Trojan:Win32/Vundo.gen!AE

Rom_22

28 Novembre 2008 16:10:09

Bonjour.
J'ai attrapé ce trojan hier.
Il ouvre IE au démarrage et affiche un site X.
Windows defender a trouvé le trojan et a fait quelque chose - je ne sais pas exactement quoi. Le résultat, c'est que IE s'ouvre toujopurs au démarrage sur la même page, mais en plus j'ai cette fenêtre:

J'ai lu ce sujet et j'ai fait tous les scans préconnisés sans changer quoi que ce soit (ni quarantaine ni destruction de fichiers).

Voici le log de Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:17:21, on 28/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareCleaner] C:\Windows\system32\SpywareRemover.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGvwttU.dll,#1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxSelfInstallAx...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 6315 bytes

Voici le log de LopSD:

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A10
USER : Rom ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1169 [VPS 081127-1] 4.8.1169 (Activated)
C:\ (Local Disk) - NTFS - Total:48 Go (Free:18 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:6 Go)
E:\ (Local Disk) - NTFS - Total:90 Go (Free:34 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 28/11/2008| 0:29 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[14/04/2008|18:42] C:\Users\Rom\AppData\Local\Adobe
[21/10/2007|20:59] C:\Users\Rom\AppData\Local\Apple
[21/10/2007|21:36] C:\Users\Rom\AppData\Local\Apple Computer
[30/09/2007|12:26] C:\Users\Rom\AppData\Local\Application Data
[28/11/2007|19:26] C:\Users\Rom\AppData\Local\d3d8caps.dat
[16/11/2008|18:29] C:\Users\Rom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[03/10/2007|19:52] C:\Users\Rom\AppData\Local\eMule
[23/06/2008|11:00] C:\Users\Rom\AppData\Local\GDIPFONTCACHEV1.DAT
[05/12/2007|20:59] C:\Users\Rom\AppData\Local\Google
[30/09/2007|12:26] C:\Users\Rom\AppData\Local\Historique
[27/11/2008|21:42] C:\Users\Rom\AppData\Local\IconCache.db
[02/11/2008|22:36] C:\Users\Rom\AppData\Local\Microsoft
[30/06/2008|06:53] C:\Users\Rom\AppData\Local\Microsoft Games
[03/09/2008|19:42] C:\Users\Rom\AppData\Local\Microsoft Help
[11/10/2007|20:32] C:\Users\Rom\AppData\Local\Mozilla
[28/11/2008|00:28] C:\Users\Rom\AppData\Local\Temp
[30/09/2007|12:26] C:\Users\Rom\AppData\Local\Temporary Internet Files
[25/11/2008|21:41] C:\Users\Rom\AppData\Local\TVU Networks
[30/09/2007|21:36] C:\Users\Rom\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[27/11/2008 23:51][--ah-----] C:\Windows\tasks\SA.DAT
[27/11/2008 21:42][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[14/04/2008|17:20] C:\ProgramData\Adobe
[16/11/2008|13:46] C:\ProgramData\Apple
[16/11/2008|14:14] C:\ProgramData\Apple Computer
[02/11/2006|07:02] C:\ProgramData\Application Data
[30/09/2007|21:21] C:\ProgramData\Brother
[30/09/2007|12:21] C:\ProgramData\Bureau
[02/11/2006|07:02] C:\ProgramData\Desktop
[02/11/2006|07:02] C:\ProgramData\Documents
[03/10/2007|19:53] C:\ProgramData\eMule
[30/09/2007|12:21] C:\ProgramData\Favoris
[02/11/2006|07:02] C:\ProgramData\Favorites
[14/04/2008|17:22] C:\ProgramData\FLEXnet
[04/10/2007|17:20] C:\ProgramData\Google
[09/10/2007|19:50] C:\ProgramData\GRETECH
[30/09/2007|13:23] C:\ProgramData\Logishrd
[30/09/2007|13:19] C:\ProgramData\Logitech
[30/09/2007|12:21] C:\ProgramData\Menu D‚marrer
[13/04/2008|20:17] C:\ProgramData\Microsoft
[22/06/2008|23:10] C:\ProgramData\Microsoft Help
[30/09/2007|12:21] C:\ProgramData\ModŠles
[30/09/2007|14:02] C:\ProgramData\Skype
[02/11/2006|07:02] C:\ProgramData\Start Menu
[02/11/2006|07:02] C:\ProgramData\Templates
[25/11/2008|21:41] C:\ProgramData\TVU Networks
[27/11/2008|12:14] C:\ProgramData\WinZipSE

--------------------\\ Listing des dossiers dans C:\Program Files

[14/04/2008|17:21] C:\Program Files\Adobe
[30/09/2007|12:37] C:\Program Files\Alwil Software
[16/11/2008|13:46] C:\Program Files\Apple Software Update
[03/10/2007|21:06] C:\Program Files\Audacity
[26/06/2008|06:47] C:\Program Files\Azureus
[14/04/2008|17:20] C:\Program Files\Bonjour
[06/10/2007|10:17] C:\Program Files\Brother
[17/03/2008|20:33] C:\Program Files\CCleaner
[16/11/2008|14:14] C:\Program Files\Common Files
[16/12/2007|18:51] C:\Program Files\Dell
[25/06/2008|02:49] C:\Program Files\DivX
[01/04/2008|21:11] C:\Program Files\Eleve
[03/10/2007|19:52] C:\Program Files\eMule
[30/09/2007|12:21] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[22/06/2008|11:45] C:\Program Files\FileZilla FTP Client
[21/02/2008|20:20] C:\Program Files\Foxit Software
[06/05/2008|17:10] C:\Program Files\GomPlayer
[07/10/2008|19:02] C:\Program Files\Google
[17/03/2008|20:46] C:\Program Files\gs
[15/04/2008|16:49] C:\Program Files\HotPotatoes
[23/03/2008|17:11] C:\Program Files\Inkscape
[31/03/2008|19:47] C:\Program Files\InstallShield Installation Information
[08/07/2008|05:55] C:\Program Files\Internet Explorer
[21/09/2008|10:12] C:\Program Files\Java
[30/05/2008|19:20] C:\Program Files\LimeWire
[30/09/2007|13:19] C:\Program Files\Logitech
[02/11/2006|06:37] C:\Program Files\Microsoft Games
[22/06/2008|23:04] C:\Program Files\Microsoft Office
[22/06/2008|23:04] C:\Program Files\Microsoft Visual Studio
[22/06/2008|23:04] C:\Program Files\Microsoft Works
[22/06/2008|23:02] C:\Program Files\Microsoft.NET
[08/07/2008|05:55] C:\Program Files\Movie Maker
[15/11/2008|18:58] C:\Program Files\Mozilla Firefox
[02/11/2006|06:37] C:\Program Files\MSBuild
[04/10/2007|17:03] C:\Program Files\PhotoFiltre
[05/12/2007|20:58] C:\Program Files\Picasa2
[16/10/2008|21:47] C:\Program Files\Pivot Stickfigure Animator
[16/11/2008|14:15] C:\Program Files\QuickTime
[17/03/2008|20:19] C:\Program Files\QuickZip4
[12/10/2007|19:04] C:\Program Files\Real
[02/11/2006|06:37] C:\Program Files\Reference Assemblies
[30/09/2007|14:02] C:\Program Files\Skype
[21/09/2008|10:13] C:\Program Files\Sun
[15/05/2008|17:12] C:\Program Files\Synaptics
[28/11/2008|00:17] C:\Program Files\Trend Micro
[19/10/2007|18:57] C:\Program Files\TuxPaint
[02/11/2006|07:01] C:\Program Files\Uninstall Information
[08/07/2008|05:55] C:\Program Files\Windows Calendar
[08/07/2008|05:55] C:\Program Files\Windows Collaboration
[08/07/2008|05:55] C:\Program Files\Windows Defender
[08/07/2008|05:55] C:\Program Files\Windows Journal
[15/10/2008|17:43] C:\Program Files\Windows Mail
[08/07/2008|05:55] C:\Program Files\Windows Media Player
[30/09/2007|12:21] C:\Program Files\Windows NT
[08/07/2008|05:55] C:\Program Files\Windows Photo Gallery
[08/07/2008|05:55] C:\Program Files\Windows Sidebar
[27/11/2008|12:14] C:\Program Files\WinZip Self-Extractor

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[14/04/2008|17:20] C:\Program Files\Common Files\Adobe
[16/11/2008|14:14] C:\Program Files\Common Files\Apple
[22/06/2008|23:04] C:\Program Files\Common Files\DESIGNER
[31/03/2008|20:02] C:\Program Files\Common Files\InstallShield
[04/10/2007|17:18] C:\Program Files\Common Files\Java
[30/09/2007|13:19] C:\Program Files\Common Files\logishrd
[14/04/2008|17:12] C:\Program Files\Common Files\Macrovision Shared
[22/06/2008|23:10] C:\Program Files\Common Files\microsoft shared
[05/10/2007|17:00] C:\Program Files\Common Files\PX Storage Engine
[09/04/2008|19:58] C:\Program Files\Common Files\Real
[02/11/2006|05:18] C:\Program Files\Common Files\Services
[30/09/2007|14:02] C:\Program Files\Common Files\Skype
[02/11/2006|05:18] C:\Program Files\Common Files\SpeechEngines
[08/07/2008|05:55] C:\Program Files\Common Files\System
[09/04/2008|19:59] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 60 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\Rom\AppData\Local\Temp\NSISGSearchCheck.dll
C:\Users\Rom\AppData\Local\Temp\nsn9223.tmp
C:\Users\Rom\AppData\Roaming\MICROS~1\Windows\Cookies\rom@adultfriendfinder[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 00:26:52
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 00:29:18
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:4193][D:138]-> C:\Users\Rom\AppData\Local\Temp
[F:119][D:1]-> C:\Users\Rom\AppData\Roaming\MICROS~1\Windows\Cookies
[F:688][D:6]-> C:\Users\Rom\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:2][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 28/11/2008| 0:34 - Option : [1]

--------------------\\ Fin du rapport a 0:34:07
[ UAC => 1 ]

Voici le log de mbam:

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 6.0.6001 Service Pack 1

28/11/2008 08:56:25
mbam-log-2008-11-28 (08-56-11).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 198108
Temps écoulé: 46 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Voici le log RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Rom at 2008-11-28 09:04:22
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 19 GB (38%) free of 50 GB
Total RAM: 2038 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:04:31, on 28/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32\SpywareRemover.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Rom\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rom.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareCleaner] C:\Windows\system32\SpywareRemover.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGvwttU.dll,#1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxSelfInstallAx...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 6350 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-09-13 1312040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-09 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-10-05 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-10-05 2436160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-03-29 79224]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"MSConfig"=C:\Windows\system32\msconfig.exe [2008-01-19 227840]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-11-24 622592]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"SpywareCleaner"=C:\Windows\system32\SpywareRemover.exe [2008-11-26 297697]
"MSServer"=C:\Windows\system32\hgGvwttU.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-10-05 171448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-10-05 171448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l []

C:\Users\Rom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - D:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\Windows\system32\hgGvwttU.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-28 09:04:22 ----D---- C:\rsit
2008-11-28 00:43:37 ----D---- C:\Users\Rom\AppData\Roaming\Malwarebytes
2008-11-28 00:43:33 ----D---- C:\ProgramData\Malwarebytes
2008-11-28 00:43:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-28 00:41:59 ----A---- C:\Windows\ntbtlog.txt
2008-11-28 00:26:36 ----A---- C:\lopR.txt
2008-11-28 00:25:57 ----D---- C:\Lop SD
2008-11-28 00:17:06 ----D---- C:\Program Files\Trend Micro
2008-11-27 12:14:19 ----D---- C:\ProgramData\WinZipSE
2008-11-27 12:14:13 ----D---- C:\Program Files\WinZip Self-Extractor
2008-11-26 10:21:07 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 10:21:03 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 10:21:02 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 10:21:02 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 10:21:00 ----A---- C:\Windows\system32\connect.dll
2008-11-26 03:58:08 ----A---- C:\Windows\system32\SpywareRemover.exe
2008-11-25 21:41:42 ----D---- C:\ProgramData\TVU Networks
2008-11-16 14:14:53 ----D---- C:\Program Files\Common Files\Apple
2008-11-16 14:14:49 ----D---- C:\Program Files\QuickTime
2008-11-16 14:14:48 ----D---- C:\ProgramData\Apple Computer
2008-11-16 13:46:24 ----D---- C:\ProgramData\Apple
2008-11-16 13:46:24 ----D---- C:\Program Files\Apple Software Update
2008-11-12 19:44:33 ----A---- C:\Windows\system32\msxml3.dll
2008-11-12 19:44:29 ----A---- C:\Windows\system32\msxml6.dll
2008-10-31 20:02:41 ----A---- C:\Windows\system32\EncDec.dll
2008-10-31 20:02:38 ----A---- C:\Windows\system32\psisdecd.dll

======List of files/folders modified in the last 1 months======

2008-11-28 09:04:31 ----D---- C:\Windows\Prefetch
2008-11-28 09:04:26 ----D---- C:\Windows\Temp
2008-11-28 00:49:15 ----D---- C:\Windows\System32
2008-11-28 00:49:15 ----D---- C:\Windows\inf
2008-11-28 00:49:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-28 00:43:36 ----D---- C:\Windows\system32\drivers
2008-11-28 00:43:33 ----RD---- C:\Program Files
2008-11-28 00:43:33 ----HD---- C:\ProgramData
2008-11-28 00:41:59 ----D---- C:\Windows
2008-11-28 00:28:45 ----D---- C:\Windows\system32\Tasks
2008-11-27 12:16:47 ----D---- C:\Windows\system32\catroot2
2008-11-27 12:16:42 ----SHD---- C:\System Volume Information
2008-11-27 11:55:32 ----D---- C:\Windows\winsxs
2008-11-26 10:20:51 ----D---- C:\Windows\system32\catroot
2008-11-25 21:45:07 ----SHD---- C:\Windows\Installer
2008-11-25 16:30:45 ----D---- C:\Users\Rom\AppData\Roaming\Skype
2008-11-16 14:14:53 ----D---- C:\Program Files\Common Files
2008-11-15 18:58:37 ----D---- C:\Program Files\Mozilla Firefox
2008-11-03 18:10:25 ----A---- C:\Windows\system32\mrt.exe
2008-11-02 22:36:57 ----SD---- C:\Users\Rom\AppData\Roaming\Microsoft
2008-10-31 21:26:21 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-03-29 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-03-29 75856]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-03-29 42912]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 50768]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 bcm4sbxp;Pilote XP du contrôleur intégré Broadcom 440x 10/100; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
R3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-18 19456]
R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 NETw3v32;%NIC_Service_DispName_VISTA%; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-18 2225664]
R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-15 179256]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2008-01-18 45696]
S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-18 40448]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-07-19 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-07-19 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-18 52608]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-03-29 17272]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-03-29 144760]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-19 137752]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-03-29 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-03-29 345464]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-19 141848]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-14 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-05 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Et enfin le log ComboFix:

ComboFix 08-11-27.07 - Rom 2008-11-28 9:43:12.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1258 [GMT -6:00]
Lancé depuis: c:\users\Rom\Desktop\Trojan\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-28 ))))))))))))))))))))))))))))))))))))
.

2008-11-28 09:09 . 2008-11-28 09:09 <REP> d-------- c:\program files\ERUNT
2008-11-28 09:04 . 2008-11-28 09:04 <REP> d-------- C:\rsit
2008-11-28 00:43 . 2008-11-28 00:43 <REP> d-------- c:\users\Rom\AppData\Roaming\Malwarebytes
2008-11-28 00:43 . 2008-11-28 00:43 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-28 00:43 . 2008-11-28 00:43 <REP> d-------- c:\programdata\Malwarebytes
2008-11-28 00:43 . 2008-11-28 00:43 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 00:43 . 2008-10-22 16:28 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-28 00:43 . 2008-10-22 16:28 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-28 00:25 . 2008-11-28 00:34 <REP> d-------- C:\Lop SD
2008-11-28 00:17 . 2008-11-28 00:17 <REP> d-------- c:\program files\Trend Micro
2008-11-27 12:14 . 2008-11-27 12:14 <REP> d-------- c:\users\All Users\WinZipSE
2008-11-27 12:14 . 2008-11-27 12:14 <REP> d-------- c:\programdata\WinZipSE
2008-11-27 12:14 . 2008-11-27 12:14 <REP> d-------- c:\program files\WinZip Self-Extractor
2008-11-26 10:21 . 2008-10-20 23:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 10:21 . 2008-08-27 21:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 10:21 . 2008-08-27 21:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 10:21 . 2008-08-27 21:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 10:21 . 2008-10-21 21:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 03:58 . 2008-11-26 03:58 297,697 --a------ c:\windows\System32\SpywareRemover.exe
2008-11-25 21:41 . 2008-11-25 21:41 <REP> d-------- c:\users\All Users\TVU Networks
2008-11-25 21:41 . 2008-11-25 21:41 <REP> d-------- c:\programdata\TVU Networks
2008-11-16 14:14 . 2008-11-16 14:14 <REP> d-------- c:\users\All Users\Apple Computer
2008-11-16 14:14 . 2008-11-16 14:14 <REP> d-------- c:\programdata\Apple Computer
2008-11-16 14:14 . 2008-11-16 14:15 <REP> d-------- c:\program files\QuickTime
2008-11-16 14:14 . 2008-11-16 14:14 <REP> d-------- c:\program files\Common Files\Apple
2008-11-16 13:46 . 2008-11-16 13:46 <REP> d-------- c:\users\All Users\Apple
2008-11-16 13:46 . 2008-11-16 13:46 <REP> d-------- c:\programdata\Apple
2008-11-16 13:46 . 2008-11-16 13:46 <REP> d-------- c:\program files\Apple Software Update
2008-11-12 19:44 . 2008-09-09 21:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 19:44 . 2008-09-04 23:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 19:44 . 2008-08-26 19:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-10-31 20:02 . 2008-08-05 03:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-31 20:02 . 2008-08-05 03:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-31 20:02 . 2008-08-05 03:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-31 20:02 . 2008-08-05 03:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-31 20:02 . 2008-08-05 03:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-28 12:51 . 2008-08-11 21:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 12:51 . 2008-09-17 22:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 12:51 . 2008-09-17 22:56 125,952 --a------ c:\windows\System32\wersvc.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 22:30 --------- d-----w c:\users\Rom\AppData\Roaming\Skype
2008-10-17 03:47 --------- d-----w c:\program files\Pivot Stickfigure Animator
2008-10-15 23:43 --------- d-----w c:\program files\Windows Mail
2008-10-08 01:02 --------- d-----w c:\program files\Google
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-28 03:40 --------- d-----w c:\users\Rom\AppData\Roaming\Azureus
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-12 03:27 318,904 ----a-w c:\program files\wmpfirefoxplugin.exe
2008-07-08 12:02 174 --sha-w c:\program files\desktop.ini
2008-04-22 02:05 96,280 ----a-w c:\users\Rom\AppData\Roaming\GDIPFONTCACHEV1.DAT
2002-04-13 01:22 705,024 ----a-w c:\program files\redeye.exe
2008-03-16 19:13 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-16 19:13 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-16 19:13 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-05 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 622592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SpywareCleaner"="c:\windows\system32\SpywareRemover.exe" [2008-11-26 297697]

c:\users\Rom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-05 17:00 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{5B1D32E9-2AB0-45D0-9BCC-E643170CDC33}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{1BC83934-89D0-4122-ADD0-DC96E41C55A9}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{B694ACCA-A65C-43E4-9780-308C39398AA3}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{DB445569-B07A-4ACF-81AC-AE6DE0DE2B14}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{ACC7374A-1AD6-4583-8C5E-4050A901CC13}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{4F6086CE-75C6-44B5-8576-336C1225EF08}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{40336529-C614-44A5-A4C3-2CAE3BC11DD0}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{A27F4716-51F7-4687-905D-2833DF821576}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{5B32897A-4E69-4225-9D97-F62F500CDDB6}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{29CB829A-6251-4E8D-8963-AD1A20A2A6BA}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{279075D8-FF02-4C35-BA73-60611F7F8909}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E32C7BBA-B9B6-4D60-A959-375306F57599}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B5759D0B-893F-43BF-934B-A1B58525C60B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{747D6FB8-52D4-41E6-9F7F-2B5D7F8220DE}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{D6263655-24DF-42BA-9995-79FEDBD93B72}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{BE3D0CA5-9BFD-4C64-BED9-E9EEF1323DD7}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{F90AD41E-457F-4E73-A296-45152EAD383D}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{3FE84B60-0A0A-435D-BC7F-2BD243501F70}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{0B96E8D8-85A9-4D01-AD77-976A01785515}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{9A24F28A-9898-468E-A487-5808B6FF0525}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{CF88D672-FAD8-4FEF-9B19-1F4D80C0E89B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-14 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-14 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2007-09-30 50768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-MSServer - c:\windows\system32\hgGvwttU.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Rom\AppData\Roaming\Mozilla\Firefox\Profiles\6jken3bk.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?hl=fr
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\users\Rom\AppData\Roaming\Mozilla\Firefox\Profiles\6jken3bk.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 09:45:34
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-28 9:46:59
ComboFix-quarantined-files.txt 2008-11-28 15:46:55

Avant-CF: 19 741 560 832 octets libres
Après-CF: 20,106,838,016 octets libres

151 --- E O F --- 2008-11-27 17:56:10

Pouvez-vous m'aider?
Merci beaucoup.

Autres pages sur : trojan win32 vundo gen

| Etre averti des réponses
| Alerter

Répondre à Rom_22

Angeldark

28 Novembre 2008 17:01:54

Bonjour,

Il ne faut pas utiliser des outils au hasard !

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

| Alerter

Répondre à Angeldark

Rom_22

28 Novembre 2008 18:47:31

Bonjour Angeldark. Merci de ton aide.

Voici le rapport Combofix effectué en mode sans échec:

ComboFix 08-11-27.07 - Rom 2008-11-28 9:43:12.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1258 [GMT -6:00]
Lancé depuis: c:\users\Rom\Desktop\Trojan\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-28 ))))))))))))))))))))))))))))))))))))
.

2008-11-28 09:09 . 2008-11-28 09:09 <REP> d-------- c:\program files\ERUNT
2008-11-28 09:04 . 2008-11-28 09:04 <REP> d-------- C:\rsit
2008-11-28 00:43 . 2008-11-28 00:43 <REP> d-------- c:\users\Rom\AppData\Roaming\Malwarebytes
2008-11-28 00:43 . 2008-11-28 00:43 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-28 00:43 . 2008-11-28 00:43 <REP> d-------- c:\programdata\Malwarebytes
2008-11-28 00:43 . 2008-11-28 00:43 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 00:43 . 2008-10-22 16:28 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-28 00:43 . 2008-10-22 16:28 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-28 00:25 . 2008-11-28 00:34 <REP> d-------- C:\Lop SD
2008-11-28 00:17 . 2008-11-28 00:17 <REP> d-------- c:\program files\Trend Micro
2008-11-27 12:14 . 2008-11-27 12:14 <REP> d-------- c:\users\All Users\WinZipSE
2008-11-27 12:14 . 2008-11-27 12:14 <REP> d-------- c:\programdata\WinZipSE
2008-11-27 12:14 . 2008-11-27 12:14 <REP> d-------- c:\program files\WinZip Self-Extractor
2008-11-26 10:21 . 2008-10-20 23:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 10:21 . 2008-08-27 21:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 10:21 . 2008-08-27 21:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 10:21 . 2008-08-27 21:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 10:21 . 2008-10-21 21:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 03:58 . 2008-11-26 03:58 297,697 --a------ c:\windows\System32\SpywareRemover.exe
2008-11-25 21:41 . 2008-11-25 21:41 <REP> d-------- c:\users\All Users\TVU Networks
2008-11-25 21:41 . 2008-11-25 21:41 <REP> d-------- c:\programdata\TVU Networks
2008-11-16 14:14 . 2008-11-16 14:14 <REP> d-------- c:\users\All Users\Apple Computer
2008-11-16 14:14 . 2008-11-16 14:14 <REP> d-------- c:\programdata\Apple Computer
2008-11-16 14:14 . 2008-11-16 14:15 <REP> d-------- c:\program files\QuickTime
2008-11-16 14:14 . 2008-11-16 14:14 <REP> d-------- c:\program files\Common Files\Apple
2008-11-16 13:46 . 2008-11-16 13:46 <REP> d-------- c:\users\All Users\Apple
2008-11-16 13:46 . 2008-11-16 13:46 <REP> d-------- c:\programdata\Apple
2008-11-16 13:46 . 2008-11-16 13:46 <REP> d-------- c:\program files\Apple Software Update
2008-11-12 19:44 . 2008-09-09 21:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 19:44 . 2008-09-04 23:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 19:44 . 2008-08-26 19:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-10-31 20:02 . 2008-08-05 03:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-31 20:02 . 2008-08-05 03:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-31 20:02 . 2008-08-05 03:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-31 20:02 . 2008-08-05 03:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-31 20:02 . 2008-08-05 03:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-28 12:51 . 2008-08-11 21:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 12:51 . 2008-09-17 22:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 12:51 . 2008-09-17 22:56 125,952 --a------ c:\windows\System32\wersvc.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 22:30 --------- d-----w c:\users\Rom\AppData\Roaming\Skype
2008-10-17 03:47 --------- d-----w c:\program files\Pivot Stickfigure Animator
2008-10-15 23:43 --------- d-----w c:\program files\Windows Mail
2008-10-08 01:02 --------- d-----w c:\program files\Google
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-28 03:40 --------- d-----w c:\users\Rom\AppData\Roaming\Azureus
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-12 03:27 318,904 ----a-w c:\program files\wmpfirefoxplugin.exe
2008-07-08 12:02 174 --sha-w c:\program files\desktop.ini
2008-04-22 02:05 96,280 ----a-w c:\users\Rom\AppData\Roaming\GDIPFONTCACHEV1.DAT
2002-04-13 01:22 705,024 ----a-w c:\program files\redeye.exe
2008-03-16 19:13 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-16 19:13 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-16 19:13 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-05 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 622592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SpywareCleaner"="c:\windows\system32\SpywareRemover.exe" [2008-11-26 297697]

c:\users\Rom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-05 17:00 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{5B1D32E9-2AB0-45D0-9BCC-E643170CDC33}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{1BC83934-89D0-4122-ADD0-DC96E41C55A9}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{B694ACCA-A65C-43E4-9780-308C39398AA3}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{DB445569-B07A-4ACF-81AC-AE6DE0DE2B14}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{ACC7374A-1AD6-4583-8C5E-4050A901CC13}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{4F6086CE-75C6-44B5-8576-336C1225EF08}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{40336529-C614-44A5-A4C3-2CAE3BC11DD0}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{A27F4716-51F7-4687-905D-2833DF821576}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{5B32897A-4E69-4225-9D97-F62F500CDDB6}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{29CB829A-6251-4E8D-8963-AD1A20A2A6BA}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{279075D8-FF02-4C35-BA73-60611F7F8909}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E32C7BBA-B9B6-4D60-A959-375306F57599}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B5759D0B-893F-43BF-934B-A1B58525C60B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{747D6FB8-52D4-41E6-9F7F-2B5D7F8220DE}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{D6263655-24DF-42BA-9995-79FEDBD93B72}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{BE3D0CA5-9BFD-4C64-BED9-E9EEF1323DD7}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{F90AD41E-457F-4E73-A296-45152EAD383D}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{3FE84B60-0A0A-435D-BC7F-2BD243501F70}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{0B96E8D8-85A9-4D01-AD77-976A01785515}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{9A24F28A-9898-468E-A487-5808B6FF0525}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{CF88D672-FAD8-4FEF-9B19-1F4D80C0E89B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-14 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-14 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2007-09-30 50768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-MSServer - c:\windows\system32\hgGvwttU.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Rom\AppData\Roaming\Mozilla\Firefox\Profiles\6jken3bk.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?hl=fr
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\users\Rom\AppData\Roaming\Mozilla\Firefox\Profiles\6jken3bk.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 09:45:34
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-28 9:46:59
ComboFix-quarantined-files.txt 2008-11-28 15:46:55

Avant-CF: 19 741 560 832 octets libres
Après-CF: 20,106,838,016 octets libres

151 --- E O F --- 2008-11-27 17:56:10

Merci

| Alerter

Répondre à Rom_22

Angeldark

29 Novembre 2008 11:02:16

Reposte un rapport Hijackthis.

| Alerter

Répondre à Angeldark

Rom_22

29 Novembre 2008 16:17:45

Et voilà:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16, on 2008-11-29
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SpywareCleaner] C:\Windows\system32\SpywareRemover.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxSelfInstallAx...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 5397 bytes

| Alerter

Répondre à Rom_22

Angeldark

30 Novembre 2008 18:27:24

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

| Alerter

Répondre à Angeldark

Rom_22

1 Décembre 2008 00:19:29

Voici le rapport Antivir,

Avira AntiVir Personal
Report file date: 2008-11-30 17:29

Scanning for 1060765 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: Rom
Computer name: PC-DE-ROM

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-18 15:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 18:30:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 2008-11-09 23:57:13
ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 2008-11-30 22:12:31
ANTIVIR3.VDF : 7.1.0.161 2048 Bytes 2008-11-30 22:12:32
Engineversion : 8.2.0.36
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 17:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 2008-11-11 21:00:07
AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-07 22:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-04 20:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-11 16:41:39
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 2008-11-07 22:06:41
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 2008-11-07 22:06:41
AEHELP.DLL : 8.1.2.0 119159 Bytes 2008-11-30 22:12:36
AEGEN.DLL : 8.1.1.6 323955 Bytes 2008-11-30 22:12:34
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 17:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 2008-11-30 22:12:33
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 17:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 15:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 16:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 19:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-23 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 20:34:37

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-11-30 17:29

Starting search for hidden objects.
'74323' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '0' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '41' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!

End of the scan: 2008-11-30 17:57
Used time: 27:34 Minute(s)

The scan has been done completely.

17294 Scanning directories
248736 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
248734 Files not concerned
1189 Archives were scanned
2 Warnings
0 Notes
74323 Objects were scanned with rootkit scan
0 Hidden objects were found

Merci

| Alerter

Répondre à Rom_22

Angeldark

1 Décembre 2008 16:32:48

Reposte un rapport Hijackthis.

| Alerter

Répondre à Angeldark

Rom_22

1 Décembre 2008 23:29:43

Et voilà:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16, on 2008-11-29
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SpywareCleaner] C:\Windows\system32\SpywareRemover.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxSelfInstallAx...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 5397 bytes

| Alerter

Répondre à Rom_22

Angeldark

2 Décembre 2008 11:46:59

Exécute Hijackthis avec clic droit / exécuter en admin pour faire un rapport

| Alerter

Répondre à Angeldark

Rom_22

3 Décembre 2008 02:08:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07, on 2008-12-02
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SpywareCleaner] C:\Windows\system32\SpywareRemover.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxSelfInstallAx...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 5454 bytes