Votre question

Redirection intempestive - Google

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Janvier 2010 10:28:36

Tout d'abord bonjour à tous,

Je suis l'une des malheureuses victimes de ces foutus trucs qu'on chope je ne sais comment.
Donc voilà je suis moi aussi dans l'embarras le plus total de devoir retaper dix fois ma recherche afin de ne pas tomber sur un portail américain pourri.

bref, voilà mon rapport HiJackThis comme je vois que tout le monde le post.

Je remercies par avance toutes personnes qui auront contribué et qui contribuent jour après jour sur ce site d'entraide...

Cordialement,

Benjamin



Rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:55, on 02/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\ATKGFNEX\GFNEXSrv.exe
G:\WINDOWS\RTHDCPL.EXE
G:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\ASUS\ATK Media\DMedia.exe
G:\Program Files\ATKOSD2\ATKOSD2.exe
G:\Program Files\ASUS\Splendid\ACMON.exe
G:\Program Files\Java\jre6\bin\jusched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
G:\WINDOWS\system32\ACEngSvr.exe
G:\Program Files\OpenOffice.org 3\program\soffice.exe
G:\Program Files\OpenOffice.org 3\program\soffice.bin
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\wbem\wmiapsrv.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Documents and Settings\Benjamin.GRAPPIN-8125FA6\Mes documents\Téléchargements\HJTInstall.exe
G:\WINDOWS\explorer.exe
G:\Documents and Settings\Benjamin.GRAPPIN-8125FA6\Mes documents\Téléchargements\HJTInstall.exe
G:\Documents and Settings\Benjamin.GRAPPIN-8125FA6\Mes documents\Téléchargements\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - G:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "G:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "G:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] G:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATKMEDIA] G:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] "G:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ACMON] "G:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = G:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_...
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - G:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - G:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - G:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - G:\Program Files\ma-config.com\maconfservice.exe

--
End of file - 8555 bytes

Autres pages sur : redirection intempestive google

a c 327 8 Sécurité
2 Janvier 2010 10:34:06

Bonjour,

  • Télécharge Gmer sur ton Bureau.
  • Extrais l'archive (Clic droit > Extraire) puis renomme gmer.exe en IDN.exe (Le .exe n'est pas forcément visible).
  • Double-clique sur IDN.exe.
  • Onglet "Rootkit/Malware", clique sur "Scan" puis patiente.
  • En fin de traitement, clique sur "Save..." et enregistre sur ton Bureau "gmer.txt".
  • Double-clique sur "gmer.txt", le rapport apparaît, poste-le.
    2 Janvier 2010 11:34:08

    Merci de la rapidité, c'est limite incroyable, un merci énorme, vraiment !

    Voilà le rapport :

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-01-02 11:33:08
    Windows 5.1.2600 Service Pack 3
    Running: IDN.exe; Driver: G:\DOCUME~1\BENJAM~1.GRA\LOCALS~1\Temp\kxtiipob.sys


    ---- System - GMER 1.0.15 ----

    Code 89839480 ZwEnumerateKey
    Code 89868248 ZwFlushInstructionCache
    Code 895B4766 IofCallDriver
    Code 89831E0E IofCompleteRequest

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 895B476B
    .text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 89831E13
    PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6814 5 Bytes JMP 8986824C
    PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF2 5 Bytes JMP 89839484
    .text G:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6988000, 0x189F82, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text G:\Program Files\Mozilla Firefox\firefox.exe[2160] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 0353000A
    .text G:\Program Files\Mozilla Firefox\firefox.exe[2160] WS2_32.dll!connect 719F4A07 5 Bytes JMP 02EF000A
    .text G:\Program Files\Mozilla Firefox\firefox.exe[2160] WS2_32.dll!send 719F4C27 5 Bytes JMP 0354000A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \FileSystem\Fastfat \Fat AAB30D20

    AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    ---- Modules - GMER 1.0.15 ----

    Module \systemroot\system32\drivers\H8SRToywkrvimps.sys (*** hidden *** ) AE302000-AE31F000 (118784 bytes)
    ---- Processes - GMER 1.0.15 ----

    Library \\?\globalroot\systemroot\system32\H8SRTftpbwtyxpq.dll (*** hidden *** ) @ G:\WINDOWS\system32\svchost.exe [892] 0x10000000
    Library \\?\globalroot\systemroot\system32\H8SRTftpbwtyxpq.dll (*** hidden *** ) @ G:\WINDOWS\system32\svchost.exe [976] 0x00860000
    Library \\?\globalroot\systemroot\system32\H8SRTftpbwtyxpq.dll (*** hidden *** ) @ G:\WINDOWS\system32\svchost.exe [1088] 0x10000000
    Library \\?\globalroot\systemroot\system32\H8SRTftpbwtyxpq.dll (*** hidden *** ) @ G:\WINDOWS\explorer.exe [1120] 0x10000000
    Library \\?\globalroot\systemroot\system32\H8SRTftpbwtyxpq.dll (*** hidden *** ) @ G:\WINDOWS\System32\svchost.exe [1132] 0x10000000
    Library \\?\globalroot\systemroot\system32\H8SRTftpbwtyxpq.dll (*** hidden *** ) @ G:\WINDOWS\system32\svchost.exe [1228] 0x10000000
    Library \\?\globalroot\systemroot\system32\H8SRTftpbwtyxpq.dll (*** hidden *** ) @ G:\WINDOWS\system32\svchost.exe [1276] 0x10000000
    Library \\?\globalroot\systemroot\system32\H8SRTftpbwtyxpq.dll (*** hidden *** ) @ G:\WINDOWS\System32\svchost.exe [1380] 0x10000000
    Library \\?\globalroot\systemroot\system32\H8SRTftpbwtyxpq.dll (*** hidden *** ) @ G:\WINDOWS\Explorer.EXE [1668] 0x10000000
    Library \\?\globalroot\systemroot\system32\H8SRTorrntrivyy.dll (*** hidden *** ) @ G:\Program Files\Mozilla Firefox\firefox.exe [2160] 0x01350000
    Library \\?\globalroot\systemroot\system32\H8SRTftpbwtyxpq.dll (*** hidden *** ) @ G:\WINDOWS\system32\svchost.exe [2192] 0x10000000

    ---- Services - GMER 1.0.15 ----

    Service G:\WINDOWS\system32\drivers\H8SRToywkrvimps.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRToywkrvimps.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
    Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
    Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRToywkrvimps.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTbaboulhhle.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTirrsnkomlt.dat
    Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTftpbwtyxpq.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTorrntrivyy.dll
    Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1
    Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1
    Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRToywkrvimps.sys
    Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system
    Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRToywkrvimps.sys
    Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTbaboulhhle.dll
    Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTirrsnkomlt.dat
    Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTftpbwtyxpq.dll
    Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTorrntrivyy.dll

    ---- Files - GMER 1.0.15 ----

    File G:\Documents and Settings\Benjamin\Local Settings\Temp\H8SRT25ad.tmp 51712 bytes executable
    File G:\Documents and Settings\Benjamin\Local Settings\Temp\H8SRT25bd.tmp 343040 bytes executable
    File G:\Documents and Settings\Benjamin\Local Settings\Temp\H8SRT2ddb.tmp 69120 bytes executable
    File G:\Documents and Settings\Benjamin\Local Settings\Temp\H8SRTd568.tmp 343040 bytes executable
    File G:\Documents and Settings\Benjamin.GRAPPIN-8125FA6\Local Settings\Temp\H8SRT6dc0.tmp 283 bytes
    File G:\Documents and Settings\Benjamin.GRAPPIN-8125FA6\Local Settings\Temp\H8SRT7e0c.tmp 343040 bytes executable
    File G:\Documents and Settings\Benjamin.GRAPPIN-8125FA6\Local Settings\Temp\H8SRTfcb7.tmp 281 bytes
    File G:\Documents and Settings\Benjamin.GRAPPIN-8125FA6\Local Settings\Temp\h8srtmainqt.dll 16149 bytes
    File G:\WINDOWS\system32\drivers\H8SRToywkrvimps.sys 40448 bytes executable <-- ROOTKIT !!!
    File G:\WINDOWS\system32\H8SRTbaboulhhle.dll 23040 bytes executable
    File G:\WINDOWS\system32\H8SRTftpbwtyxpq.dll 36864 bytes executable
    File G:\WINDOWS\system32\H8SRTirrsnkomlt.dat 202 bytes
    File G:\WINDOWS\system32\H8SRTorrntrivyy.dll 40960 bytes executable
    File G:\WINDOWS\Temp\H8SRT1f07.tmp 202 bytes

    ---- EOF - GMER 1.0.15 ----
    Contenus similaires
    a c 327 8 Sécurité
    2 Janvier 2010 11:38:48

    Je vois le rootkit.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

    Si ComboFix ne se lance pas, renomme-le en KillRootkit puis relance-le.
    2 Janvier 2010 12:03:33

    Voilà le rapport :

    ComboFix 10-01-01.02 - Benjamin 02/01/2010 11:51:11.1.2 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3071.2402 [GMT 1:00]
    Lancé depuis: g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Mes documents\Téléchargements\ComboFix.exe
    AV: avast! antivirus 4.8.1368 [VPS 100102-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    G:\LOG157.tmp
    G:\LOG1E.tmp
    G:\LOG1F.tmp
    G:\LOG2.tmp
    G:\LOG2C.tmp
    G:\LOG2F.tmp
    G:\LOG49.tmp
    G:\LOG4A.tmp
    G:\LOG51.tmp
    G:\LOG61.tmp
    g:\recycler\S-1-5-21-1004336348-287218729-1801674531-1004
    g:\windows\system32\H8SRTbaboulhhle.dll
    g:\windows\system32\H8SRTftpbwtyxpq.dll
    g:\windows\system32\H8SRTirrsnkomlt.dat
    g:\windows\system32\H8SRTorrntrivyy.dll
    g:\windows\system32\srcr.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_H8SRTD.SYS
    -------\Service_H8SRTd.sys


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-02 au 2010-01-02 ))))))))))))))))))))))))))))))))))))
    .

    2010-01-02 10:45 . 2010-01-02 10:45 -------- d-sh--w- g:\documents and settings\LocalService.AUTORITE NT\IETldCache
    2010-01-02 09:11 . 2010-01-02 09:11 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\Yahoo!
    2010-01-02 09:11 . 2010-01-02 09:11 -------- d-----w- g:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
    2010-01-02 09:11 . 2010-01-02 09:11 -------- d-----w- g:\program files\Yahoo!
    2010-01-02 09:11 . 2010-01-02 09:11 -------- d-----w- g:\program files\CCleaner
    2010-01-02 08:57 . 2009-11-24 23:49 48560 ----a-w- g:\windows\system32\drivers\aswTdi.sys
    2010-01-02 08:57 . 2009-11-24 23:48 23120 ----a-w- g:\windows\system32\drivers\aswRdr.sys
    2010-01-02 08:57 . 2009-11-24 23:47 27408 ----a-w- g:\windows\system32\drivers\aavmker4.sys
    2010-01-02 08:57 . 2009-11-24 23:47 97480 ----a-w- g:\windows\system32\AvastSS.scr
    2010-01-02 08:57 . 2009-11-24 23:51 93424 ----a-w- g:\windows\system32\drivers\aswmon.sys
    2010-01-02 08:57 . 2009-11-24 23:50 94160 ----a-w- g:\windows\system32\drivers\aswmon2.sys
    2010-01-02 08:57 . 2009-11-24 23:50 114768 ----a-w- g:\windows\system32\drivers\aswSP.sys
    2010-01-02 08:57 . 2009-11-24 23:50 20560 ----a-w- g:\windows\system32\drivers\aswFsBlk.sys
    2010-01-02 08:57 . 2009-11-24 23:54 1280480 ----a-w- g:\windows\system32\aswBoot.exe
    2010-01-02 08:56 . 2010-01-02 08:56 -------- d-----w- g:\program files\Alwil Software
    2009-12-31 13:18 . 2010-01-02 09:08 876 ----a-w- g:\windows\system32\krl32mainweq.dll
    2009-12-31 12:58 . 2009-12-31 12:58 -------- d-----w- g:\program files\Safari
    2009-12-31 12:58 . 2009-12-31 12:58 -------- d-----w- g:\documents and settings\All Users.WINDOWS\Application Data\Apple
    2009-12-31 12:58 . 2009-12-31 12:58 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Local Settings\Application Data\Apple
    2009-12-31 12:57 . 2009-12-31 12:57 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Local Settings\Application Data\Opera
    2009-12-31 12:57 . 2009-12-31 12:57 -------- d-----w- g:\program files\Opera
    2009-12-30 18:20 . 2009-12-30 18:20 -------- d-sh--w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\PrivacIE
    2009-12-30 16:55 . 2009-12-30 16:55 -------- d-sh--w- g:\documents and settings\NetworkService.AUTORITE NT\IETldCache
    2009-12-30 16:46 . 2009-12-30 16:46 -------- d-sh--w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\IETldCache
    2009-12-30 09:42 . 2009-10-29 07:42 594432 -c----w- g:\windows\system32\dllcache\msfeeds.dll
    2009-12-30 09:42 . 2009-10-29 07:42 55296 -c----w- g:\windows\system32\dllcache\msfeedsbs.dll
    2009-12-30 09:42 . 2009-10-29 07:42 246272 -c----w- g:\windows\system32\dllcache\ieproxy.dll
    2009-12-30 09:42 . 2009-10-29 07:42 1985536 -c----w- g:\windows\system32\dllcache\iertutil.dll
    2009-12-30 09:42 . 2009-10-29 07:42 12800 -c----w- g:\windows\system32\dllcache\xpshims.dll
    2009-12-30 09:42 . 2009-10-29 07:42 11069952 -c----w- g:\windows\system32\dllcache\ieframe.dll
    2009-12-30 09:42 . 2009-10-02 04:44 92160 -c----w- g:\windows\system32\dllcache\iecompat.dll
    2009-12-30 09:20 . 2009-12-30 09:20 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\OpenOffice.org
    2009-12-30 08:51 . 2009-12-30 08:51 411368 ----a-w- g:\windows\system32\deploytk.dll
    2009-12-29 18:39 . 2009-12-30 10:11 -------- d-----w- g:\program files\aMSN
    2009-12-29 09:01 . 2001-08-23 16:04 12288 -c--a-w- g:\windows\system32\dllcache\mouhid.sys
    2009-12-29 09:01 . 2001-08-23 16:04 12288 ----a-w- g:\windows\system32\drivers\mouhid.sys
    2009-12-29 09:01 . 2008-04-13 10:45 10368 -c--a-w- g:\windows\system32\dllcache\hidusb.sys
    2009-12-29 09:01 . 2008-04-13 10:45 10368 ----a-w- g:\windows\system32\drivers\hidusb.sys
    2009-12-29 08:41 . 2009-12-29 08:41 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\.gstreamer-0.10
    2009-12-29 08:40 . 2010-01-02 10:55 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\amsn
    2009-12-29 08:24 . 2009-12-29 08:24 -------- d-----w- g:\program files\Windows Live
    2009-12-27 18:30 . 2009-12-27 18:30 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Local Settings\Application Data\WMTools Downloaded Files
    2009-12-25 17:00 . 2010-01-02 10:58 45056 ----a-w- g:\windows\system32\acovcnt.exe
    2009-12-25 12:41 . 2005-07-06 14:43 155648 ----a-w- g:\windows\system32\ACEngSvr.exe
    2009-12-25 12:26 . 2008-06-14 17:33 272768 -c----w- g:\windows\system32\dllcache\bthport.sys
    2009-12-25 12:26 . 2008-06-14 17:33 272768 ------w- g:\windows\system32\drivers\bthport.sys
    2009-12-25 12:25 . 2009-08-04 17:27 2147328 -c----w- g:\windows\system32\dllcache\ntkrnlmp.exe
    2009-12-25 12:25 . 2009-08-04 17:28 2068096 -c----w- g:\windows\system32\dllcache\ntkrnlpa.exe
    2009-12-25 12:25 . 2009-08-04 17:27 2025984 -c----w- g:\windows\system32\dllcache\ntkrpamp.exe
    2009-12-25 12:24 . 2009-01-07 17:21 26144 ----a-w- g:\windows\system32\spupdsvc.exe
    2009-12-24 09:18 . 2009-12-24 09:18 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Local Settings\Application Data\Identities
    2009-12-24 08:58 . 2009-08-06 18:23 274288 ----a-w- g:\windows\system32\mucltui.dll
    2009-12-24 08:58 . 2009-08-06 18:23 215920 ----a-w- g:\windows\system32\muweb.dll
    2009-12-23 21:02 . 2009-12-23 21:02 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\Dynamique
    2009-12-23 21:02 . 2009-12-23 21:02 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\Sites
    2009-12-23 21:02 . 2009-12-23 21:02 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\Classes de site
    2009-12-23 20:24 . 2009-12-31 12:58 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\Apple Computer
    2009-12-23 20:22 . 2009-12-23 20:22 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Local Settings\Application Data\Apple Computer
    2009-12-23 20:20 . 2009-12-23 20:21 -------- d-----w- g:\program files\QuickTime
    2009-12-23 20:20 . 2009-12-23 20:20 -------- d-----w- g:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
    2009-12-23 19:34 . 2009-12-29 20:00 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\dvdcss
    2009-12-23 19:32 . 2010-01-02 08:54 -------- d-----w- G:\$AVG
    2009-12-23 19:31 . 2009-12-31 13:18 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\vlc
    2009-12-23 19:31 . 2009-12-23 19:31 -------- d-----w- g:\program files\AVG
    2009-12-23 19:31 . 2010-01-02 08:55 -------- d-----w- g:\documents and settings\All Users.WINDOWS\Application Data\avg9
    2009-12-23 19:28 . 2009-12-23 19:28 -------- d-----w- g:\program files\VideoLAN
    2009-12-23 18:49 . 2009-12-23 18:49 -------- d-----w- g:\documents and settings\All Users.WINDOWS\Application Data\ALM
    2009-12-23 17:50 . 2009-12-23 17:50 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Local Settings\Application Data\AskToolbar
    2009-12-23 16:33 . 2009-12-23 16:33 -------- d-----w- g:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
    2009-12-23 16:22 . 2008-04-07 04:38 22872 ----a-r- g:\windows\system32\AdobePDFUI.dll
    2009-12-23 16:22 . 2008-04-07 04:38 45392 ----a-r- g:\windows\system32\AdobePDF.dll
    2009-12-23 15:05 . 2010-01-02 10:57 -------- d-----w- g:\program files\Fichiers communs\Akamai
    2009-12-23 14:44 . 2009-12-23 15:00 -------- d-----w- g:\windows\SxsCaPendDel
    2009-12-23 14:36 . 2009-12-23 14:36 -------- d-----w- g:\program files\Windows Installer Clean Up
    2009-12-23 14:36 . 2009-12-23 14:36 -------- d-----w- g:\program files\MSECACHE
    2009-12-23 14:31 . 2009-12-23 14:31 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\AdobeSupportAdvisor.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2009-12-23 14:31 . 2009-12-23 14:31 -------- d-----w- g:\program files\AdobeSupportAdvisor
    2009-12-23 14:31 . 2009-12-23 14:31 -------- d-----w- g:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Adobe
    2009-12-23 14:29 . 2009-12-30 09:15 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Local Settings\Application Data\Adobe
    2009-12-23 14:29 . 2009-12-23 14:29 -------- d-----w- g:\documents and settings\All Users.WINDOWS\Application Data\McAfee
    2009-12-23 14:19 . 2009-12-23 14:20 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\GigaTribe
    2009-12-23 14:09 . 2009-12-23 14:09 -------- d-----w- g:\program files\McAfee Security Scan
    2009-12-23 14:09 . 2009-12-23 14:09 -------- d-----w- g:\documents and settings\All Users.WINDOWS\Application Data\McAfee Security Scan
    2009-12-23 14:09 . 2009-12-30 08:38 -------- d-----w- g:\documents and settings\All Users.WINDOWS\Application Data\NOS
    2009-12-23 14:05 . 2009-12-23 14:05 0 ----a-w- g:\windows\ativpsrm.bin
    2009-12-23 13:53 . 2009-12-30 16:47 -------- d-----w- g:\program files\ATI
    2009-12-23 13:53 . 2009-12-23 13:53 -------- d-----w- g:\program files\ATI Technologies
    2009-12-23 13:52 . 2008-10-24 11:21 455296 -c----w- g:\windows\system32\dllcache\mrxsmb.sys
    2009-12-23 13:46 . 2009-12-23 13:46 -------- d-----w- G:\ATI
    2009-12-23 13:42 . 2009-12-23 21:08 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Local Settings\Application Data\Thunderbird
    2009-12-23 13:42 . 2009-12-23 21:08 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\Thunderbird
    2009-12-23 13:42 . 2009-12-31 14:39 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\FileZilla
    2009-12-23 13:39 . 2009-02-13 17:00 1503840 ----a-w- g:\windows\system32\drivers\athw.sys
    2009-12-23 13:39 . 2009-02-13 17:00 1503840 ----a-w- g:\windows\system32\athw.sys
    2009-12-23 13:39 . 2009-12-23 13:39 -------- d-----w- g:\documents and settings\All Users.WINDOWS\Application Data\Atheros
    2009-12-23 13:39 . 2009-12-23 13:39 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\InstallShield
    2009-12-23 13:38 . 2008-04-13 11:39 5504 ----a-w- g:\windows\system32\drivers\MSTEE.sys
    2009-12-23 13:38 . 2008-04-13 11:46 11136 ----a-w- g:\windows\system32\drivers\SLIP.sys
    2009-12-23 13:38 . 2008-04-13 11:46 10880 ----a-w- g:\windows\system32\drivers\NdisIP.sys
    2009-12-23 13:38 . 2008-04-13 11:46 17024 ----a-w- g:\windows\system32\drivers\CCDECODE.sys
    2009-12-23 13:38 . 2008-04-13 11:46 19200 ----a-w- g:\windows\system32\drivers\WSTCODEC.SYS
    2009-12-23 13:38 . 2008-04-13 11:39 7552 ----a-w- g:\windows\system32\drivers\MSKSSRV.sys
    2009-12-23 13:38 . 2008-04-13 11:46 85248 ----a-w- g:\windows\system32\drivers\NABTSFEC.sys
    2009-12-23 13:38 . 2008-04-13 11:39 5376 ----a-w- g:\windows\system32\drivers\MSPCLOCK.sys
    2009-12-23 13:38 . 2008-04-13 11:39 4992 ----a-w- g:\windows\system32\drivers\MSPQM.sys
    2009-12-23 13:38 . 2008-04-13 11:46 15232 ----a-w- g:\windows\system32\drivers\StreamIP.sys
    2009-12-23 13:37 . 2001-08-17 21:59 3072 ----a-w- g:\windows\system32\drivers\audstub.sys
    2009-12-23 13:37 . 2008-04-13 19:33 54784 ----a-w- g:\windows\system32\vfwwdm32.dll
    2009-12-23 13:37 . 2008-04-13 18:33 4096 -c--a-w- g:\windows\system32\dllcache\ksuser.dll
    2009-12-23 13:37 . 2008-04-13 18:33 4096 ----a-w- g:\windows\system32\ksuser.dll
    2009-12-23 13:37 . 2008-04-13 11:46 121984 ----a-w- g:\windows\system32\drivers\usbvideo.sys
    2009-12-23 13:37 . 2008-04-13 18:57 58752 ----a-w- g:\windows\system32\drivers\redbook.sys
    2009-12-23 13:36 . 2008-04-13 19:33 77312 ----a-w- g:\windows\system32\usbui.dll
    2009-12-23 13:36 . 2008-04-13 11:36 10240 ----a-w- g:\windows\system32\drivers\compbatt.sys
    2009-12-23 13:36 . 2008-04-13 11:36 13952 ----a-w- g:\windows\system32\drivers\CmBatt.sys
    2009-12-23 13:36 . 2008-04-13 11:36 14208 ----a-w- g:\windows\system32\drivers\battc.sys
    2009-12-23 13:32 . 2008-04-14 12:00 9936 ----a-w- g:\windows\system\LZEXPAND.DLL
    2009-12-23 13:31 . 2010-01-02 10:47 -------- d--h--w- g:\documents and settings\Default User.WINDOWS
    2009-12-23 13:31 . 2009-12-23 12:46 -------- d-----w- g:\documents and settings\All Users.WINDOWS
    2009-12-23 13:31 . 2009-12-23 13:31 9472 ----a-w- g:\windows\system32\drivers\sisperf.sys
    2009-12-23 13:31 . 2009-12-23 13:31 49024 ----a-w- g:\windows\system32\drivers\sisidex.sys
    2009-12-23 13:31 . 2009-12-23 13:31 139264 ----a-w- g:\windows\system32\IDEproperty.dll
    2009-12-23 13:31 . 1998-01-23 11:20 305664 ----a-w- g:\windows\IsUn040c.exe
    2009-12-23 13:31 . 2009-12-23 13:31 -------- d-----w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\WINDOWS
    2009-12-23 13:27 . 2009-12-23 13:27 0 ----a-w- g:\windows\nsreg.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-02 09:28 . 2009-04-08 09:47 -------- d-----w- g:\program files\Mozilla Thunderbird
    2009-12-31 12:58 . 2009-03-18 20:50 -------- d-----w- g:\program files\Fichiers communs\Apple
    2009-12-31 12:58 . 2009-03-18 20:50 -------- d-----w- g:\program files\Apple Software Update
    2009-12-30 09:20 . 2009-12-30 09:20 1 ----a-w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-12-30 08:51 . 2009-02-28 18:05 -------- d-----w- g:\program files\JRE
    2009-12-30 08:51 . 2009-02-28 18:05 -------- d-----w- g:\program files\OpenOffice.org 3
    2009-12-29 16:47 . 2009-12-29 16:47 1924200 ----a-w- g:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
    2009-12-27 17:39 . 2008-04-14 12:00 49054 ----a-w- g:\windows\system32\perfc00C.dat
    2009-12-27 17:39 . 2008-04-14 12:00 368314 ----a-w- g:\windows\system32\perfh00C.dat
    2009-12-24 13:42 . 2009-12-23 12:46 76507 ----a-w- g:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-12-23 20:54 . 2009-02-28 14:38 -------- d-----w- g:\program files\Fichiers communs\Adobe
    2009-12-23 18:17 . 2009-12-23 14:31 38784 ----a-w- g:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-12-23 14:31 . 2009-12-23 14:31 38784 ----a-w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-12-23 14:31 . 2009-12-23 14:31 1956072 ----a-w- g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    2009-12-23 14:12 . 2009-12-23 14:12 319488 ----a-w- g:\windows\HideWin.exe
    2009-12-23 14:01 . 2009-02-28 12:12 -------- d--h--w- g:\program files\InstallShield Installation Information
    2009-12-23 14:01 . 2009-02-28 13:15 -------- d-----w- g:\program files\Realtek
    2009-12-23 13:31 . 2003-03-25 16:50 4096 ----a-w- g:\windows\system32\drivers\siside.sys
    2009-12-23 13:30 . 2008-03-03 19:00 43392 ----a-w- g:\windows\system32\drivers\SiSGbeXP.sys
    2009-12-23 13:27 . 2009-02-28 13:32 -------- d-----w- g:\program files\ma-config.com
    2009-12-23 13:24 . 2006-12-17 22:11 7680 ----a-w- g:\windows\system32\drivers\ATKACPI.sys
    2009-12-23 12:44 . 2009-12-23 12:44 21892 ----a-w- g:\windows\system32\emptyregdb.dat
    2009-12-21 06:43 . 2009-11-05 22:13 -------- d-----w- g:\program files\Mozilla Sunbird
    2009-11-11 14:11 . 2009-12-23 14:01 181792 ----a-w- g:\windows\system32\drivers\RtsUStor.sys
    2009-11-11 14:11 . 2009-12-23 14:01 7367200 ----a-w- g:\windows\system32\RTSUSTORicon.dll
    2009-11-11 14:11 . 2009-12-23 14:01 313888 ----a-w- g:\windows\system32\RtsUStor.dll
    2009-11-05 20:16 . 2009-11-05 20:16 73728 ----a-w- g:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
    2009-10-29 07:42 . 2008-04-14 12:00 916480 ----a-w- g:\windows\system32\wininet.dll
    2009-10-21 05:39 . 2008-04-14 12:00 75776 ----a-w- g:\windows\system32\strmfilt.dll
    2009-10-21 05:39 . 2008-04-14 12:00 25088 ----a-w- g:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- g:\windows\system32\drivers\http.sys
    2009-10-13 10:33 . 2008-04-14 12:00 271360 ----a-w- g:\windows\system32\oakley.dll
    2009-10-12 13:39 . 2008-04-14 12:00 79872 ----a-w- g:\windows\system32\raschap.dll
    2009-10-12 13:39 . 2008-04-14 12:00 150528 ----a-w- g:\windows\system32\rastls.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UserFaultCheck"="g:\windows\system32\dumprep 0 -u" [X]
    "RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440]
    "Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="g:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "Adobe Acrobat Speed Launcher"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "QuickTime Task"="g:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
    "ATKMEDIA"="g:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-24 159744]
    "ATKOSD2"="g:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
    "ACMON"="g:\program files\ASUS\Splendid\ACMON.exe" [2008-01-15 851968]
    "SunJavaUpdateSched"="g:\program files\Java\jre6\bin\jusched.exe" [2009-12-30 149280]
    "avast!"="g:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.1.lnk - g:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

    g:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
    McAfee Security Scan.lnk - g:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "g:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "g:\\Program Files\\aMSN\\bin\\wish.exe"=
    "g:\\Program Files\\Opera\\opera.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

    R1 aswSP;avast! Self Protection;g:\windows\system32\drivers\aswSP.sys [02/01/2010 09:57 114768]
    R2 Akamai;Akamai NetSession Interface;g:\windows\System32\svchost.exe -k Akamai [14/04/2008 13:00 14336]
    R2 aswFsBlk;aswFsBlk;g:\windows\system32\drivers\aswFsBlk.sys [02/01/2010 09:57 20560]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;g:\windows\system32\drivers\RtsUStor.sys [23/12/2009 15:01 181792]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;g:\program files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 05:46 284016]
    S3 maconfservice;Ma-Config Service;g:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contenu du dossier 'Tâches planifiées'

    2009-12-31 g:\windows\Tasks\AppleSoftwareUpdate.job
    - g:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    IE: Ajouter la cible du lien à un fichier PDF existant - g:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Ajouter à un fichier PDF existant - g:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir au format Adobe PDF - g:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien au format Adobe PDF - g:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    FF - ProfilePath - g:\documents and settings\Benjamin.GRAPPIN-8125FA6\Application Data\Mozilla\Firefox\Profiles\rbsg3kio.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://google.fr
    FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=fr_FR&q=
    FF - plugin: g:\program files\ma-config.com\nphardwaredetection.dll
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-02 11:57
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
    "ServiceDll"="G:/Program Files/Fichiers communs/Akamai/rswin_3629.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
    "ServiceDll"="G:/Program Files/Fichiers communs/Akamai/rswin_3629.dll"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(732)
    g:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(4832)
    g:\windows\system32\eappprxy.dll
    g:\windows\system32\webcheck.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    g:\windows\system32\Ati2evxx.exe
    g:\windows\system32\Ati2evxx.exe
    g:\program files\Alwil Software\Avast4\aswUpdSv.exe
    g:\program files\ATKGFNEX\GFNEXSrv.exe
    g:\program files\Alwil Software\Avast4\ashServ.exe
    g:\program files\Java\jre6\bin\jqs.exe
    g:\program files\Alwil Software\Avast4\ashMaiSv.exe
    g:\program files\Alwil Software\Avast4\ashWebSv.exe
    g:\windows\system32\wbem\wmiapsrv.exe
    g:\windows\RTHDCPL.EXE
    g:\windows\system32\ACEngSvr.exe
    g:\program files\OpenOffice.org 3\program\soffice.exe
    g:\program files\OpenOffice.org 3\program\soffice.bin
    .
    **************************************************************************
    .
    Heure de fin: 2010-01-02 12:02:22 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-01-02 11:02

    Avant-CF: 44 638 646 272 octets libres
    Après-CF: 44 563 931 136 octets libres

    - - End Of File - - D42948CAEE2B3B0ECE71207716AF71BE
    a c 327 8 Sécurité
    2 Janvier 2010 12:08:11

  • Menu Démarrer > Exécuter > Tape ComboFix /uninstall et valide.

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option L.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    2 Janvier 2010 12:13:26

    Hop et voilà :D 

    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
    .
    Mit à jour par C_XX le 26.12.2009 à 20:47
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 12:10:07, 02/01/2010 | Mode Normal | Option: CLEAN
    Exécuté de: G:\Program Files\Ad-Remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
    Nom du PC: GRAPPIN-8125FA6 | Utilisateur actuel: Benjamin

    Bonnes fêtes de fin d'année à vous tous :) 
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .

    G:\DOCUME~1\BENJAM~1.GRA\APPLIC~1\Mozilla\FireFox\Profiles\rbsg3kio.default\searchplugins\askcom.xml
    G:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    G:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
    G:\Documents and Settings\Benjamin.GRAPPIN-8125FA6\Local Settings\Application Data\AskToolbar

    (!) -- Fichiers temporaires supprimés.

    .
    HKCU\software\appdatalow\AskBarDis
    HKCU\software\appdatalow\AskHomepage
    HKCU\software\appdatalow\AskToolbarInfo
    HKCU\software\Ask.com
    HKCU\software\AskToolbar
    HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    HKLM\software\classes\appid\GenericAskToolbar.DLL
    HKLM\software\classes\GenericAskToolbar.ToolbarWnd
    HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1
    HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    .
    ============== Scan additionnel ==============
    .
    .
    * Mozilla FireFox Version 3.5.6 [fr] *
    .
    Nom du profil: rbsg3kio.default (Benjamin)
    .
    (BENJAM~1.GRA, prefs.js) Browser.download.lastDir, G:\Documents and Settings\Benjamin.GRAPPIN-8125FA6\Bureau\Interface
    (BENJAM~1.GRA, prefs.js) Browser.search.defaultenginename, Ask.com
    (BENJAM~1.GRA, prefs.js) Browser.search.selectedEngine, Google
    (BENJAM~1.GRA, prefs.js) Browser.startup.homepage, hxxp://google.fr
    (BENJAM~1.GRA, prefs.js) Extensions.enabledItems, firebug@software.joehewitt.com:1.4.5,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,jqs@sun.com:1.0,{c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
    (BENJAM~1.GRA, prefs.js) Keyword.URL, hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=fr_FR&q=
    .
    (BENJAM~1.GRA, prefs.js) EFFACE - Browser.search.defaultengine, Ask.com
    (BENJAM~1.GRA, prefs.js) EFFACE - Browser.search.defaultenginename, Ask.com
    (BENJAM~1.GRA, prefs.js) EFFACE - Browser.search.order.1, Ask.com
    (BENJAM~1.GRA, prefs.js) EFFACE - Extensions.asktb.cbid, UG
    (BENJAM~1.GRA, prefs.js) EFFACE - Extensions.asktb.default-channel-url-mask, hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}
    (BENJAM~1.GRA, prefs.js) EFFACE - Extensions.asktb.fresh-install, false
    (BENJAM~1.GRA, prefs.js) EFFACE - Extensions.asktb.l, dis
    (BENJAM~1.GRA, prefs.js) EFFACE - Extensions.asktb.last-config-req, 1261587432796
    (BENJAM~1.GRA, prefs.js) EFFACE - Extensions.asktb.locale, fr_FR
    (BENJAM~1.GRA, prefs.js) EFFACE - Extensions.asktb.o, 15158
    (BENJAM~1.GRA, prefs.js) EFFACE - Extensions.asktb.options-lang, fr
    (BENJAM~1.GRA, prefs.js) EFFACE - Extensions.asktb.options-locale, UK
    (BENJAM~1.GRA, prefs.js) EFFACE - Extensions.asktb.overlay-reloaded-using-restart, true
    (BENJAM~1.GRA, prefs.js) EFFACE - Extensions.asktb.qsrc, 2871
    (BENJAM~1.GRA, prefs.js) EFFACE - Extensions.asktb.r, 5
    (BENJAM~1.GRA, prefs.js) EFFACE - Keyword.URL, hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=fr_FR&q=
    .
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Do404Search: 01000000
    Local Page: G:\WINDOWS\system32\blank.htm
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Enable Browser Extensions: yes
    Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
    Start Page Redirect Cache_TIMESTAMP: 4a55899f188aca01
    Start Page Redirect Cache AcceptLangs: fr
    Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: G:\WINDOWS\system32\blank.htm
    Start Page: hxxp://fr.msn.com/
    Search bar: hxxp://search.msn.com/spbasic.htm
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    .
    ============== Suspect (Cracks, Serials, ...) ==============
    .
    G:\Documents and Settings\Benjamin.GRAPPIN-8125FA6\Bureau\Adobe CS4 Activation Patch\Adobe CS4 Keygen.exe
    .
    ===================================
    .
    7849 Octet(s) - G:\Ad-Report-CLEAN[1].log
    .
    0 Fichier(s) - G:\DOCUME~1\BENJAM~1.GRA\LOCALS~1\Temp
    4 Fichier(s) - G:\WINDOWS\Temp
    0 Fichier(s) - G:\WINDOWS\Prefetch
    .
    17 Fichier(s) - G:\Program Files\Ad-Remover\BACKUP
    6 Fichier(s) - G:\Program Files\Ad-Remover\QUARANTINE
    .
    Fin à: 12:12:31 | 02/01/2010 - CLEAN[1]
    .
    ============== E.O.F ==============
    .
    a c 327 8 Sécurité
    2 Janvier 2010 12:41:49

  • Désinstalle Ad-Remover.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS