Votre question

Virus qui change le fond d'écran

Tags :
  • Sécurité
  • Écrans
Dernière réponse : dans Sécurité et virus
16 Septembre 2008 20:38:09

Bonjour à tous.
Tout d'abord je vous remercie pour le temps que vous consacrez aux noobs comme moi.
En plus du win32 dont je n'arrive pas à me débarrasser sur mes 2 pc, voila que mon pc principal se trouve affecté.
Je vous explique.
Mon fond d'écran à changer et a été remplacé par : Warning spyware detected on your computer. Un fond rouge et blanc. Puis en dessous il est marqué : warning win32/adware.virtumonde detected on your computer

L'icone bureau a disparu quand je fais clique droit. En suivant les indications du forum, j'ai réussit à remettre le bureau et à changer le fond d'écran. Mais à chaque fois que je redémarre l'ecran change à nouveau. Le nom du fond d'écran est :

1hc5a9j0e91e

Je ne le trouve pas sur le pc.

Au bout d'une à deux heures, le pc affiche un écran bleu et je ne peux plus m'en servir.
Que dois-je faire ?

Je précise que je suis mauvais en informatique mais que je vais faire des efforts. J'ajouterais que je ne suis pas du genre à demander sans offrir, et si un jour je peux vous rendre la pareille quelque soit le domaine je le ferais avec grand plaisir.
Si quelqu'un arrive à soigner mes pc mal en point ,je m'engage à lui envoyer des nonnettes à l'abricot ^^

Autres pages sur : virus change fond ecran

16 Septembre 2008 21:52:49

Mon pc principal ne veut plus démarrer :( 
En attendant, je vous propose de m'aider sur mon pc auxiliaire, dont voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:48, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [qpd259z] C:\WINDOWS\system32\qpd259z.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O20 - Winlogon Notify: ncczpxva - C:\WINDOWS\SYSTEM32\dbmsrpcng.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6378 bytes
Contenus similaires
a b 8 Sécurité
17 Septembre 2008 12:38:49

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    17 Septembre 2008 17:25:28

    Alors, je crois que j'ai cafouillé. Il m'a demandé de redémarrer à la fin de la recherche donc c'est ce que j'ai fait mais au redémarrage j'avais plus de rapport. J'ai voulu recommencer un scan mais impossible. Du coup, en cherchant dans le logiciel dans la rubrique rapport/log, j'ai quand même trouvé ça :

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1163
    Windows 5.1.2600 Service Pack 2

    17/09/2008 16:15:46
    mbam-log-2008-09-17 (16-15-46).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 78535
    Temps écoulé: 51 minute(s), 55 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{221251be-fb26-44ca-98af-699d55ecafe2} (Trojan.BHO.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{221251be-fb26-44ca-98af-699d55ecafe2} (Trojan.BHO.H) -> Delete on reboot.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\AppCert (Trojan.Downloader) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\comsnapv.dll (Trojan.BHO.H) -> Delete on reboot.
    C:\WINDOWS\system32\AppCert\hb13a.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\AppCert\filter.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\AppCert\hb13c.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\AppCert\options.dat (Trojan.Downloader) -> Quarantined and deleted successfully.

    Sinon mon pc principal redémarre mais je propose de terminer de s'occuper de ce pc avant de faire l'autre, maintenant qu'on a commencé.
    a b 8 Sécurité
    17 Septembre 2008 18:01:22

    Reposte un rapport Hijackthis.
    17 Septembre 2008 19:01:15

    Bonsoir!

    J'ai posté hier un message sur ce forum, dans un topic sensiblement identique, en décrivant exactement les mêmes "symptômes" que "Gruic". J'ai installé et executé "MalwareByte's Anti-Malware" en mode sans-echec, en analyse complete. Il s'est avéré que je ne pouvais pas terminer cette analyse, l'écran devient bleu au bout de 5 min. Cet écran bleu n'est qu'un fond d'écran, il suffit d'un simple "ctrl+alt+supr" pour revenir sur le bureau, ou d'une activité de la souris pour éviter son apparition. J'ai ensuite redémarré mon pc en mode normal : la bestiole était encore là. J'ai mis a jour la base de données "anti-malware", relancé sans convictions un scan "rapide", qui m'a signalé 26 infections diverses. Au redémarrage, plus de fond d'écran alarmant, ni de message proposant d'installer le fameux antivirus. De plus, mon Ie ne me redirige plus vers des sites publicitaires.

    Voila mon rapport "MalwareByte's Anti-Malware" avant le redémarrage final (la bête doit se cacher là-dedans) :



    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1164
    Windows 5.1.2600 Service Pack 2

    17/09/2008 18:37:55
    mbam-log-2008-09-17 (18-37-55).txt

    Type de recherche: Examen rapide
    Eléments examinés: 84287
    Temps écoulé: 17 minute(s), 33 second(s)

    Processus mémoire infecté(s): 2
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 7
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 13

    Processus mémoire infecté(s):
    C:\WINDOWS\system32\lphc3e2j0erba.exe (Trojan.FakeAlert) -> Unloaded process successfully.
    C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\blphc3e2j0erba.scr (Fake.BlueScreenError) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3e2j0erba (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc7e2j0erba (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\blphc3e2j0erba.scr (Fake.BlueScreenError) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\lphc3e2j0erba.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phc3e2j0erba.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\w32usb2.exe (Worm.Rbot) -> Quarantined and deleted successfully.


    En esperant que cela puisse vous aider,

    Merci aux "helpers" et leurs super conseils.

    Valou
    17 Septembre 2008 19:06:46

    Voila :) 

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:48:29, on 17/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
    O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [qpd259z] C:\WINDOWS\system32\qpd259z.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O20 - Winlogon Notify: ncczpxva - C:\WINDOWS\SYSTEM32\dbmsrpcng.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 6332 bytes
    a b 8 Sécurité
    17 Septembre 2008 19:08:07

    Valou1310, chacun son sujet.
    ---
    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    17 Septembre 2008 20:42:43

    voila :) 

    ComboFix 08-09-16.05 - Administrateur 2008-09-17 20:12:11.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.113 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Cookies\administrateur@2o7[2].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@ads.pointroll[1].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@edt02[1].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@revsci[2].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@serving-sys[2].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@tracker.affistats[2].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@trafiz[2].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@www.mp3search[1].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@www.pixmania[1].txt
    C:\Documents and Settings\Administrateur\Favoris\.url
    C:\install\install.exe
    C:\WINDOWS\system32\appcert
    C:\WINDOWS\system32\rtl60.bpl
    E:\autorun.inf
    C:\WINDOWS\system32\comsnapv.dll . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-17 au 2008-09-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-17 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-17 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-16 21:36 . 2008-09-16 21:36 <REP> d-------- C:\Program Files\Trend Micro

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-03 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-03 18:42 --------- d-----w C:\Program Files\USB Disk Win98 Driver
    2007-04-23 21:13 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-04-23 21:13 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2006-11-15 14:12 680 -c--a-w C:\Program Files\mpc2.reg
    2006-11-15 14:12 596 -c--a-w C:\Program Files\mpc1.reg
    2006-11-15 14:12 30,164 -c--a-w C:\Program Files\ffdsvsetts.reg
    2006-11-15 14:12 3,476 -c--a-w C:\Program Files\mpc7.reg
    2006-11-15 14:12 3,236 -c--a-w C:\Program Files\mpc4.reg
    2006-11-15 14:12 3,026 -c--a-w C:\Program Files\mpc3.reg
    2006-11-15 14:12 18,156 -c--a-w C:\Program Files\mpc6.reg
    2006-11-15 14:12 16,166 -c--a-w C:\Program Files\mpc5.reg
    2006-11-15 14:12 1,176 -c--a-w C:\Program Files\ffdssetts.reg
    2006-11-15 14:12 1,172 -c--a-w C:\Program Files\ffdsasetts.reg
    2006-09-05 13:34 4,482 -c--a-w C:\Program Files\satsukidecodersettings.ini
    2005-12-23 23:06 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    2006-05-03 10:06 163,328 -csh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
    .

    ------- Sigcheck -------

    2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
    2001-08-24 16:00 84992 --a------ C:\WINDOWS\system32\comsnapv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]
    2001-08-24 16:00 104960 --a------ c:\windows\system32\dbmsrpcng.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 282624]
    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
    "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
    "CreativeMixer"="C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE" [1999-11-18 20480]
    "Register MediaRing Talk"="C:\Program Files\MediaRing Talk\register.exe" [1999-11-30 73728]
    "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 79224]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
    2001-08-24 16:00 104960 C:\WINDOWS\system32\dbmsrpcng.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "VIDC.JPEG"= JPEGCODE.DLL
    "VIDC.MJPG"= JPEGCODE.DLL
    "VIDC.VP40"= vp4vfw.dll
    "mixer"= DrvTrNTm.dll
    "wave"= DrvTrNTm.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Diablo II\\Game.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\NetP4\\NetP4.exe"=

    R0 wabppbrf;wabppbrf;C:\WINDOWS\system32\drivers\wabppbrf.sys [2001-08-24 23424]
    R2 ssvcpifn;USB Bus q1cf4 Controller;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ssvcpifn

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f96ecc0-7a2a-11db-aedb-000475733ddb}]
    \Shell\AutoRun\command - E:\LaunchU3.exe
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    Toolbar-ID - (no file)
    Toolbar-SITEguard - (no file)
    HKCU-Run-qpd259z - C:\WINDOWS\system32\qpd259z.exe


    .
    ------- Examen suppl‚mentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\1dp2en4w.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage
    FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
    .
    .
    ------- File Associations -------
    .
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-17 20:21:37
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cach‚s ...

    Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????D?tecteur de disque???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ??????k??w??????????@???????????????????B?????,?????????????????????????????B

    Recherche de fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ctsvccda.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\ShareDLL\Mediadet.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-17 20:27:44 - La machine a red‚marr‚
    ComboFix-quarantined-files.txt 2008-09-17 18:27:31

    Avant-CF: 2,743,484,416 octets libres
    AprŠs-CF: 2,950,610,944 octets libres

    164
    a b 8 Sécurité
    18 Septembre 2008 16:57:34

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\comsnapv.dll
    C:\WINDOWS\system32\dbmsrpcng.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    18 Septembre 2008 21:30:41

    voila :) 

    ComboFix 08-09-16.05 - Administrateur 2008-09-18 20:48:52.2 - NTFSx86
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\comsnapv.dll . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-18 au 2008-09-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-18 15:01 . 2008-09-18 15:01 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-17 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-17 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-16 21:36 . 2008-09-16 21:36 <REP> d-------- C:\Program Files\Trend Micro

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-03 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-03 18:42 --------- d-----w C:\Program Files\USB Disk Win98 Driver
    2007-04-23 21:13 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-04-23 21:13 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2006-11-15 14:12 680 -c--a-w C:\Program Files\mpc2.reg
    2006-11-15 14:12 596 -c--a-w C:\Program Files\mpc1.reg
    2006-11-15 14:12 30,164 -c--a-w C:\Program Files\ffdsvsetts.reg
    2006-11-15 14:12 3,476 -c--a-w C:\Program Files\mpc7.reg
    2006-11-15 14:12 3,236 -c--a-w C:\Program Files\mpc4.reg
    2006-11-15 14:12 3,026 -c--a-w C:\Program Files\mpc3.reg
    2006-11-15 14:12 18,156 -c--a-w C:\Program Files\mpc6.reg
    2006-11-15 14:12 16,166 -c--a-w C:\Program Files\mpc5.reg
    2006-11-15 14:12 1,176 -c--a-w C:\Program Files\ffdssetts.reg
    2006-11-15 14:12 1,172 -c--a-w C:\Program Files\ffdsasetts.reg
    2006-09-05 13:34 4,482 -c--a-w C:\Program Files\satsukidecodersettings.ini
    2005-12-23 23:06 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    2006-05-03 10:06 163,328 -csh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
    .

    ------- Sigcheck -------

    2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-09-17_20.26.22.60 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2008-03-30 10:08:34 40,128 -c--a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-09-18 18:44:15 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-30 10:08:34 48,856 -c--a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-09-18 18:44:15 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-03-30 10:08:34 311,740 -c--a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-09-18 18:44:15 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-03-30 10:08:34 368,076 -c--a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-09-18 18:44:15 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2001-08-24 14:00:00 45,824 ----a-w C:\WINDOWS\system32\rqlnzdvu.dat
    + 2001-08-24 14:00:00 50,432 ----a-w C:\WINDOWS\system32\rqlnzdvu.dat
    + 2008-09-18 18:55:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4ac.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
    2001-08-24 16:00 84992 --a------ C:\WINDOWS\system32\comsnapv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]
    2001-08-24 16:00 104960 --a------ c:\windows\system32\dbmsrpcng.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 282624]
    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
    "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
    "CreativeMixer"="C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE" [1999-11-18 20480]
    "Register MediaRing Talk"="C:\Program Files\MediaRing Talk\register.exe" [1999-11-30 73728]
    "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 79224]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
    2001-08-24 16:00 104960 C:\WINDOWS\system32\dbmsrpcng.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "VIDC.JPEG"= JPEGCODE.DLL
    "VIDC.MJPG"= JPEGCODE.DLL
    "VIDC.VP40"= vp4vfw.dll
    "mixer"= DrvTrNTm.dll
    "wave"= DrvTrNTm.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Diablo II\\Game.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\NetP4\\NetP4.exe"=

    R0 wabppbrf;wabppbrf;C:\WINDOWS\system32\drivers\wabppbrf.sys [2001-08-24 23424]
    R2 ssvcpifn;USB Bus q1cf4 Controller;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ssvcpifn

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f96ecc0-7a2a-11db-aedb-000475733ddb}]
    \Shell\AutoRun\command - E:\LaunchU3.exe
    .
    .
    ------- Examen suppl‚mentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\1dp2en4w.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage
    FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-18 20:58:54
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cach‚s ...

    Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????D?tecteur de disque???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ??????k??w??????????@?S?????????????????B?????,????????????????????P????????B

    Recherche de fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ctsvccda.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\ShareDLL\Mediadet.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-18 21:04:00 - La machine a red‚marr‚
    ComboFix-quarantined-files.txt 2008-09-18 19:03:51
    ComboFix2.txt 2008-09-17 18:27:47

    Avant-CF: 2,203,172,864 octets libres
    AprŠs-CF: 2,201,645,056 octets libres

    160

    et aussi :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:12, on 18/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
    O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O20 - Winlogon Notify: ncczpxva - C:\WINDOWS\SYSTEM32\dbmsrpcng.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 6557 bytes
    a b 8 Sécurité
    19 Septembre 2008 18:15:54

    Re,

    Utilise ce scrit :

    Rootkit::
    C:\WINDOWS\system32\comsnapv.dll
    C:\WINDOWS\system32\dbmsrpcng.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]
    19 Septembre 2008 19:47:28

    Voici le rapport :

    ComboFix 08-09-16.05 - Administrateur 2008-09-19 18:52:31.3 - NTFSx86
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .
    /wow section - STAGE 8
    L'opération demandée n'a pu s'accomplir sur un fichier ayant une section mappée utilisateur ouverte.


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\comsnapv.dll . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-19 au 2008-09-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-18 15:01 . 2008-09-18 15:01 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-17 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-17 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-16 21:36 . 2008-09-16 21:36 <REP> d-------- C:\Program Files\Trend Micro

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-03 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-03 18:42 --------- d-----w C:\Program Files\USB Disk Win98 Driver
    2007-04-23 21:13 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-04-23 21:13 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2006-11-15 14:12 680 -c--a-w C:\Program Files\mpc2.reg
    2006-11-15 14:12 596 -c--a-w C:\Program Files\mpc1.reg
    2006-11-15 14:12 30,164 -c--a-w C:\Program Files\ffdsvsetts.reg
    2006-11-15 14:12 3,476 -c--a-w C:\Program Files\mpc7.reg
    2006-11-15 14:12 3,236 -c--a-w C:\Program Files\mpc4.reg
    2006-11-15 14:12 3,026 -c--a-w C:\Program Files\mpc3.reg
    2006-11-15 14:12 18,156 -c--a-w C:\Program Files\mpc6.reg
    2006-11-15 14:12 16,166 -c--a-w C:\Program Files\mpc5.reg
    2006-11-15 14:12 1,176 -c--a-w C:\Program Files\ffdssetts.reg
    2006-11-15 14:12 1,172 -c--a-w C:\Program Files\ffdsasetts.reg
    2006-09-05 13:34 4,482 -c--a-w C:\Program Files\satsukidecodersettings.ini
    2005-12-23 23:06 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    2006-05-03 10:06 163,328 -csh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
    .

    ------- Sigcheck -------

    2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-09-17_20.26.22.60 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2008-03-30 10:08:34 40,128 -c--a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-09-18 18:44:15 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-30 10:08:34 48,856 -c--a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-09-18 18:44:15 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-03-30 10:08:34 311,740 -c--a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-09-18 18:44:15 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-03-30 10:08:34 368,076 -c--a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-09-18 18:44:15 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-09-19 16:59:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4b8.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
    2001-08-24 16:00 84992 --a------ C:\WINDOWS\system32\comsnapv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]
    2001-08-24 16:00 104960 --a------ c:\windows\system32\dbmsrpcng.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 282624]
    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
    "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
    "CreativeMixer"="C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE" [1999-11-18 20480]
    "Register MediaRing Talk"="C:\Program Files\MediaRing Talk\register.exe" [1999-11-30 73728]
    "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 79224]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
    2001-08-24 16:00 104960 C:\WINDOWS\system32\dbmsrpcng.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "VIDC.JPEG"= JPEGCODE.DLL
    "VIDC.MJPG"= JPEGCODE.DLL
    "VIDC.VP40"= vp4vfw.dll
    "mixer"= DrvTrNTm.dll
    "wave"= DrvTrNTm.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Diablo II\\Game.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\NetP4\\NetP4.exe"=

    R0 wabppbrf;wabppbrf;C:\WINDOWS\system32\drivers\wabppbrf.sys [2001-08-24 23424]
    R2 ssvcpifn;USB Bus q1cf4 Controller;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ssvcpifn

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f96ecc0-7a2a-11db-aedb-000475733ddb}]
    \Shell\AutoRun\command - E:\LaunchU3.exe
    .
    .
    ------- Examen suppl‚mentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\1dp2en4w.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage
    FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
    .
    .
    ------- File Associations -------
    .
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-19 19:01:14
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cach‚s ...

    Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????D?tecteur de disque???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ??????k??w??????????@???????????????????B?????,?????????????????????????????B

    Recherche de fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ctsvccda.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\ShareDLL\Mediadet.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-19 19:06:44 - La machine a red‚marr‚
    ComboFix-quarantined-files.txt 2008-09-19 17:06:29
    ComboFix2.txt 2008-09-18 19:04:03
    ComboFix3.txt 2008-09-17 18:27:47

    Avant-CF: 2,168,643,584 octets libres
    AprŠs-CF: 2,181,722,112 octets libres

    163
    a b 8 Sécurité
    19 Septembre 2008 20:04:25

    Tu peux lancer le script en mode sans échec pour voir ?
    20 Septembre 2008 12:35:58

    voila :) 

    ComboFix 08-09-16.05 - Administrateur 2008-09-20 12:08:05.4 - NTFSx86 MINIMAL
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.147 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt..txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\comsnapv.dll . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-18 15:01 . 2008-09-18 15:01 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-17 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-17 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-16 21:36 . 2008-09-16 21:36 <REP> d-------- C:\Program Files\Trend Micro

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-03 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-03 18:42 --------- d-----w C:\Program Files\USB Disk Win98 Driver
    2007-04-23 21:13 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-04-23 21:13 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2006-11-15 14:12 680 -c--a-w C:\Program Files\mpc2.reg
    2006-11-15 14:12 596 -c--a-w C:\Program Files\mpc1.reg
    2006-11-15 14:12 30,164 -c--a-w C:\Program Files\ffdsvsetts.reg
    2006-11-15 14:12 3,476 -c--a-w C:\Program Files\mpc7.reg
    2006-11-15 14:12 3,236 -c--a-w C:\Program Files\mpc4.reg
    2006-11-15 14:12 3,026 -c--a-w C:\Program Files\mpc3.reg
    2006-11-15 14:12 18,156 -c--a-w C:\Program Files\mpc6.reg
    2006-11-15 14:12 16,166 -c--a-w C:\Program Files\mpc5.reg
    2006-11-15 14:12 1,176 -c--a-w C:\Program Files\ffdssetts.reg
    2006-11-15 14:12 1,172 -c--a-w C:\Program Files\ffdsasetts.reg
    2006-09-05 13:34 4,482 -c--a-w C:\Program Files\satsukidecodersettings.ini
    2005-12-23 23:06 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    2006-05-03 10:06 163,328 -csh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
    .

    ------- Sigcheck -------

    2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-09-17_20.26.22.60 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2008-03-30 10:08:34 40,128 -c--a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-09-18 18:44:15 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-30 10:08:34 48,856 -c--a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-09-18 18:44:15 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-03-30 10:08:34 311,740 -c--a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-09-18 18:44:15 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-03-30 10:08:34 368,076 -c--a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-09-18 18:44:15 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-09-20 10:14:25 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_4a0.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
    2001-08-24 16:00 84992 --a------ C:\WINDOWS\system32\comsnapv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]
    2001-08-24 16:00 104960 --a------ c:\windows\system32\dbmsrpcng.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 282624]
    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
    "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
    "CreativeMixer"="C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE" [1999-11-18 20480]
    "Register MediaRing Talk"="C:\Program Files\MediaRing Talk\register.exe" [1999-11-30 73728]
    "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 79224]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
    2001-08-24 16:00 104960 C:\WINDOWS\system32\dbmsrpcng.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "VIDC.JPEG"= JPEGCODE.DLL
    "VIDC.MJPG"= JPEGCODE.DLL
    "VIDC.VP40"= vp4vfw.dll
    "mixer"= DrvTrNTm.dll
    "wave"= DrvTrNTm.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Diablo II\\Game.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\NetP4\\NetP4.exe"=

    R0 wabppbrf;wabppbrf;C:\WINDOWS\system32\drivers\wabppbrf.sys [2001-08-24 23424]
    S2 ssvcpifn;USB Bus q1cf4 Controller;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ssvcpifn

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f96ecc0-7a2a-11db-aedb-000475733ddb}]
    \Shell\AutoRun\command - E:\LaunchU3.exe
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-20 12:16:35
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cach‚s ...

    Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????D?tecteur de disque???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ??????k??w??????????@???????????????????B?????,?????????????????????????????B

    Recherche de fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ctsvccda.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\ShareDLL\Mediadet.exe
    C:\WINDOWS\system32\imapi.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-20 12:21:33 - La machine a red‚marr‚
    ComboFix-quarantined-files.txt 2008-09-20 10:21:17
    ComboFix2.txt 2008-09-19 17:06:47
    ComboFix3.txt 2008-09-18 19:04:03
    ComboFix4.txt 2008-09-17 18:27:47

    Avant-CF: 2,192,969,728 octets libres
    AprŠs-CF: 2,164,486,144 octets libres

    146v
    a b 8 Sécurité
    20 Septembre 2008 13:15:48

    Reposte un rapport Hijackthis.
    20 Septembre 2008 19:16:43

    voila :) 

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:59, on 20/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
    O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O20 - Winlogon Notify: ncczpxva - C:\WINDOWS\SYSTEM32\dbmsrpcng.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

    --
    End of file - 6941 bytes
    a b 8 Sécurité
    20 Septembre 2008 20:32:45

    Analyse le fichier suivant sur VirusTotal puis poste le rapport :
    C:\WINDOWS\system32\drivers\wabppbrf.sys
    20 Septembre 2008 21:03:04

    VirusTotal c'est un site internet ?
    a b 8 Sécurité
    20 Septembre 2008 21:47:28

    Ouaip.
    20 Septembre 2008 22:16:02

    Voila ce que j'ai obtenu, j'espère que c'est ça :


    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.9.19.2 2008.09.19 -
    AntiVir 7.8.1.34 2008.09.19 -
    Authentium 5.1.0.4 2008.09.20 -
    Avast 4.8.1195.0 2008.09.20 -
    AVG 8.0.0.161 2008.09.20 -
    BitDefender 7.2 2008.09.20 -
    CAT-QuickHeal 9.50 2008.09.20 -
    ClamAV 0.93.1 2008.09.20 -
    DrWeb 4.44.0.09170 2008.09.20 -
    eSafe 7.0.17.0 2008.09.18 -
    eTrust-Vet 31.6.6096 2008.09.20 -
    Ewido 4.0 2008.09.20 -
    F-Prot 4.4.4.56 2008.09.20 -
    F-Secure 8.0.14332.0 2008.09.20 -
    Fortinet 3.113.0.0 2008.09.20 -
    GData 19 2008.09.20 -
    Ikarus T3.1.1.34.0 2008.09.20 -
    K7AntiVirus 7.10.466 2008.09.20 -
    Kaspersky 7.0.0.125 2008.09.20 -
    McAfee 5388 2008.09.19 -
    Microsoft 1.3903 2008.09.20 -
    NOD32v2 3457 2008.09.19 -
    Norman 5.80.02 2008.09.19 -
    Panda 9.0.0.4 2008.09.20 -
    PCTools 4.4.2.0 2008.09.20 -
    Prevx1 V2 2008.09.20 -
    Rising 20.62.52.00 2008.09.20 -
    Sophos 4.33.0 2008.09.20 -
    Sunbelt 3.1.1653.1 2008.09.20 -
    Symantec 10 2008.09.20 -
    TheHacker 6.3.0.9.090 2008.09.20 -
    TrendMicro 8.700.0.1004 2008.09.20 -
    VBA32 3.12.8.5 2008.09.20 -
    ViRobot 2008.9.20.1385 2008.09.20 -
    VirusBuster 4.5.11.0 2008.09.20 -
    Webwasher-Gateway 6.6.2 2008.07.21 -
    Information additionnelle
    File size: 23424 bytes
    MD5...: 9bb6476d5541c1224c13cb19a6508e96
    SHA1..: c32e5a0588640d9a7e68974d5d435638122fb36b
    SHA256: 1d52e9dee5a610c24630865f9dd590891b172e56fc91d403b42544b63fd2ff38
    SHA512: 7351d1622b167b4517d2bbf1ab8cf00344e7e65901a20e1766af717a13c29326
    9bd31e54e1c54c7c189f8e5ad7af4e670969ac719464681acc77bd3b853dce26
    PEiD..: -
    TrID..: File type identification
    Generic Win/DOS Executable (49.9%)
    DOS Executable Generic (49.8%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x12400
    timedatestamp.....: 0x40689f9d (Mon Mar 29 22:13:49 2004)
    machinetype.......: 0x14c (I386)

    ( 8 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x2e0 0x16d8 0x16e0 6.51 5ade89779f0da717fd7a1db98e8a42f3
    .rdata 0x19c0 0xc0 0xc0 3.33 aa06cc90af1cea6eb2820c84195b23eb
    .data 0x1a80 0x70 0x80 2.57 f072e640a7cad8573e232adbb42e8417
    PAGE 0x1b00 0x8e7 0x900 5.50 2f1383365f7bc07d1422165127e37823
    INIT 0x2400 0x3f6 0x400 5.29 625dd9343bf1bbd53b4e72983cbbac76
    .otwt 0x2800 0x2d21 0x2d21 7.75 69a51c3e14575caaa5305b4450bc5bda
    .rsrc 0x5521 0x488 0x4a0 3.32 2ac2fe04e64f40b29c11040eb9d7143b
    .reloc 0x59c1 0x170 0x180 5.41 9cba778e7c34343a9be67144c03dddd5

    ( 2 imports )
    > ntoskrnl.exe: IoBuildSynchronousFsdRequest, IoGetAttachedDeviceReference, KeInitializeEvent, memcpy, memset, IoDeleteDevice, IoAttachDeviceToDeviceStack, PoSetPowerState, KeInitializeSpinLock, IoCreateDevice, IoDetachDevice, IofCompleteRequest, IofCallDriver, InterlockedExchange, KefAcquireSpinLockAtDpcLevel, IoReleaseCancelSpinLock, KeClearEvent, InterlockedIncrement, InterlockedDecrement, PoCallDriver, PoStartNextPowerIrp, ExFreePool, PoRequestPowerIrp, ExAllocatePoolWithTag, IoQueueWorkItem, IoAllocateWorkItem, IoFreeWorkItem, KeWaitForSingleObject, KeSetEvent, ObfDereferenceObject
    > HAL.dll: KfReleaseSpinLock, KfAcquireSpinLock

    ( 0 exports )
    a b 8 Sécurité
    20 Septembre 2008 22:20:25

    En espérant que ça fonctionne là.

    Driver::
    ssvcpifn

    Rootkit::
    C:\WINDOWS\system32\comsnapv.dll
    C:\WINDOWS\system32\dbmsrpcng.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]
    21 Septembre 2008 11:01:41

    voila voila :

    ComboFix 08-09-16.05 - Administrateur 2008-09-21 10:25:32.5 - NTFSx86 MINIMAL
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.153 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt..txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\comsnapv.dll . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SSVCPIFN
    -------\Service_ssvcpifn


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-21 au 2008-09-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-20 18:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-09-20 17:02 . 2008-09-20 17:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
    2008-09-20 16:51 . 2008-09-20 16:52 <REP> d-------- C:\Program Files\Glary Utilities
    2008-09-20 16:51 . 2008-09-20 16:52 <REP> d-------- C:\Program Files\Crawler
    2008-09-20 16:51 . 2008-09-20 17:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-09-20 16:51 . 2008-09-20 17:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Spyware Terminator
    2008-09-20 16:51 . 2008-09-20 16:51 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-09-20 16:50 . 2008-09-20 17:39 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-09-18 15:01 . 2008-09-18 15:01 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-17 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-17 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-16 21:36 . 2008-09-16 21:36 <REP> d-------- C:\Program Files\Trend Micro

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-21 08:28 104,960 ----a-w C:\WINDOWS\system32\dacqukqts.dll
    2008-09-20 16:10 --------- d-----w C:\Program Files\Java
    2008-09-20 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-20 15:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-03 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-03 18:42 --------- d-----w C:\Program Files\USB Disk Win98 Driver
    2007-04-23 21:13 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-04-23 21:13 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2006-11-15 14:12 680 -c--a-w C:\Program Files\mpc2.reg
    2006-11-15 14:12 596 -c--a-w C:\Program Files\mpc1.reg
    2006-11-15 14:12 30,164 -c--a-w C:\Program Files\ffdsvsetts.reg
    2006-11-15 14:12 3,476 -c--a-w C:\Program Files\mpc7.reg
    2006-11-15 14:12 3,236 -c--a-w C:\Program Files\mpc4.reg
    2006-11-15 14:12 3,026 -c--a-w C:\Program Files\mpc3.reg
    2006-11-15 14:12 18,156 -c--a-w C:\Program Files\mpc6.reg
    2006-11-15 14:12 16,166 -c--a-w C:\Program Files\mpc5.reg
    2006-11-15 14:12 1,176 -c--a-w C:\Program Files\ffdssetts.reg
    2006-11-15 14:12 1,172 -c--a-w C:\Program Files\ffdsasetts.reg
    2006-09-05 13:34 4,482 -c--a-w C:\Program Files\satsukidecodersettings.ini
    2005-12-23 23:06 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    2006-05-03 10:06 163,328 -csh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
    .

    ------- Sigcheck -------

    2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}]
    2001-08-24 16:00 84992 --a------ C:\WINDOWS\system32\comsnapv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}]
    2008-09-21 10:28 104960 --a------ c:\windows\system32\dbmsrpcng.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 282624]
    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
    "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
    "CreativeMixer"="C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE" [1999-11-18 20480]
    "Register MediaRing Talk"="C:\Program Files\MediaRing Talk\register.exe" [1999-11-30 73728]
    "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2008-07-19 78008]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-20 1783808]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva]
    2008-09-21 10:28 104960 C:\WINDOWS\system32\dbmsrpcng.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "VIDC.JPEG"= JPEGCODE.DLL
    "VIDC.MJPG"= JPEGCODE.DLL
    "VIDC.VP40"= vp4vfw.dll
    "mixer"= DrvTrNTm.dll
    "wave"= DrvTrNTm.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Diablo II\\Game.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\NetP4\\NetP4.exe"=

    R0 wabppbrf;wabppbrf;C:\WINDOWS\system32\drivers\wabppbrf.sys [2001-08-24 23424]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-20 141312]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ssvcpifn

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f96ecc0-7a2a-11db-aedb-000475733ddb}]
    \Shell\AutoRun\command - E:\LaunchU3.exe
    .
    Contenu du dossier 'Tƒches planifi‚es'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-21 10:33:55
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cach‚s ...

    Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????D?tecteur de disque???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ??????k??w??????????@??? ???????????????B?????,?????????????????????????????B

    Recherche de fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ctsvccda.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Creative\ShareDLL\Mediadet.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-21 10:39:58 - La machine a red‚marr‚
    ComboFix-quarantined-files.txt 2008-09-21 08:39:48
    ComboFix2.txt 2008-09-20 10:21:37
    ComboFix3.txt 2008-09-19 17:06:47
    ComboFix4.txt 2008-09-18 19:04:03
    ComboFix5.txt 2008-09-21 08:24:45

    Avant-CF: 1,914,310,656 octets libres
    AprŠs-CF: 1,863,753,728 octets libres

    153
    a b 8 Sécurité
    21 Septembre 2008 13:01:38

    Je te tiens au courant je cherche là.
    21 Septembre 2008 14:18:37

    Tu penses que je suis encore infecté ?
    a b 8 Sécurité
    21 Septembre 2008 14:27:12

    Un fichier ne veut pas partir.

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Files to delete:
    C:\WINDOWS\system32\comsnapv.dll
    C:\WINDOWS\system32\dbmsrpcng.dll

    Registry keys to delete:
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva
    HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}
    HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sur ton Bureau sous le nom de remove.txt.
    Enregistre le sous sur ton Bureau sous le nom de Remove.txt

    Télécharge The Avenger ([#ff0000]Swandog46[/#f]).

  • Dézippe-le sur ton Bureau.
  • Double clique sur avenger.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Sélectionne Load Script from File (1) et choisis ensuite ton fichier remove.txt.



  • Coche les cases Scan for rootkits et Automatically disable any rootkits found (2).
  • Clique ensuite sur le bouton Execute (3).
  • Après le redémarrage, poste le rapport The Avenger (C:\avenger.txt*).
    * le nom de la partition peut changer
    21 Septembre 2008 16:19:55

    voila :

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!


    Error: could not open file "C:\WINDOWS\system32\comsnapv.dll"
    Deletion of file "C:\WINDOWS\system32\comsnapv.dll" failed!
    Status: 0xc0000022 (STATUS_ACCESS_DENIED)


    Error: could not open file "C:\WINDOWS\system32\dbmsrpcng.dll"
    Deletion of file "C:\WINDOWS\system32\dbmsrpcng.dll" failed!
    Status: 0xc0000022 (STATUS_ACCESS_DENIED)


    Error: could not open registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva" for deletion
    Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncczpxva" failed!
    Status: 0xc0000022 (STATUS_ACCESS_DENIED)


    Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}" not found!
    Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221251BE-FB26-44CA-98AF-699D55ECAFE2}" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}" not found!
    Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD676D41-A1CC-4E9C-B19F-65215DA61F24}" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Completed script processing.

    *******************

    Finished! Terminate.

    J'essaye en mode sans échec ?
    a b 8 Sécurité
    21 Septembre 2008 17:08:55

    On va creuser autre part.

    Télécharge Gmer.
    Dézippe le dans un dossier ou sur ton bureau.

    Déconnecte toi d'Internet puis et ferme tous les programmes.
    Double-clique sur Gmer.exe.

    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

    Clique sur l'onglet rootkit.
    A droite, coche Files et Services.
    Clique maintenant sur Scan.

    Lorsque le scan est terminé, clique sur Copy.

    Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
    21 Septembre 2008 20:04:55

    J'ai un messsage qui dit que gmer n'a trouvé aucune modification et quand j'ouvre le bloc note c'est l'ancien rapport de avenger qui apparait.
    22 Septembre 2008 16:07:37

    J'ai mis plusieurs choses en quarantaine.

    Avira AntiVir Personal
    Report file date: lundi 22 septembre 2008 14:51

    Scanning for 1628080 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: Administrateur
    Computer name: ORDIGEFF2

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 12:27:38
    ANTIVIR3.VDF : 7.0.6.192 234496 Bytes 22/09/2008 12:27:40
    Engineversion : 8.1.1.34
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.76 319867 Bytes 22/09/2008 12:27:50
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.1.2 438644 Bytes 22/09/2008 12:27:49
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.25 196986 Bytes 22/09/2008 12:27:47
    AEHEUR.DLL : 8.1.0.59 1438071 Bytes 22/09/2008 12:27:46
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 22/09/2008 12:27:44
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.11 172406 Bytes 22/09/2008 12:27:42
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 22/09/2008 12:27:41
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 22 septembre 2008 14:51

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'CToolbar.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned
    Scan process 'Mediadet.exe' - '1' Module(s) have been scanned
    Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'Ctsvccda.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned
    Scan process 'Res.exe' - '1' Module(s) have been scanned
    Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
    Scan process 'Ctmix32.exe' - '1' Module(s) have been scanned
    Scan process 'CTNotify.exe' - '1' Module(s) have been scanned
    Scan process 'TotRecSched.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    40 processes with 40 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    C:\WINDOWS\system32\dbmsrpcng.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '49449585.qua'!

    The registry was scanned ( '45' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\ARK14.tmp
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '49229581.qua'!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\catchme2008-09-17_201621,75.zip
    [0] Archive type: ZIP
    --> comsnapv.dll
    [DETECTION] Is the TR/Spy.BZub.NGP.7 Trojan
    [NOTE] The file was moved to '494ba0a4.qua'!
    C:\QooBox\Quarantine\catchme2008-09-17_202004.38.zip
    [0] Archive type: ZIP
    --> Documents and Settings/Administrateur/Bureau/catchme.zip
    [1] Archive type: ZIP
    --> comsnapv.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '494ba0a6.qua'!
    C:\QooBox\Quarantine\catchme2008-09-18_205258,85.zip
    [0] Archive type: ZIP
    --> comsnapv.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '494ba0a9.qua'!
    C:\QooBox\Quarantine\catchme2008-09-18_205809.13.zip
    [0] Archive type: ZIP
    --> Documents and Settings/Administrateur/Bureau/catchme.zip
    [1] Archive type: ZIP
    --> comsnapv.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '494ba0ab.qua'!
    C:\QooBox\Quarantine\catchme2008-09-19_185628,59.zip
    [0] Archive type: ZIP
    --> comsnapv.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '494ba0ad.qua'!
    C:\QooBox\Quarantine\catchme2008-09-19_190024.03.zip
    [0] Archive type: ZIP
    --> Documents and Settings/Administrateur/Bureau/catchme.zip
    [1] Archive type: ZIP
    --> comsnapv.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '494ba0af.qua'!
    C:\QooBox\Quarantine\catchme2008-09-20_121107,63.zip
    [0] Archive type: ZIP
    --> comsnapv.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    --> comsnapv.dll.1
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '494ba0b1.qua'!
    C:\QooBox\Quarantine\catchme2008-09-20_121546.15.zip
    [0] Archive type: ZIP
    --> Documents and Settings/Administrateur/Bureau/catchme.zip
    [1] Archive type: ZIP
    --> comsnapv.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '494ba0bb.qua'!
    C:\QooBox\Quarantine\catchme2008-09-21_102818,99.zip
    [0] Archive type: ZIP
    --> comsnapv.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    --> comsnapv.dll.1
    [DETECTION] Is the TR/Trash.Gen Trojan
    --> dbmsrpcng.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '494ba0bc.qua'!
    C:\QooBox\Quarantine\catchme2008-09-21_103313.52.zip
    [0] Archive type: ZIP
    --> Documents and Settings/Administrateur/Bureau/catchme.zip
    [1] Archive type: ZIP
    --> comsnapv.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '494ba0c1.qua'!
    C:\WINDOWS\system32\comsnapv.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '4944a223.qua'!
    C:\WINDOWS\system32\dbmsrpcng.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: lundi 22 septembre 2008 15:51
    Used time: 1:00:24 Hour(s)

    The scan has been done completely.

    3425 Scanning directories
    175594 Files were scanned
    16 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    13 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    175575 Files not concerned
    803 Archives were scanned
    5 Warnings
    13 Notes
    a b 8 Sécurité
    22 Septembre 2008 17:00:58

    Reposte un rapport Hijackthis.
    22 Septembre 2008 20:59:38

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:44, on 22/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\CTSvcCDA.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
    O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O20 - Winlogon Notify: ncczpxva - dbmsrpcng.dll (file missing)
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

    --
    End of file - 7041 bytes
    a b 8 Sécurité
    23 Septembre 2008 12:27:36

    Re,

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll (file missing)
    O20 - Winlogon Notify: ncczpxva - dbmsrpcng.dll (file missing)
    23 Septembre 2008 18:01:21

    Je pense que c'est bon. Et maintenant ?
    a b 8 Sécurité
    23 Septembre 2008 19:38:36

    Reposte quand même un rapport Hijackthis.
    24 Septembre 2008 11:47:55

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:00, on 24/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\CTSvcCDA.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
    O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O20 - Winlogon Notify: ncczpxva - dbmsrpcng.dll (file missing)
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

    --
    End of file - 7041 bytes
    a b 8 Sécurité
    24 Septembre 2008 12:49:03

    Tu as fait ce que j'ai dit avec les lignes ?
    25 Septembre 2008 01:06:24

    Oui, je pense. J'ai suivi le tutoriel. J'ai mal fait quelque chose ?
    a b 8 Sécurité
    25 Septembre 2008 16:56:15

    Recommence pour voir :) 
    29 Septembre 2008 17:22:24

    Ca donne ça :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:06, on 29/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\WINDOWS\system32\CTSvcCDA.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: (no name) - {221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
    O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O20 - Winlogon Notify: ncczpxva - dbmsrpcng.dll (file missing)
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

    --
    End of file - 6778 bytes
    a b 8 Sécurité
    29 Septembre 2008 19:46:51

    Refais un scan Combofix. Ton pc se comporte mieux ?
    30 Septembre 2008 12:44:43

    Il est encore lent ùais je pense qu'un scan disk et une defrag devrait aider. Puis-je en faire ?


    ComboFix 08-09-28.03 - Administrateur 2008-09-30 12:19:13.6 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.137 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-22 14:24 . 2008-09-22 14:24 <REP> d-------- C:\Program Files\Avira
    2008-09-22 14:24 . 2008-09-22 14:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-21 19:40 . 2008-09-21 19:58 250 --a------ C:\WINDOWS\gmer.ini
    2008-09-20 18:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-09-20 17:02 . 2008-09-20 17:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
    2008-09-20 16:51 . 2008-09-20 16:52 <REP> d-------- C:\Program Files\Glary Utilities
    2008-09-20 16:51 . 2008-09-20 16:52 <REP> d-------- C:\Program Files\Crawler
    2008-09-20 16:51 . 2008-09-26 16:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-09-20 16:51 . 2008-09-20 17:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Spyware Terminator
    2008-09-20 16:51 . 2008-09-20 16:51 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-09-20 16:50 . 2008-09-20 17:39 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-09-18 15:01 . 2008-09-18 15:01 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-17 14:56 . 2008-09-17 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-17 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-17 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-16 21:36 . 2008-09-16 21:36 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-03 20:42 . 2008-08-03 20:42 <REP> d-------- C:\Program Files\USB Disk Win98 Driver

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-21 18:12 --------- d-----w C:\Program Files\MSN Messenger
    2008-09-20 16:10 --------- d-----w C:\Program Files\Java
    2008-09-20 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-20 15:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-03 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-04-23 21:13 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-04-23 21:13 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2006-11-15 14:12 680 -c--a-w C:\Program Files\mpc2.reg
    2006-11-15 14:12 596 -c--a-w C:\Program Files\mpc1.reg
    2006-11-15 14:12 30,164 -c--a-w C:\Program Files\ffdsvsetts.reg
    2006-11-15 14:12 3,476 -c--a-w C:\Program Files\mpc7.reg
    2006-11-15 14:12 3,236 -c--a-w C:\Program Files\mpc4.reg
    2006-11-15 14:12 3,026 -c--a-w C:\Program Files\mpc3.reg
    2006-11-15 14:12 18,156 -c--a-w C:\Program Files\mpc6.reg
    2006-11-15 14:12 16,166 -c--a-w C:\Program Files\mpc5.reg
    2006-11-15 14:12 1,176 -c--a-w C:\Program Files\ffdssetts.reg
    2006-11-15 14:12 1,172 -c--a-w C:\Program Files\ffdsasetts.reg
    2006-09-05 13:34 4,482 -c--a-w C:\Program Files\satsukidecodersettings.ini
    2005-12-23 23:06 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    2006-05-03 10:06 163,328 -csh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
    .

    ------- Sigcheck -------

    2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-09-21_10.38.56.95 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-09-21 17:40:33 884,736 ----a-w C:\WINDOWS\gmer.dll
    + 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
    - 2007-09-12 23:50:16 29,926 -c--a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
    + 2008-09-21 18:12:34 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
    + 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2008-09-21 17:40:36 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
    + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 282624]
    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
    "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
    "CreativeMixer"="C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE" [1999-11-18 20480]
    "Register MediaRing Talk"="C:\Program Files\MediaRing Talk\register.exe" [1999-11-30 73728]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-20 1783808]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "VIDC.JPEG"= JPEGCODE.DLL
    "VIDC.MJPG"= JPEGCODE.DLL
    "VIDC.VP40"= vp4vfw.dll
    "mixer"= DrvTrNTm.dll
    "wave"= DrvTrNTm.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Diablo II\\Game.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\NetP4\\NetP4.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    R0 wabppbrf;wabppbrf;C:\WINDOWS\system32\drivers\wabppbrf.sys [2001-08-24 23424]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-20 141312]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ssvcpifn

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f96ecc0-7a2a-11db-aedb-000475733ddb}]
    \Shell\AutoRun\command - E:\LaunchU3.exe
    .
    Contenu du dossier 'Tâches planifiées'
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{221251BE-FB26-44CA-98AF-699D55ECAFE2} - C:\WINDOWS\system32\comsnapv.dll
    BHO-{AD676D41-A1CC-4E9C-B19F-65215DA61F24} - c:\windows\system32\dbmsrpcng.dll
    Notify-ncczpxva - dbmsrpcng.dll


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\1dp2en4w.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage
    FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-30 12:22:38
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????D?tecteur de disque???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ??????k??w??????????@???????????????????B?????,?????????????????????????????B

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-09-30 12:24:48
    ComboFix-quarantined-files.txt 2008-09-30 10:24:40
    ComboFix2.txt 2008-09-21 08:40:01
    ComboFix3.txt 2008-09-20 10:21:37
    ComboFix4.txt 2008-09-19 17:06:47
    ComboFix5.txt 2008-09-30 10:17:26

    Avant-CF: 1 493 356 544 octets libres
    Après-CF: 1,504,563,200 octets libres

    150
    a b 8 Sécurité
    30 Septembre 2008 12:56:53

    Apparemment ok :) 
    1 Octobre 2008 11:03:30

    Je viens de faire une defrag, et apparemment on est pas mal !
    Les sites internet sont accessibles rapidement, le pc rame moins, et je n'ai aucun signal de détection de virus.

    Je me permet donc Angeldark de te remercier pour ta patience, tes connaissances et ta rapidité de réponse et d'action.
    Si tu souhaites gouter une spécialité Dijonnaise, n'hésites pas à m'envoyer ton adresse via mp je t'en ferait parvenir une en guise de remerciement.

    Ce site mérite la pub qui en est faite. A la prochaine !
    a b 8 Sécurité
    1 Octobre 2008 13:03:14

    De rien ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS