Votre question

[Résolu] - Infection par Vundo-Virtumonde

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
14 Janvier 2009 13:08:58

Bonjour !
Youpi, malgré toutes les protections que j'installe sur mon pc et les efforts que je fais pour éviter une infection y'en a un qu'es passé ><
Je ne connais pas son nom; après un scan Avast et Spybot S&D ... Rien ... Pourtant j'en suis sur il est la.

Les premiers symptômes : Ralentissements, ouverture de pages web automatique, création de plusieurs fichiers dans le system 32, attaque vers mon "System Startup global entry" allias (registre windows)...

Le site officiel de HijackThis me présente des infections possibles. Je post ici mon log.

Merci beaucoup de l'aide que vous m'apporterez =D

Edit : Je suis tombé sur Virtumonde -.- NOOOONNNN pas lui !!! ... (Trouvé par Spybot S&D)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:13, on 14/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\freeWin-Master\freeWin-Master.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\msfeedssync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S486.tmp" /EF "HKCU"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpld...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7179 bytes







Edit2 : Voici le rapport HijackThis après un coup de VundoFix (n'a rien trouvé), un coup de ComboFix (je post son rapport plus bas) et quelques coups de pioches (oups).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:38, on 14/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S486.tmp" /EF "HKCU"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpld...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6434 bytes


Et comme promis le rapport ComboFix :

ComboFix 09-01-13.04 - perso 2009-01-14 16:57:37.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2046.1684 [GMT 4:00]
Lancé depuis: c:\users\perso\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090113-1] *On-access scanning disabled* (Outdated)
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cbxyxvWM.dll
c:\windows\system32\wDMUwyxx.ini
c:\windows\system32\wDMUwyxx.ini2
J:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-14 au 2009-01-14 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 11:25 --------- d-----w c:\users\perso\AppData\Roaming\BitTorrent
2009-01-13 18:47 --------- d-----w c:\program files\Warcraft III
2009-01-13 08:27 --------- d-----w c:\users\perso\AppData\Roaming\Download Manager
2009-01-11 14:56 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-09 14:50 --------- d-----w c:\program files\A - Téléchargements
2009-01-09 14:21 --------- d-----w c:\users\perso\AppData\Roaming\Audacity
2009-01-08 16:34 --------- d-----w c:\programdata\Apple Computer
2009-01-08 16:34 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-08 16:34 --------- d-----w c:\program files\iTunes
2009-01-08 16:34 --------- d-----w c:\program files\iPod
2009-01-08 16:34 --------- d-----w c:\program files\Common Files\Apple
2009-01-08 16:32 --------- d-----w c:\program files\QuickTime
2009-01-07 17:52 --------- d-----w c:\programdata\2DBoy
2009-01-07 17:52 --------- d-----w c:\program files\WorldOfGoo
2009-01-07 16:24 --------- d-----w c:\program files\StarCraft
2009-01-06 16:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-06 15:02 --------- d-----w c:\program files\Common Files\AVSMedia
2009-01-06 14:02 --------- d---a-w c:\programdata\TEMP
2009-01-06 13:41 --------- d-----w c:\program files\vixy.net
2009-01-05 15:21 --------- d-----w c:\users\perso\AppData\Roaming\dvdcss
2009-01-05 04:47 --------- d-----w c:\program files\Garena
2009-01-05 04:41 --------- d-----w c:\programdata\NVIDIA
2009-01-05 03:38 --------- d-----w c:\program files\PS3ThemeCreator
2009-01-05 03:37 --------- d-----w c:\programdata\InstallShield
2009-01-05 03:37 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-04 19:26 --------- d-----w c:\program files\SystemRequirementsLab
2009-01-04 19:25 --------- d-----w c:\users\perso\AppData\Roaming\SystemRequirementsLab
2009-01-04 18:00 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-04 11:49 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-12-27 10:26 --------- d-----w c:\program files\Railroad Tycoon 3
2008-12-27 10:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 10:09 43,520 ----a-w c:\windows\System32\CmdLineExt03.dll
2008-12-27 06:21 --------- d-----w c:\program files\MPS
2008-12-26 15:19 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-26 15:19 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2008-12-26 07:26 22,368 ----a-w c:\windows\system32\drivers\ggsemc.sys
2008-12-26 07:26 10,976 ----a-w c:\windows\system32\drivers\ggflt.sys
2008-12-26 07:26 1,107,296 ----a-w c:\windows\System32\WdfCoInstaller01007.dll
2008-12-25 15:19 25,600 ----a-w c:\windows\System32\DUALSHOCK3FF.dll
2008-12-18 16:12 --------- d-----w c:\program files\Windows Live
2008-12-18 16:08 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-18 16:08 --------- d-----w c:\program files\Microsoft
2008-12-18 15:35 --------- d-----w c:\program files\Common Files\Windows Live
2008-12-17 11:04 --------- d-----w c:\program files\Lavalys
2008-12-16 14:35 --------- d-----w c:\users\perso\AppData\Roaming\Comodo
2008-12-14 13:08 --------- d-----w c:\program files\Trend Micro
2008-12-13 14:08 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-12-13 10:38 --------- d-----w c:\program files\Microsoft Games
2008-12-13 10:33 --------- d-----w c:\programdata\eMule
2008-12-13 10:31 --------- d-----w c:\program files\Steam
2008-12-13 10:31 --------- d-----w c:\program files\Common Files\Steam
2008-12-13 10:27 --------- d-----w c:\programdata\Symantec
2008-12-13 10:27 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-12 18:12 174 --sha-w c:\program files\desktop.ini
2008-12-12 18:00 --------- d-----w c:\program files\Windows Mail
2008-12-12 17:12 --------- d-----w c:\programdata\Microsoft Help
2008-12-12 14:37 --------- d-----w c:\program files\Common Files\Microsoft Games
2008-12-09 15:43 --------- d-----w c:\programdata\WLInstaller
2008-12-07 14:00 --------- d-----w c:\program files\Audiosurf
2008-12-04 20:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 18:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-28 16:28 --------- d-----w c:\programdata\NCH Software
2008-11-28 15:21 --------- d-----w c:\users\perso\AppData\Roaming\Eltima Software
2008-11-28 15:21 --------- d-----w c:\program files\SWF
2008-11-28 15:21 --------- d-----w c:\program files\Common Files\Eltima Shared
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-25 12:10 --------- d-----w c:\program files\Opera
2008-11-24 16:28 --------- d-----w c:\program files\Portal
2008-11-22 09:48 11,392 ----a-w c:\windows\system32\drivers\dualshock3.sys
2008-11-20 13:48 --------- d-----w c:\users\perso\AppData\Roaming\Media Player Classic
2008-11-20 13:48 --------- d-----w c:\program files\Media Player Classic
2008-11-16 12:29 --------- d-----w c:\program files\Tcl
2008-11-16 12:03 --------- d-----w c:\program files\Common Files\Adobe
2008-11-15 13:53 --------- d-----w c:\program files\Bonjour
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 03:33 1,687,040 ----a-w c:\windows\System32\gameux.dll
2008-10-31 23:38 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-10-22 03:43 95,232 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2008-10-22 03:43 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 03:43 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2008-10-21 23:31 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:16 297,472 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:16 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 10:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 09:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:40 826,368 ----a-w c:\windows\System32\wininet.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Capture Text.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Capture Text.lnk
backup=c:\windows\pss\Capture Text.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 20:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CollaborationHost]
--a------ 2006-11-02 16:35 191488 c:\windows\System32\p2phost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2006-11-02 16:35 125440 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series (Copie 1)]
--a------ 2007-04-12 15:00 182272 c:\windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-27 22:11 133104 c:\users\perso\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
--a------ 2007-12-13 17:57 2095640 c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDevAgt]
--a------ 2007-12-13 17:59 346648 c:\program files\Logitech\GamePanel Software\LGDevAgt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-12-02 22:41 3882312 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-02-26 22:46 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13584928 c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 13:33 92704 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-09 16:45 1232896 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2005-10-11 20:54 339968 c:\windows\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-08 19:43 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-09-13 17:58 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
--a------ 2006-11-02 13:45 215552 c:\windows\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 16:36 201728 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-09-21 03:10 55824 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-10-01 11:53 4702208 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3998DBCC-4103-45EB-BCA5-E6EE4EE068DB}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{63E805E3-168F-47B3-9441-9DB40B8005F2}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{DF0CF175-9595-4D13-9391-CA509921A3A6}"= Disabled:UDP:c:\program files\Giganology\Gigaget\Gigaget.exe:Gigaget
"{A739D274-28CF-4FE1-9733-53E4E58C8DB8}"= Disabled:TCP:c:\program files\Giganology\Gigaget\Gigaget.exe:Gigaget
"{3955F2F6-8C77-460F-8BD9-E59083DE6FF6}"= UDP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{B9B25D2B-9912-4463-9FDC-9D92A4AF470E}"= TCP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{1AB221E4-F2DA-409F-9AEE-54F8D2EB772D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C09D68A8-EA98-434C-9F9B-A77C2D523108}"= UDP:990:LocalSubnet:LocalSubnet|IF={C0548FB4-39A6-41C7-A5D9-43B6249DC5EA}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{7416ACFF-2C80-4403-A5ED-054B64634011}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{C8B5B9B1-7AD0-4906-BE31-6F5C0D159BB9}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{4C52EC14-64E9-45F1-9003-FCEBBBFE9502}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{66147EA4-2553-4CDD-B32B-031BC3EDFD44}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5C465A8F-4A2C-4453-8F12-D9FC28D62FCB}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{0627F063-57DD-4927-B9CD-669ECBA7D51E}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{1993511D-0FCD-45C9-979A-1FB0D0BC7B69}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{3A70A994-D69C-4FCC-84E1-4C1696639CF9}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{A3BCC194-8EFD-4850-BB70-5B60C788030B}c:\\users\\perso\\downloads\\wow-2.4.3.8568-to-3.0.2.8916-frfr-downloader.exe"= UDP:c:\users\perso\downloads\wow-2.4.3.8568-to-3.0.2.8916-frfr-downloader.exe:wow-2.4.3.8568-to-3.0.2.8916-frfr-downloader.exe
"UDP Query User{26C16681-D037-45CE-98B8-39FCABDF9605}c:\\users\\perso\\downloads\\wow-2.4.3.8568-to-3.0.2.8916-frfr-downloader.exe"= TCP:c:\users\perso\downloads\wow-2.4.3.8568-to-3.0.2.8916-frfr-downloader.exe:wow-2.4.3.8568-to-3.0.2.8916-frfr-downloader.exe
"TCP Query User{2198F1D0-C8DD-4BBB-9668-ABBB051C55D5}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{AC83F580-EDE3-4366-932A-B2A9113E3E02}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{BFC7488E-6A6A-46FA-8F2B-F9A0C48EF529}"= TCP:6112:WARIII
"{3CA049DB-323A-48C3-BA9D-2F0B75817C5F}"= UDP:6112:WarIII2
"TCP Query User{5FF3569C-F1A3-45E6-AF4F-436500AC65BA}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena
"UDP Query User{63555BF7-EF5E-4F49-A3F5-1C40B53B294B}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena
"TCP Query User{2F3B7E90-0E4C-4CAD-ACCD-043E9C7D8A61}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena
"UDP Query User{9528F6DA-325A-4446-B0FB-AAC74154B1F4}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena
"{B0940CFF-3B8A-4542-8765-252C0150994D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{5FB9BDA7-BDF5-4D69-9076-0792150BA5F7}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{6A131BD4-246A-4C3C-A70E-2764D51AD51E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{42F55F05-DD00-4F68-BC27-2D29B0BFB82E}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{19C5D9E7-71F7-4AC6-AD51-8C252CF37BCB}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{EED9D89D-CBC0-4FB8-B26C-6D3A343DB45B}"= UDP:c:\program files\vixy.net\vixy.exe:vixy converter beta
"{593BC826-41E1-4398-8B7A-123F3CABC01D}"= TCP:c:\program files\vixy.net\vixy.exe:vixy converter beta
"TCP Query User{07D39848-C385-47ED-9FE9-593A30BEB946}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{648FC690-6828-4582-AE00-9ACB2E9E6863}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{3FEFD7CF-184F-4D5E-B8BC-3DBB85D37661}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{20ACC94B-8517-49A7-95DF-36482F08AF25}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"{BE64AB98-5C2D-42F6-8BAF-B58D7BF9D71C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0C147C27-548B-4ADC-A18A-04E31465DF91}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\DRIVERS\dualshock3.sys [2008-11-22 11392]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-12-26 10976]
R3 pohci13F;pohci13F; [x]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.0;c:\windows\system32\DRIVERS\libusb0.sys [2007-09-19 28672]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-05-07 218624]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b10714fd-d6e5-11dc-8688-0016e697623e}]
\shell\AutoRun\command - explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7da9ac3-d0e7-11dc-b218-0016e697623e}]
\shell\AutoRun\command - K:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4123304905-3494080633-295671343-1000.job
- c:\users\perso\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-27 22:11]

2009-01-14 c:\windows\Tasks\User_Feed_Synchronization-{A1CF7B1E-F2C1-457D-90C9-2C61FA2CE8A1}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 13:45]

2009-01-14 c:\windows\Tasks\User_Feed_Synchronization-{B9444DCB-6C9F-4315-9953-A6289CE60DF9}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 13:45]

2009-01-14 c:\windows\Tasks\xswgvqbd.job
- c:\windows\system32\rundll32.exe [2006-11-02 13:45]
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-WB - c:\program files\AlienGUIse\fastload.dll
MSConfigStartUp-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe
MSConfigStartUp-MSServer - c:\windows\system32\cbxyxvWM.dll
MSConfigStartUp-USBFW - c:\program files\Net Studio\USB FireWall\USB FireWall.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\perso\AppData\Roaming\Mozilla\Firefox\Profiles\wj8wg3y8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\perso\AppData\Local\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.
.
------- Associations de fichier -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 17:03:23
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Heure de fin: 2009-01-14 17:07:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-14 13:07:38

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 90,171,195,392 octets libres

315 --- E O F --- 2009-01-13 08:30:07


Je passe un coup de Spybot S&D et je reviens avec un rapport HijackThis si je trouve quelque chose.

Autres pages sur : resolu infection vundo virtumonde

a b 8 Sécurité
14 Janvier 2009 17:21:20

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    15 Janvier 2009 08:33:03

    Re-bonjour. Merci beaucoup de ton aide Angeldark =D.

    Voici le rapport Mbam :


    Malwarebytes' Anti-Malware 1.33
    Version de la base de données: 1654
    Windows 6.0.6000

    15/01/2009 11:22:24
    mbam-log-2009-01-15 (11-22-24).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 226621
    Temps écoulé: 48 minute(s), 18 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\$Recycle.Bin\S-1-5-21-4123304905-3494080633-295671343-1000\$R958CLD\Quarantine\C\Windows\System32\cbxyxvWM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\ayplsqzk.cns (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\ltwevyku.vbo (Trojan.Vundo) -> Quarantined and deleted successfully.


    Et un petit Rapport HijackThis pour la route ;D

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:29:40, on 15/01/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16764)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S486.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Users\perso\AppData\Local\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu"
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpld...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: wbsys.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

    --
    End of file - 6874 bytes



    Clean ? Or not clean ?
    Contenus similaires
    15 Janvier 2009 18:24:36

    Ok merci encore, sa va me prendre un petit bout de temps. Bonne soirée, je repost demain.

    Merci beaucoup de nouveau. =D
    a b 8 Sécurité
    15 Janvier 2009 19:07:32

    De rien ;) 
    15 Janvier 2009 19:23:31

    Ah, j'oubliais : Tu aurais un Pare-feu sûr a me recommander ? (je ne fais pas confiance à la plupart de ceux qu'on trouve sur le net. Genre COMMODO si tu vois ce que je veux dire)

    PS ; on peut te tutoyer ? =)
    a b 8 Sécurité
    16 Janvier 2009 18:02:13

    Bah vi qu'on peut me tutoyer :D 
    Kerio est un bon firewall.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS