scr (Fake.BlueScreenError) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3e2j0erba (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc7e2j0erba (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\blphc3e2j0erba.scr (Fake.BlueScreenError) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\lphc3e2j0erba.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3e2j0erba.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\w32usb2.exe (Worm.Rbot) -> Quarantined and deleted successfully.


En esperant que cela puisse vous aider,

Merci aux "helpers" et leurs super conseils.

Valou

Répondre à Valou1310
Gruic   17-09-2008 à 19:06:46
- 0 +

Voila :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:29, on 17/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [qpd259z] C:\WINDOWS\system32\qpd259z.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O20 - Winlogon Notify: ncczpxva - C:\WINDOWS\SYSTEM32\dbmsrpcng.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6332 bytes

Répondre à Gruic
Angeldark   17-09-2008 à 19:08:07
- 0 +

Valou1310, chacun son sujet.
---
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   17-09-2008 à 20:42:43
- 0 +

voila :)

ComboFix 08-09-16.05 - Administrateur 2008-09-17 20:12:11.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.113 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Cookies\administrateur@2o7[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@ads.pointroll[1].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@edt02[1].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@revsci[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@serving-sys[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@tracker.affistats[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@trafiz[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@www.mp3search[1].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@www.pixmania[1].txt
C:\Documents and Settings\Administrateur\Favoris\.url
C:\install\install.exe
C:\WINDOWS\system32\appcert
C:\WINDOWS\system32\rtl60.bpl
E:\autorun.inf
C:\WINDOWS\system32\comsnapv.dll . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-17 au 2008-09-17 ))))))))))))))))))))))))))))))))))))
.

2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-17 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 21:36 . 2008-09-16 21:36 <REP> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 18:42 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2007-04-23 21:13 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-04-23 21:13 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
2006-11-15 14:12 680 -c--a-w C:\Program Files\mpc2.reg
2006-11-15 14:12 596 -c--a-w C:\Program Files\mpc1.reg
2006-11-15 14:12 30,164 -c--a-w C:\Program Files\ffdsvsetts.reg
2006-11-15 14:12 3,476 -c--a-w C:\Program Files\mpc7.reg
2006-11-15 14:12 3,236 -c--a-w C:\Program Files\mpc4.reg
2006-11-15 14:12 3,026 -c--a-w C:\Program Files\mpc3.reg
2006-11-15 14:12 18,156 -c--a-w C:\Program Files\mpc6.reg
2006-11-15 14:12 16,166 -c--a-w C:\Program Files\mpc5.reg
2006-11-15 14:12 1,176 -c--a-w C:\Program Files\ffdssetts.reg
2006-11-15 14:12 1,172 -c--a-w C:\Program Files\ffdsasetts.reg
2006-09-05 13:34 4,482 -c--a-w C:\Program Files\satsukidecodersettings.ini
2005-12-23 23:06 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 10:06 163,328 -csh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
.

------- Sigcheck -------

2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
2001-08-24 16:00 84992 --a------ C:\WINDOWS\system32\comsnapv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]
2001-08-24 16:00 104960 --a------ c:\windows\system32\dbmsrpcng.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 282624]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"CreativeMixer"="C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE" [1999-11-18 20480]
"Register MediaRing Talk"="C:\Program Files\MediaRing Talk\register.exe" [1999-11-30 73728]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 79224]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
2001-08-24 16:00 104960 C:\WINDOWS\system32\dbmsrpcng.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MJPG"= JPEGCODE.DLL
"VIDC.VP40"= vp4vfw.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Diablo II\\Game.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\NetP4\\NetP4.exe"=

R0 wabppbrf;wabppbrf;C:\WINDOWS\system32\drivers\wabppbrf.sys [2001-08-24 23424]
R2 ssvcpifn;USB Bus q1cf4 Controller;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ssvcpifn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f96ecc0-7a2a-11db-aedb-000475733ddb}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-ID - (no file)
Toolbar-SITEguard - (no file)
HKCU-Run-qpd259z - C:\WINDOWS\system32\qpd259z.exe


.
------- Examen suppl‚mentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\1dp2en4w.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 20:21:37
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????D?tecteur de disque???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ??????k??w??????????@???????????????????B?????,?????????????????????????????B

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
.
**************************************************************************
.
Heure de fin: 2008-09-17 20:27:44 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-17 18:27:31

Avant-CF: 2,743,484,416 octets libres
AprŠs-CF: 2,950,610,944 octets libres

164

Répondre à Gruic
Angeldark   18-09-2008 à 16:57:34
- 0 +

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\comsnapv.dll
C:\WINDOWS\system32\dbmsrpcng.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   18-09-2008 à 21:30:41
- 0 +

voila :)

ComboFix 08-09-16.05 - Administrateur 2008-09-18 20:48:52.2 - NTFSx86
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\comsnapv.dll . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-18 au 2008-09-18 ))))))))))))))))))))))))))))))))))))
.

2008-09-18 15:01 . 2008-09-18 15:01 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-17 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 21:36 . 2008-09-16 21:36 <REP> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 18:42 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2007-04-23 21:13 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-04-23 21:13 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
2006-11-15 14:12 680 -c--a-w C:\Program Files\mpc2.reg
2006-11-15 14:12 596 -c--a-w C:\Program Files\mpc1.reg
2006-11-15 14:12 30,164 -c--a-w C:\Program Files\ffdsvsetts.reg
2006-11-15 14:12 3,476 -c--a-w C:\Program Files\mpc7.reg
2006-11-15 14:12 3,236 -c--a-w C:\Program Files\mpc4.reg
2006-11-15 14:12 3,026 -c--a-w C:\Program Files\mpc3.reg
2006-11-15 14:12 18,156 -c--a-w C:\Program Files\mpc6.reg
2006-11-15 14:12 16,166 -c--a-w C:\Program Files\mpc5.reg
2006-11-15 14:12 1,176 -c--a-w C:\Program Files\ffdssetts.reg
2006-11-15 14:12 1,172 -c--a-w C:\Program Files\ffdsasetts.reg
2006-09-05 13:34 4,482 -c--a-w C:\Program Files\satsukidecodersettings.ini
2005-12-23 23:06 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 10:06 163,328 -csh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
.

------- Sigcheck -------

2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-17_20.26.22.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-03-30 10:08:34 40,128 -c--a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-18 18:44:15 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-30 10:08:34 48,856 -c--a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-09-18 18:44:15 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-03-30 10:08:34 311,740 -c--a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-18 18:44:15 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-30 10:08:34 368,076 -c--a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-09-18 18:44:15 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2001-08-24 14:00:00 45,824 ----a-w C:\WINDOWS\system32\rqlnzdvu.dat
+ 2001-08-24 14:00:00 50,432 ----a-w C:\WINDOWS\system32\rqlnzdvu.dat
+ 2008-09-18 18:55:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4ac.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
2001-08-24 16:00 84992 --a------ C:\WINDOWS\system32\comsnapv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]
2001-08-24 16:00 104960 --a------ c:\windows\system32\dbmsrpcng.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 282624]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"CreativeMixer"="C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE" [1999-11-18 20480]
"Register MediaRing Talk"="C:\Program Files\MediaRing Talk\register.exe" [1999-11-30 73728]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 79224]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
2001-08-24 16:00 104960 C:\WINDOWS\system32\dbmsrpcng.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MJPG"= JPEGCODE.DLL
"VIDC.VP40"= vp4vfw.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Diablo II\\Game.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\NetP4\\NetP4.exe"=

R0 wabppbrf;wabppbrf;C:\WINDOWS\system32\drivers\wabppbrf.sys [2001-08-24 23424]
R2 ssvcpifn;USB Bus q1cf4 Controller;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ssvcpifn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f96ecc0-7a2a-11db-aedb-000475733ddb}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
.
------- Examen suppl‚mentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\1dp2en4w.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 20:58:54
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????D?tecteur de disque???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ??????k??w??????????@?S?????????????????B?????,????????????????????P????????B

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
.
**************************************************************************
.
Heure de fin: 2008-09-18 21:04:00 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-18 19:03:51
ComboFix2.txt 2008-09-17 18:27:47

Avant-CF: 2,203,172,864 octets libres
AprŠs-CF: 2,201,645,056 octets libres

160

et aussi :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12, on 18/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O20 - Winlogon Notify: ncczpxva - C:\WINDOWS\SYSTEM32\dbmsrpcng.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6557 bytes

Répondre à Gruic
Angeldark   19-09-2008 à 18:15:54
- 0 +

Re,

Utilise ce scrit :

Rootkit::
C:\WINDOWS\system32\comsnapv.dll
C:\WINDOWS\system32\dbmsrpcng.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   19-09-2008 à 19:47:28
- 0 +

Voici le rapport :

ComboFix 08-09-16.05 - Administrateur 2008-09-19 18:52:31.3 - NTFSx86
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
/wow section - STAGE 8
L'opération demandée n'a pu s'accomplir sur un fichier ayant une section mappée utilisateur ouverte.


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\comsnapv.dll . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-19 au 2008-09-19 ))))))))))))))))))))))))))))))))))))
.

2008-09-18 15:01 . 2008-09-18 15:01 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-17 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 21:36 . 2008-09-16 21:36 <REP> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 18:42 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2007-04-23 21:13 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-04-23 21:13 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
2006-11-15 14:12 680 -c--a-w C:\Program Files\mpc2.reg
2006-11-15 14:12 596 -c--a-w C:\Program Files\mpc1.reg
2006-11-15 14:12 30,164 -c--a-w C:\Program Files\ffdsvsetts.reg
2006-11-15 14:12 3,476 -c--a-w C:\Program Files\mpc7.reg
2006-11-15 14:12 3,236 -c--a-w C:\Program Files\mpc4.reg
2006-11-15 14:12 3,026 -c--a-w C:\Program Files\mpc3.reg
2006-11-15 14:12 18,156 -c--a-w C:\Program Files\mpc6.reg
2006-11-15 14:12 16,166 -c--a-w C:\Program Files\mpc5.reg
2006-11-15 14:12 1,176 -c--a-w C:\Program Files\ffdssetts.reg
2006-11-15 14:12 1,172 -c--a-w C:\Program Files\ffdsasetts.reg
2006-09-05 13:34 4,482 -c--a-w C:\Program Files\satsukidecodersettings.ini
2005-12-23 23:06 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 10:06 163,328 -csh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
.

------- Sigcheck -------

2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-17_20.26.22.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-03-30 10:08:34 40,128 -c--a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-18 18:44:15 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-30 10:08:34 48,856 -c--a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-09-18 18:44:15 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-03-30 10:08:34 311,740 -c--a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-18 18:44:15 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-30 10:08:34 368,076 -c--a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-09-18 18:44:15 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-09-19 16:59:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4b8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
2001-08-24 16:00 84992 --a------ C:\WINDOWS\system32\comsnapv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]
2001-08-24 16:00 104960 --a------ c:\windows\system32\dbmsrpcng.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 282624]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"CreativeMixer"="C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE" [1999-11-18 20480]
"Register MediaRing Talk"="C:\Program Files\MediaRing Talk\register.exe" [1999-11-30 73728]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 79224]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
2001-08-24 16:00 104960 C:\WINDOWS\system32\dbmsrpcng.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MJPG"= JPEGCODE.DLL
"VIDC.VP40"= vp4vfw.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Diablo II\\Game.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\NetP4\\NetP4.exe"=

R0 wabppbrf;wabppbrf;C:\WINDOWS\system32\drivers\wabppbrf.sys [2001-08-24 23424]
R2 ssvcpifn;USB Bus q1cf4 Controller;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ssvcpifn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f96ecc0-7a2a-11db-aedb-000475733ddb}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
.
------- Examen suppl‚mentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\1dp2en4w.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 19:01:14
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????D?tecteur de disque???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ??????k??w??????????@???????????????????B?????,?????????????????????????????B

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
.
**************************************************************************
.
Heure de fin: 2008-09-19 19:06:44 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-19 17:06:29
ComboFix2.txt 2008-09-18 19:04:03
ComboFix3.txt 2008-09-17 18:27:47

Avant-CF: 2,168,643,584 octets libres
AprŠs-CF: 2,181,722,112 octets libres

163

Répondre à Gruic
Angeldark   19-09-2008 à 20:04:25
- 0 +

Tu peux lancer le script en mode sans échec pour voir ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   20-09-2008 à 12:35:58
- 0 +

voila :)

ComboFix 08-09-16.05 - Administrateur 2008-09-20 12:08:05.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.147 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt..txt

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\comsnapv.dll . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))
.

2008-09-18 15:01 . 2008-09-18 15:01 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-17 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 21:36 . 2008-09-16 21:36 <REP> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 18:42 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2007-04-23 21:13 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-04-23 21:13 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
2006-11-15 14:12 680 -c--a-w C:\Program Files\mpc2.reg
2006-11-15 14:12 596 -c--a-w C:\Program Files\mpc1.reg
2006-11-15 14:12 30,164 -c--a-w C:\Program Files\ffdsvsetts.reg
2006-11-15 14:12 3,476 -c--a-w C:\Program Files\mpc7.reg
2006-11-15 14:12 3,236 -c--a-w C:\Program Files\mpc4.reg
2006-11-15 14:12 3,026 -c--a-w C:\Program Files\mpc3.reg
2006-11-15 14:12 18,156 -c--a-w C:\Program Files\mpc6.reg
2006-11-15 14:12 16,166 -c--a-w C:\Program Files\mpc5.reg
2006-11-15 14:12 1,176 -c--a-w C:\Program Files\ffdssetts.reg
2006-11-15 14:12 1,172 -c--a-w C:\Program Files\ffdsasetts.reg
2006-09-05 13:34 4,482 -c--a-w C:\Program Files\satsukidecodersettings.ini
2005-12-23 23:06 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 10:06 163,328 -csh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
.

------- Sigcheck -------

2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-17_20.26.22.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-03-30 10:08:34 40,128 -c--a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-18 18:44:15 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-30 10:08:34 48,856 -c--a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-09-18 18:44:15 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-03-30 10:08:34 311,740 -c--a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-18 18:44:15 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-30 10:08:34 368,076 -c--a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-09-18 18:44:15 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-09-20 10:14:25 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_4a0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
2001-08-24 16:00 84992 --a------ C:\WINDOWS\system32\comsnapv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]
2001-08-24 16:00 104960 --a------ c:\windows\system32\dbmsrpcng.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 282624]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"CreativeMixer"="C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE" [1999-11-18 20480]
"Register MediaRing Talk"="C:\Program Files\MediaRing Talk\register.exe" [1999-11-30 73728]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 79224]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
2001-08-24 16:00 104960 C:\WINDOWS\system32\dbmsrpcng.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MJPG"= JPEGCODE.DLL
"VIDC.VP40"= vp4vfw.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Diablo II\\Game.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\NetP4\\NetP4.exe"=

R0 wabppbrf;wabppbrf;C:\WINDOWS\system32\drivers\wabppbrf.sys [2001-08-24 23424]
S2 ssvcpifn;USB Bus q1cf4 Controller;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ssvcpifn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f96ecc0-7a2a-11db-aedb-000475733ddb}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 12:16:35
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????D?tecteur de disque???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ??????k??w??????????@???????????????????B?????,?????????????????????????????B

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-09-20 12:21:33 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-20 10:21:17
ComboFix2.txt 2008-09-19 17:06:47
ComboFix3.txt 2008-09-18 19:04:03
ComboFix4.txt 2008-09-17 18:27:47

Avant-CF: 2,192,969,728 octets libres
AprŠs-CF: 2,164,486,144 octets libres

146v

Répondre à Gruic
Angeldark   20-09-2008 à 13:15:48
- 0 +

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   20-09-2008 à 19:16:43
- 0 +

voila :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59, on 20/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: ncczpxva - C:\WINDOWS\SYSTEM32\dbmsrpcng.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6941 bytes

Répondre à Gruic
Angeldark   20-09-2008 à 20:32:45
- 0 +

Analyse le fichier suivant sur VirusTotal puis poste le rapport :
C:\WINDOWS\system32\drivers\wabppbrf.sys

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   20-09-2008 à 21:03:04
- 0 +

VirusTotal c'est un site internet ?

Répondre à Gruic
Gruic   20-09-2008 à 22:16:02
- 0 +

Voila ce que j'ai obtenu, j'espère que c'est ça :


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.19 -
Authentium 5.1.0.4 2008.09.20 -
Avast 4.8.1195.0 2008.09.20 -
AVG 8.0.0.161 2008.09.20 -
BitDefender 7.2 2008.09.20 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.20 -
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6096 2008.09.20 -
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.20 -
F-Secure 8.0.14332.0 2008.09.20 -
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 -
Ikarus T3.1.1.34.0 2008.09.20 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.20 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.20 -
NOD32v2 3457 2008.09.19 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.20 -
Prevx1 V2 2008.09.20 -
Rising 20.62.52.00 2008.09.20 -
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.20 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.20 -
Webwasher-Gateway 6.6.2 2008.07.21 -
Information additionnelle
File size: 23424 bytes
MD5...: 9bb6476d5541c1224c13cb19a6508e96
SHA1..: c32e5a0588640d9a7e68974d5d435638122fb36b
SHA256: 1d52e9dee5a610c24630865f9dd590891b172e56fc91d403b42544b63fd2ff38
SHA512: 7351d1622b167b4517d2bbf1ab8cf00344e7e65901a20e1766af717a13c29326
9bd31e54e1c54c7c189f8e5ad7af4e670969ac719464681acc77bd3b853dce26
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x12400
timedatestamp.....: 0x40689f9d (Mon Mar 29 22:13:49 2004)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2e0 0x16d8 0x16e0 6.51 5ade89779f0da717fd7a1db98e8a42f3
.rdata 0x19c0 0xc0 0xc0 3.33 aa06cc90af1cea6eb2820c84195b23eb
.data 0x1a80 0x70 0x80 2.57 f072e640a7cad8573e232adbb42e8417
PAGE 0x1b00 0x8e7 0x900 5.50 2f1383365f7bc07d1422165127e37823
INIT 0x2400 0x3f6 0x400 5.29 625dd9343bf1bbd53b4e72983cbbac76
.otwt 0x2800 0x2d21 0x2d21 7.75 69a51c3e14575caaa5305b4450bc5bda
.rsrc 0x5521 0x488 0x4a0 3.32 2ac2fe04e64f40b29c11040eb9d7143b
.reloc 0x59c1 0x170 0x180 5.41 9cba778e7c34343a9be67144c03dddd5

( 2 imports )
> ntoskrnl.exe: IoBuildSynchronousFsdRequest, IoGetAttachedDeviceReference, KeInitializeEvent, memcpy, memset, IoDeleteDevice, IoAttachDeviceToDeviceStack, PoSetPowerState, KeInitializeSpinLock, IoCreateDevice, IoDetachDevice, IofCompleteRequest, IofCallDriver, InterlockedExchange, KefAcquireSpinLockAtDpcLevel, IoReleaseCancelSpinLock, KeClearEvent, InterlockedIncrement, InterlockedDecrement, PoCallDriver, PoStartNextPowerIrp, ExFreePool, PoRequestPowerIrp, ExAllocatePoolWithTag, IoQueueWorkItem, IoAllocateWorkItem, IoFreeWorkItem, KeWaitForSingleObject, KeSetEvent, ObfDereferenceObject
> HAL.dll: KfReleaseSpinLock, KfAcquireSpinLock

( 0 exports )

Répondre à Gruic
Angeldark   20-09-2008 à 22:20:25
- 0 +

En espérant que ça fonctionne là.

Driver::
ssvcpifn

Rootkit::
C:\WINDOWS\system32\comsnapv.dll
C:\WINDOWS\system32\dbmsrpcng.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   21-09-2008 à 11:01:41
- 0 +

voila voila :

ComboFix 08-09-16.05 - Administrateur 2008-09-21 10:25:32.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.153 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt..txt

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\comsnapv.dll . . . . impossible à supprimer

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSVCPIFN
-------\Service_ssvcpifn


((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-21 au 2008-09-21 ))))))))))))))))))))))))))))))))))))
.

2008-09-20 18:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-20 17:02 . 2008-09-20 17:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
2008-09-20 16:51 . 2008-09-20 16:52 <REP> d-------- C:\Program Files\Glary Utilities
2008-09-20 16:51 . 2008-09-20 16:52 <REP> d-------- C:\Program Files\Crawler
2008-09-20 16:51 . 2008-09-20 17:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-20 16:51 . 2008-09-20 17:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Spyware Terminator
2008-09-20 16:51 . 2008-09-20 16:51 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-20 16:50 . 2008-09-20 17:39 <REP> d-------- C:\Program Files\Spyware Terminator
2008-09-18 15:01 . 2008-09-18 15:01 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-17 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 21:36 . 2008-09-16 21:36 <REP> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 08:28 104,960 ----a-w C:\WINDOWS\system32\dacqukqts.dll
2008-09-20 16:10 --------- d-----w C:\Program Files\Java
2008-09-20 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-20 15:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-03 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 18:42 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2007-04-23 21:13 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-04-23 21:13 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
2006-11-15 14:12 680 -c--a-w C:\Program Files\mpc2.reg
2006-11-15 14:12 596 -c--a-w C:\Program Files\mpc1.reg
2006-11-15 14:12 30,164 -c--a-w C:\Program Files\ffdsvsetts.reg
2006-11-15 14:12 3,476 -c--a-w C:\Program Files\mpc7.reg
2006-11-15 14:12 3,236 -c--a-w C:\Program Files\mpc4.reg
2006-11-15 14:12 3,026 -c--a-w C:\Program Files\mpc3.reg
2006-11-15 14:12 18,156 -c--a-w C:\Program Files\mpc6.reg
2006-11-15 14:12 16,166 -c--a-w C:\Program Files\mpc5.reg
2006-11-15 14:12 1,176 -c--a-w C:\Program Files\ffdssetts.reg
2006-11-15 14:12 1,172 -c--a-w C:\Program Files\ffdsasetts.reg
2006-09-05 13:34 4,482 -c--a-w C:\Program Files\satsukidecodersettings.ini
2005-12-23 23:06 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 10:06 163,328 -csh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
.

------- Sigcheck -------

2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
2001-08-24 16:00 84992 --a------ C:\WINDOWS\system32\comsnapv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]
2008-09-21 10:28 104960 --a------ c:\windows\system32\dbmsrpcng.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 282624]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"CreativeMixer"="C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE" [1999-11-18 20480]
"Register MediaRing Talk"="C:\Program Files\MediaRing Talk\register.exe" [1999-11-30 73728]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2008-07-19 78008]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-20 1783808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
2008-09-21 10:28 104960 C:\WINDOWS\system32\dbmsrpcng.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MJPG"= JPEGCODE.DLL
"VIDC.VP40"= vp4vfw.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Diablo II\\Game.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\NetP4\\NetP4.exe"=

R0 wabppbrf;wabppbrf;C:\WINDOWS\system32\drivers\wabppbrf.sys [2001-08-24 23424]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-20 141312]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ssvcpifn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f96ecc0-7a2a-11db-aedb-000475733ddb}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contenu du dossier 'Tƒches planifi‚es'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 10:33:55
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????D?tecteur de disque???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ??????k??w??????????@??? ???????????????B?????,?????????????????????????????B

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-09-21 10:39:58 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-21 08:39:48
ComboFix2.txt 2008-09-20 10:21:37
ComboFix3.txt 2008-09-19 17:06:47
ComboFix4.txt 2008-09-18 19:04:03
ComboFix5.txt 2008-09-21 08:24:45

Avant-CF: 1,914,310,656 octets libres
AprŠs-CF: 1,863,753,728 octets libres

153

Répondre à Gruic
Angeldark   21-09-2008 à 13:01:38
- 0 +

Je te tiens au courant je cherche là.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   21-09-2008 à 14:18:37
- 0 +

Tu penses que je suis encore infecté ?

Répondre à Gruic
Angeldark   21-09-2008 à 14:27:12
- 0 +

Un fichier ne veut pas partir.

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

Files to delete:
C:\WINDOWS\system32\comsnapv.dll
C:\WINDOWS\system32\dbmsrpcng.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sur ton Bureau sous le nom de remove.txt.
Enregistre le sous sur ton Bureau sous le nom de Remove.txt

Télécharge The Avenger (Swandog46).

  • Dézippe-le sur ton Bureau.
  • Double clique sur avenger.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Sélectionne Load Script from File (1) et choisis ensuite ton fichier remove.txt.


http://thespykiller.co.uk/hjt/sd/sdpics/avenger/avenger%202.png

  • Coche les cases Scan for rootkits et Automatically disable any rootkits found (2).
  • Clique ensuite sur le bouton Execute (3).
  • Après le redémarrage, poste le rapport The Avenger (C:\avenger.txt*).

* le nom de la partition peut changer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   21-09-2008 à 16:19:55
- 0 +

voila :

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "C:\WINDOWS\system32\comsnapv.dll"
Deletion of file "C:\WINDOWS\system32\comsnapv.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: could not open file "C:\WINDOWS\system32\dbmsrpcng.dll"
Deletion of file "C:\WINDOWS\system32\dbmsrpcng.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: could not open registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva" for deletion
Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

J'essaye en mode sans échec ?

Répondre à Gruic
Angeldark   21-09-2008 à 17:08:55
- 0 +

On va creuser autre part.

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   21-09-2008 à 20:04:55
- 0 +

J'ai un messsage qui dit que gmer n'a trouvé aucune modification et quand j'ouvre le bloc note c'est l'ancien rapport de avenger qui apparait.

Répondre à Gruic
Angeldark   21-09-2008 à 20:25:12
- 0 +

On va essayer encore autre chose.

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   22-09-2008 à 16:07:37
- 0 +

J'ai mis plusieurs choses en quarantaine.

Avira AntiVir Personal
Report file date: lundi 22 septembre 2008 14:51

Scanning for 1628080 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Administrateur
Computer name: ORDIGEFF2

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 12:27:38
ANTIVIR3.VDF : 7.0.6.192 234496 Bytes 22/09/2008 12:27:40
Engineversion : 8.1.1.34
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 22/09/2008 12:27:50
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 22/09/2008 12:27:49
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 22/09/2008 12:27:47
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 22/09/2008 12:27:46
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 22/09/2008 12:27:44
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 22/09/2008 12:27:42
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 22/09/2008 12:27:41
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 22 septembre 2008 14:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'CToolbar.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned
Scan process 'Mediadet.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'Ctsvccda.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned
Scan process 'Res.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'Ctmix32.exe' - '1' Module(s) have been scanned
Scan process 'CTNotify.exe' - '1' Module(s) have been scanned
Scan process 'TotRecSched.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\dbmsrpcng.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '49449585.qua'!

The registry was scanned ( '45' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\ARK14.tmp
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49229581.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\catchme2008-09-17_201621,75.zip
[0] Archive type: ZIP
--> comsnapv.dll
[DETECTION] Is the TR/Spy.BZub.NGP.7 Trojan
[NOTE] The file was moved to '494ba0a4.qua'!
C:\QooBox\Quarantine\catchme2008-09-17_202004.38.zip
[0] Archive type: ZIP
--> Documents and Settings/Administrateur/Bureau/catchme.zip
[1] Archive type: ZIP
--> comsnapv.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '494ba0a6.qua'!
C:\QooBox\Quarantine\catchme2008-09-18_205258,85.zip
[0] Archive type: ZIP
--> comsnapv.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '494ba0a9.qua'!
C:\QooBox\Quarantine\catchme2008-09-18_205809.13.zip
[0] Archive type: ZIP
--> Documents and Settings/Administrateur/Bureau/catchme.zip
[1] Archive type: ZIP
--> comsnapv.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '494ba0ab.qua'!
C:\QooBox\Quarantine\catchme2008-09-19_185628,59.zip
[0] Archive type: ZIP
--> comsnapv.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '494ba0ad.qua'!
C:\QooBox\Quarantine\catchme2008-09-19_190024.03.zip
[0] Archive type: ZIP
--> Documents and Settings/Administrateur/Bureau/catchme.zip
[1] Archive type: ZIP
--> comsnapv.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '494ba0af.qua'!
C:\QooBox\Quarantine\catchme2008-09-20_121107,63.zip
[0] Archive type: ZIP
--> comsnapv.dll
[DETECTION] Is the TR/Trash.Gen Trojan
--> comsnapv.dll.1
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '494ba0b1.qua'!
C:\QooBox\Quarantine\catchme2008-09-20_121546.15.zip
[0] Archive type: ZIP
--> Documents and Settings/Administrateur/Bureau/catchme.zip
[1] Archive type: ZIP
--> comsnapv.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '494ba0bb.qua'!
C:\QooBox\Quarantine\catchme2008-09-21_102818,99.zip
[0] Archive type: ZIP
--> comsnapv.dll
[DETECTION] Is the TR/Trash.Gen Trojan
--> comsnapv.dll.1
[DETECTION] Is the TR/Trash.Gen Trojan
--> dbmsrpcng.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '494ba0bc.qua'!
C:\QooBox\Quarantine\catchme2008-09-21_103313.52.zip
[0] Archive type: ZIP
--> Documents and Settings/Administrateur/Bureau/catchme.zip
[1] Archive type: ZIP
--> comsnapv.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '494ba0c1.qua'!
C:\WINDOWS\system32\comsnapv.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4944a223.qua'!
C:\WINDOWS\system32\dbmsrpcng.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: lundi 22 septembre 2008 15:51
Used time: 1:00:24 Hour(s)

The scan has been done completely.

3425 Scanning directories
175594 Files were scanned
16 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
13 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
175575 Files not concerned
803 Archives were scanned
5 Warnings
13 Notes

Répondre à Gruic
Angeldark   22-09-2008 à 17:00:58
- 0 +

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   22-09-2008 à 20:59:38
- 0 +

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44, on 22/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: ncczpxva - dbmsrpcng.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7041 bytes

Répondre à Gruic
Angeldark   23-09-2008 à 12:27:36
- 0 +

Re,

Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll (file missing)
O20 - Winlogon Notify: ncczpxva - dbmsrpcng.dll (file missing)

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   23-09-2008 à 18:01:21
- 0 +

Je pense que c'est bon. Et maintenant ?

Répondre à Gruic
Angeldark   23-09-2008 à 19:38:36
- 0 +

Reposte quand même un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   24-09-2008 à 11:47:55
- 0 +

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: ncczpxva - dbmsrpcng.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7041 bytes

Répondre à Gruic
Angeldark   24-09-2008 à 12:49:03
- 0 +

Tu as fait ce que j'ai dit avec les lignes ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   25-09-2008 à 01:06:24
- 0 +

Oui, je pense. J'ai suivi le tutoriel. J'ai mal fait quelque chose ?

Répondre à Gruic
Angeldark   25-09-2008 à 16:56:15
- 0 +

Recommence pour voir :)

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   29-09-2008 à 17:22:24
- 0 +

Ca donne ça :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06, on 29/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: ncczpxva - dbmsrpcng.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6778 bytes

Répondre à Gruic
Angeldark   29-09-2008 à 19:46:51
- 0 +

Refais un scan Combofix. Ton pc se comporte mieux ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Gruic   30-09-2008 à 12:44:43
- 0 +

Il est encore lent ùais je pense qu'un scan disk et une defrag devrait aider. Puis-je en faire ?


ComboFix 08-09-28.03 - Administrateur 2008-09-30 12:19:13.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.137 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
.

2008-09-22 14:24 . 2008-09-22 14:24 <REP> d-------- C:\Program Files\Avira
2008-09-22 14:24 . 2008-09-22 14:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-21 19:40 . 2008-09-21 19:58 250 --a------ C:\WINDOWS\gmer.ini
2008-09-20 18:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-20 17:02 . 2008-09-20 17:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
2008-09-20 16:51 . 2008-09-20 16:52 <REP> d-------- C:\Program Files\Glary Utilities
2008-09-20 16:51 . 2008-09-20 16:52 <REP> d-------- C:\Program Files\Crawler
2008-09-20 16:51 . 2008-09-26 16:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-20 16:51 . 2008-09-20 17:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Spyware Terminator
2008-09-20 16:51 . 2008-09-20 16:51 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-20 16:50 . 2008-09-20 17:39 <REP> d-------- C:\Program Files\Spyware Terminator
2008-09-18 15:01 . 2008-09-18 15:01 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-17 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 21:36 . 2008-09-16 21:36 <REP> d-------- C:\Program Files\Trend Micro
2008-08-03 20:42 . 2008-08-03 20:42 <REP> d-------- C:\Program Files\USB Disk Win98 Driver

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 18:12 --------- d-----w C:\Program Files\MSN Messenger
2008-09-20 16:10 --------- d-----w C:\Program Files\Java
2008-09-20 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-20 15:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-03 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-23 21:13 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-04-23 21:13 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
2006-11-15 14:12 680 -c--a-w C:\Program Files\mpc2.reg
2006-11-15 14:12 596 -c--a-w C:\Program Files\mpc1.reg
2006-11-15 14:12 30,164 -c--a-w C:\Program Files\ffdsvsetts.reg
2006-11-15 14:12 3,476 -c--a-w C:\Program Files\mpc7.reg
2006-11-15 14:12 3,236 -c--a-w C:\Program Files\mpc4.reg
2006-11-15 14:12 3,026 -c--a-w C:\Program Files\mpc3.reg
2006-11-15 14:12 18,156 -c--a-w C:\Program Files\mpc6.reg
2006-11-15 14:12 16,166 -c--a-w C:\Program Files\mpc5.reg
2006-11-15 14:12 1,176 -c--a-w C:\Program Files\ffdssetts.reg
2006-11-15 14:12 1,172 -c--a-w C:\Program Files\ffdsasetts.reg
2006-09-05 13:34 4,482 -c--a-w C:\Program Files\satsukidecodersettings.ini
2005-12-23 23:06 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 10:06 163,328 -csh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
.

------- Sigcheck -------

2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-21_10.38.56.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-21 17:40:33 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
- 2007-09-12 23:50:16 29,926 -c--a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2008-09-21 18:12:34 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2008-09-21 17:40:36 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 282624]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"CreativeMixer"="C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE" [1999-11-18 20480]
"Register MediaRing Talk"="C:\Program Files\MediaRing Talk\register.exe" [1999-11-30 73728]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-20 1783808]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MJPG"= JPEGCODE.DLL
"VIDC.VP40"= vp4vfw.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Diablo II\\Game.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\NetP4\\NetP4.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 wabppbrf;wabppbrf;C:\WINDOWS\system32\drivers\wabppbrf.sys [2001-08-24 23424]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-20 141312]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ssvcpifn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f96ecc0-7a2a-11db-aedb-000475733ddb}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll
BHO-{AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll
Notify-ncczpxva - dbmsrpcng.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\1dp2en4w.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 12:22:38
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????D?tecteur de disque???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ??????k??w??????????@???????????????????B?????,?????????????????????????????B

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-30 12:24:48
ComboFix-quarantined-files.txt 2008-09-30 10:24:40
ComboFix2.txt 2008-09-21 08:40:01
ComboFix3.txt 2008-09-20 10:21:37
ComboFix4.txt 2008-09-19 17:06:47
ComboFix5.txt 2008-09-30 10:17:26

Avant-CF: 1 493 356 544 octets libres
Après-CF: 1,504,563,200 octets libres

150

Répondre à Gruic
Gruic   01-10-2008 à 11:03:30
- 0 +

Je viens de faire une defrag, et apparemment on est pas mal !
Les sites internet sont accessibles rapidement, le pc rame moins, et je n'ai aucun signal de détection de virus.

Je me permet donc Angeldark de te remercier pour ta patience, tes connaissances et ta rapidité de réponse et d'action.
Si tu souhaites gouter une spécialité Dijonnaise, n'hésites pas à m'envoyer ton adresse via mp je t'en ferait parvenir une en guise de remerciement.

Ce site mérite la pub qui en est faite. A la prochaine !

Répondre à Gruic
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Virus qui change le fond d'écran
Aller à :

Il y a 2555 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 1,018 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens