Votre question

Virus : Virtumonde apparemment...

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Août 2008 22:11:34

Bonjour,
J'ai un problème de virus :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:27, on 19/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\rnamfler\naomf.exe
C:\Windows\System32\lphcv4oj0e34e.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Hamachi\hamachi.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\program files\rnamfler\radprcmp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Titi\Desktop\HiJackThis.exe
D:\MES PROGRAMMES\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [lphcv4oj0e34e] C:\Windows\system32\lphcv4oj0e34e.exe
O4 - HKLM\..\Run: [SMrhcr4oj0e34e] C:\Program Files\rhcr4oj0e34e\rhcr4oj0e34e.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [lphcv4oj0e34e] C:\Windows\system32\lphcv4oj0e34e.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

--
End of file - 6909 bytes

Aidez-moi s'il vous plait !

Autres pages sur : virus virtumonde apparemment

21 Août 2008 20:22:00

S'il vous plait...
a b 8 Sécurité
21 Août 2008 20:26:00

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    Contenus similaires
    21 Août 2008 22:28:59

    Bonjour, et merci !
    J'ai oublié de cliquer sur Afficher les résultats...
    Voilà le rapport :

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1076
    Windows 6.0.6001 Service Pack 1

    22:19:20 21/08/2008
    mbam-log-08-21-2008 (22-19-20).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 111711
    Temps écoulé: 22 minute(s), 59 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 6
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 11
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcr4oj0e34e (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcr4oj0e34e (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcv4oj0e34e (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Windows\System32\phcv4oj0e34e.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.

    Et effectivement il a demandé de redémarrer j'ai fait ok mais mon pare feu l'a bloqué, je lui ai dit de l'activer mais je n'ai plus entendu parlé de lui...
    24 Août 2008 09:48:48

    S'il vous plait :D 
    a b 8 Sécurité
    24 Août 2008 15:48:38

    Reposte un rapport Hijackthis. Et sois patient.
    24 Août 2008 17:08:01

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:08:17, on 24/08/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\MES PROGRAMMES\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OneNote Table Of Contents.onetoc2
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

    --
    End of file - 5630 bytes
    a b 8 Sécurité
    24 Août 2008 18:47:07

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    25 Août 2008 08:00:07

    ComboFix 08-08-24.02 - Titi 2008-08-25 7:51:25.1 - NTFSx86
    Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.1315 [GMT 2:00]
    Endroit: C:\Users\Titi\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-22 10:10 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-08-22 09:31 . 2008-08-22 09:31 <REP> d-------- C:\Users\Titi\AppData\Roaming\ItsLabel
    2008-08-22 09:10 . 2008-08-22 09:10 <REP> d-------- C:\Users\All Users\WindowsSearch
    2008-08-22 09:10 . 2008-08-22 09:10 <REP> d-------- C:\ProgramData\WindowsSearch
    2008-08-21 23:01 . 2008-08-24 20:39 <REP> d-------- C:\Users\Titi\AppData\Roaming\EoRezo
    2008-08-21 20:30 . 2008-08-21 20:30 <REP> d-------- C:\Users\Titi\AppData\Roaming\Malwarebytes
    2008-08-21 20:29 . 2008-08-21 20:29 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-08-21 20:29 . 2008-08-21 20:29 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-08-21 20:29 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
    2008-08-21 20:29 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-08-20 09:10 . 2008-08-20 09:10 <REP> d----c--- C:\Program Files\Realtek AC97
    2008-08-20 08:46 . 2008-08-20 08:46 <REP> d----c--- C:\Program Files\Intel
    2008-08-20 08:46 . 2008-05-01 16:35 53,248 --a------ C:\Windows\System32\CSVer.dll
    2008-08-20 08:45 . 2008-08-20 08:45 <REP> d----c--- C:\Intel
    2008-08-19 18:33 . 2008-08-19 18:33 94,208 --a------ C:\Windows\System32\BE28.tmp
    2008-08-15 16:18 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-08-15 16:13 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-08-15 16:13 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-08-15 16:12 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
    2008-08-15 16:12 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
    2008-08-15 16:11 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
    2008-08-11 21:31 . 2008-08-20 19:02 <REP> d-------- C:\Users\Titi\AppData\Roaming\Hamachi
    2008-08-11 21:30 . 2008-08-11 21:30 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
    2008-08-11 21:06 . 2008-08-11 21:06 <REP> d-------- C:\Users\Titi\AppData\Roaming\Auslogics
    2008-08-11 20:55 . 2008-08-11 21:40 <REP> d----c--- C:\Program Files\NeoSmart Technologies
    2008-08-11 20:54 . 2008-08-11 20:54 <REP> d-------- C:\Windows\TweakVI
    2008-08-11 17:36 . 2008-08-24 20:38 <REP> d----c--- C:\Downloads
    2008-08-10 17:44 . 2008-08-10 17:44 <REP> d-------- C:\Windows\System32\Adobe
    2008-08-08 20:31 . 2006-09-12 12:46 227,328 -r-hs---- C:\Windows\System32\ac3DX.ax
    2008-08-08 20:31 . 2008-03-16 14:30 216,064 -r-hs---- C:\Windows\System32\nbDX.dll
    2008-08-08 20:31 . 2006-03-10 22:48 169,472 -r-hs---- C:\Windows\System32\MatroskaDX.ax
    2008-08-08 20:31 . 2006-05-03 11:06 163,328 -r-hs---- C:\Windows\System32\flvDX.dll
    2008-08-08 20:31 . 2005-11-25 21:46 161,792 -r-hs---- C:\Windows\System32\RealMediaDX.ax
    2008-08-08 20:31 . 2006-01-13 00:23 123,904 -r-hs---- C:\Windows\System32\AVCDX.ax
    2008-08-08 20:31 . 2003-11-21 00:00 54,784 -r-hs---- C:\Windows\System32\RLAPEDec.ax
    2008-08-08 20:31 . 2004-04-27 00:00 37,888 -r-hs---- C:\Windows\System32\RLMPCDec.ax
    2008-08-08 20:31 . 2007-02-21 12:47 31,232 -r-hs---- C:\Windows\System32\msfDX.dll
    2008-08-08 19:45 . 2008-08-08 19:46 <REP> dr-h----- C:\Program Files\rnamfler
    2008-08-08 10:15 . 2008-08-08 10:16 <REP> d-------- C:\Users\All Users\Adobe
    2008-08-08 10:14 . 2008-08-08 10:15 <REP> d-------- C:\Program Files\Common Files\Adobe
    2008-08-07 11:45 . 2008-08-07 11:45 <REP> d-------- C:\Users\All Users\TEMP
    2008-08-07 11:45 . 2008-08-07 11:45 <REP> d-------- C:\ProgramData\TEMP
    2008-08-06 20:32 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll
    2008-08-06 20:29 . 2008-08-19 17:01 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-08-05 16:10 . 2008-08-05 16:10 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-08-05 09:01 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
    2008-08-05 09:01 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml
    2008-08-05 09:01 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml
    2008-08-04 20:57 . 2008-08-04 20:57 <REP> d-------- C:\Users\Titi\AppData\Roaming\teamspeak2
    2008-08-04 20:57 . 2008-08-04 20:57 34,064 --a------ C:\Windows\System32\lhacm.acm
    2008-08-04 11:43 . 2008-08-25 07:54 <REP> d-------- C:\Windows\System32\drivers
    2008-08-04 11:02 . <REP> C:\Windows\System32\??I;????
    2008-08-04 09:22 . 2008-08-11 20:44 <REP> d----c--- C:\PerfLogs
    2008-08-03 19:26 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
    2008-08-03 19:26 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-08-03 19:26 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
    2008-08-03 19:26 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
    2008-08-03 19:26 . 2008-01-19 09:35 2,643,456 --a------ C:\Windows\System32\NlsData000c.dll
    2008-08-03 19:26 . 2008-01-19 09:35 1,965,056 --a------ C:\Windows\System32\NlsData0c1a.dll
    2008-08-03 19:26 . 2008-01-19 09:35 1,965,056 --a------ C:\Windows\System32\NlsData081a.dll
    2008-08-03 19:26 . 2008-01-19 09:35 1,965,056 --a------ C:\Windows\System32\NlsData0002.dll
    2008-08-03 19:26 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-25 05:38 --------- d-----w C:\Program Files\LogMeIn
    2008-08-20 12:52 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-08-20 07:10 319,488 ----a-w C:\Windows\HideWin.exe
    2008-08-20 07:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-20 06:43 --------- d-----w C:\ProgramData\ma-config.com
    2008-08-20 06:43 --------- d-----w C:\Program Files\ma-config.com
    2008-08-15 14:19 --------- d-----w C:\ProgramData\Microsoft Help
    2008-08-15 14:15 --------- d-----w C:\Program Files\Windows Mail
    2008-08-11 18:42 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-08-04 07:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-04 07:35 174 --sha-w C:\Program Files\desktop.ini
    2008-08-04 07:24 --------- d-----w C:\Program Files\Windows Sidebar
    2008-08-04 07:24 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-08-04 07:24 --------- d-----w C:\Program Files\Windows Journal
    2008-08-04 07:24 --------- d-----w C:\Program Files\Windows Defender
    2008-08-04 07:24 --------- d-----w C:\Program Files\Windows Collaboration
    2008-08-04 07:24 --------- d-----w C:\Program Files\Windows Calendar
    2008-08-04 07:05 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-08-04 07:05 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-06-17 16:36 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-06-17 16:35 988,216 ----a-w C:\Windows\System32\winload.exe
    2008-06-17 16:35 927,288 ----a-w C:\Windows\System32\winresume.exe
    2008-06-17 16:35 615,992 ----a-w C:\Windows\System32\ci.dll
    2008-06-17 16:35 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
    2008-06-17 16:35 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-06-17 16:35 378,368 ----a-w C:\Windows\System32\srcore.dll
    2008-06-17 16:35 318,464 ----a-w C:\Windows\System32\rstrui.exe
    2008-06-17 16:35 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-06-17 16:35 14,848 ----a-w C:\Windows\System32\srdelayed.exe
    2008-06-17 16:30 2,032,128 ----a-w C:\Windows\System32\win32k.sys
    2008-06-17 16:28 295,936 ----a-w C:\Windows\System32\gdi32.dll
    2008-06-17 16:22 14,848 ----a-w C:\Windows\System32\wshrm.dll
    2008-06-17 16:20 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-06-17 16:20 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-06-17 16:20 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-06-17 16:20 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-06-17 16:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-06-17 16:20 1,695,744 ----a-w C:\Windows\System32\gameux.dll
    2008-06-17 16:15 1,314,816 ----a-w C:\Windows\System32\quartz.dll
    2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-05-28 10:33 83,288 ----a-w C:\Windows\System32\LMIRfsClientNP.dll
    2008-05-28 10:33 24,608 ----a-w C:\Windows\System32\LMIport.dll
    2008-05-28 10:32 87,352 ----a-w C:\Windows\System32\LMIinit.dll
    2008-05-28 10:32 23,736 ----a-w C:\Windows\System32\lmimirr.dll
    2008-05-28 10:32 10,040 ----a-w C:\Windows\System32\lmimirr2.dll
    2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
    2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
    2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
    2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
    2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
    2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
    2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
    2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
    2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
    2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
    2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
    2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
    2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
    2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
    2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
    2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
    2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
    2008-03-16 12:30 216,064 --sh--r C:\Windows\System32\nbDX.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]

    C:\Users\Titi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
    OneNote Table Of Contents.onetoc2 [2008-08-05 13:22:15 3656]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.i420"= i420vfw.dll
    "VIDC.YV12"= yv12vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{2F650E6D-4A7F-4148-BA56-53382CCB3095}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{F8B1F7AB-F8F3-4C29-9F96-C4CFA425C165}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{538BA76C-653F-40EC-A31B-015FE510A85E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{CE4E84B5-EC9C-4C99-B04D-50F7EB667054}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{166F418C-08A1-47B7-90E6-A0CDD97DDF47}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{646FB569-A344-4B29-90BE-3E800B6E6787}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{4F205916-A67A-4A71-B333-62710397871B}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{8BFE6C5C-7061-4203-8DB1-ABFCADA1E570}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{4A45D589-46CC-4C35-B9DB-56C3C8B72815}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{06B4B988-3A49-4767-BB6E-3ACC3DFABBB2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{6A82D74E-3C92-46C5-ACBA-41EC6C6E2288}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{2AC431DC-CB60-4E35-8B3F-341A0D2F9437}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{FC85B988-DAAA-4C6C-A9F1-5C05FF197168}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "{1F848870-A569-42DB-BC07-6772777A1A1A}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "TCP Query User{D6175555-E466-4EB7-B887-C924E2E0BA55}D:\\programmes\\cossacks - back to war\\dmcr.exe"= UDP:D :\programmes\cossacks - back to war\dmcr.exe:D mcr
    "UDP Query User{CBF652DD-A192-40F9-BE08-46909EC2E075}D:\\programmes\\cossacks - back to war\\dmcr.exe"= TCP:D :\programmes\cossacks - back to war\dmcr.exe:D mcr
    "TCP Query User{0DE4C93F-7A73-4E87-A5FC-E2DA960E1B31}C:\\program files\\postal2stp\\system\\postal2.exe"= UDP:C:\program files\postal2stp\system\postal2.exe:p ostal2
    "UDP Query User{7B278C3B-A8E5-4A43-B482-5E476BD095D7}C:\\program files\\postal2stp\\system\\postal2.exe"= TCP:C:\program files\postal2stp\system\postal2.exe:p ostal2
    "TCP Query User{5B580438-F097-4E4A-A1C6-D0D34F6F2C56}D:\\program files\\cossacks - back to war\\dmcr.exe"= UDP:D :\program files\cossacks - back to war\dmcr.exe:D mcr
    "UDP Query User{5EB48241-5E6F-4636-8B3E-81A62EE81AC6}D:\\program files\\cossacks - back to war\\dmcr.exe"= TCP:D :\program files\cossacks - back to war\dmcr.exe:D mcr
    "TCP Query User{0E16137C-3D36-4A08-AFCD-661729545BEE}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{D4BE2AE1-76CC-4759-8E3D-2C8B3A8FA33A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "TCP Query User{03B8F32A-4DE4-404F-8180-CEBBBABFCD4C}D:\\program files\\gsc game world\\cossacks ii\\data\\engine.exe"= UDP:D :\program files\gsc game world\cossacks ii\data\engine.exe:Cossacks 2: Napoleonic Wars
    "UDP Query User{826C2253-DC19-43CB-ADC9-5DCA39B66215}D:\\program files\\gsc game world\\cossacks ii\\data\\engine.exe"= TCP:D :\program files\gsc game world\cossacks ii\data\engine.exe:Cossacks 2: Napoleonic Wars
    "TCP Query User{A1090B17-1F62-45DF-998E-7D79C535E038}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{F3620D73-30B5-41D3-8943-42A0456A57AD}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "{DD231EC0-B9A6-47E1-93C1-618EA0CBA36F}"= UDP:D :\Program Files\GSC Game World\Cossacks II\Cossacks2.exe:Cossacks II
    "{7296672D-1721-4E5C-A1C7-98D95A03D4CC}"= TCP:D :\Program Files\GSC Game World\Cossacks II\Cossacks2.exe:Cossacks II
    "{7A375E82-B00B-4901-9598-D5CFB6423491}"= UDP:D :\Program Files\Hamachi\hamachi.exe:Hamachi
    "{40D5080F-AF20-4970-AE6A-0F4B68A432D0}"= TCP:D :\Program Files\Hamachi\hamachi.exe:Hamachi
    "TCP Query User{A7355058-0E86-493A-9140-D8B97A29C7ED}D:\\program files\\cossacks - back to war\\dmcr.exe"= UDP:D :\program files\cossacks - back to war\dmcr.exe:D mcr
    "UDP Query User{21B7D01C-774F-4F1B-91DC-F985A6DB6399}D:\\program files\\cossacks - back to war\\dmcr.exe"= TCP:D :\program files\cossacks - back to war\dmcr.exe:D mcr
    "{6753A723-E1DB-4389-9498-7EA54EAEAF1E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{CD332D3F-868B-4C29-98AD-2CC129E13AEA}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{EC05753D-63DB-49E0-8AFA-1B1EB8D3C4C1}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "{622C8BEB-76C6-4B82-8110-AE349EAF0BE1}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "TCP Query User{1C50F353-BFC6-4F62-A92B-FA922058BF53}D:\\program files\\bitcomet\\bitcomet.exe"= UDP:D :\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{701449E3-555A-43E3-AE94-E6BC1EB6C294}D:\\program files\\bitcomet\\bitcomet.exe"= TCP:D :\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 20:57]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-24 C:\Windows\Tasks\User_Feed_Synchronization-{D32AD5B0-C9B7-442E-9F41-92ABAC3D5EB4}.job
    - C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Users\Titi\AppData\Roaming\Mozilla\Firefox\Profiles\46l8o9yi.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://lo.st
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-25 07:55:51
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-25 7:58:41
    ComboFix-quarantined-files.txt 2008-08-25 05:58:26

    Pre-Run: 14,923,460,608 octets libres
    Post-Run: 22,727,208,960 octets libres

    236 --- E O F --- 2008-08-21 21:09:46



    ( Ps : Merci infiniment de vote aide, et cependant Avast et Spybot ne s'ouvre plus à l'ouverture de mon PC... Et donc je n'ai plus que le pare feu Windows qui est opérationnelle ! Cordialement !!!! )
    25 Août 2008 15:00:56

    Je sais, mais Antivir ne passe pas sur mon Vista...
    a b 8 Sécurité
    25 Août 2008 16:33:44

    Comment ça ?
    26 Août 2008 08:36:20

    Ah, bah je ne comprends plus rien, j'ai essayé de le remettre pour vous montrer comment il ne passe pas mais je n'ai rien à vous montrer...
    Ensuite ?
    a b 8 Sécurité
    26 Août 2008 17:49:57

    T'as fait le scan ?
    26 Août 2008 19:56:34



    Avira AntiVir Personal
    Report file date: mardi 26 août 2008 18:14

    Scanning for 1572484 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (Service Pack 1) [6.0.6001]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: PC-DE-TITI

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 06:35:20
    ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 06:35:28
    ANTIVIR3.VDF : 7.0.6.69 51712 Bytes 26/08/2008 06:35:29
    Engineversion : 8.1.1.23
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.68 315770 Bytes 26/08/2008 06:35:47
    AESCN.DLL : 8.1.0.23 119156 Bytes 26/08/2008 06:35:46
    AERDL.DLL : 8.1.0.20 418165 Bytes 26/08/2008 06:35:45
    AEPACK.DLL : 8.1.2.1 364917 Bytes 26/08/2008 06:35:43
    AEOFFICE.DLL : 8.1.0.22 192890 Bytes 26/08/2008 06:35:42
    AEHEUR.DLL : 8.1.0.50 1388918 Bytes 26/08/2008 06:35:41
    AEHELP.DLL : 8.1.0.15 115063 Bytes 26/08/2008 06:35:39
    AEGEN.DLL : 8.1.0.36 315764 Bytes 26/08/2008 06:35:38
    AEEMU.DLL : 8.1.0.7 430452 Bytes 26/08/2008 06:35:36
    AECORE.DLL : 8.1.1.8 172406 Bytes 26/08/2008 06:35:33
    AEBB.DLL : 8.1.0.1 53617 Bytes 26/08/2008 06:35:30
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 8.0.0.2 98344 Bytes 26/08/2008 06:35:30
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 26 août 2008 18:14

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'BitComet.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
    Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
    Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
    Scan process 'ramaint.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    44 processes with 44 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '2' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'


    End of the scan: mardi 26 août 2008 18:44
    Used time: 29:55 min

    The scan has been done completely.

    13936 Scanning directories
    170265 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    170265 Files not concerned
    1557 Archives were scanned
    2 Warnings
    0 Notes

    a b 8 Sécurité
    27 Août 2008 14:39:47

    Reposte un rapport Hijackthis.
    27 Août 2008 18:53:04

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:52:55, on 27/08/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\taskeng.exe
    D:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\MES PROGRAMMES\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OneNote Table Of Contents.onetoc2
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

    --
    End of file - 5250 bytes
    a b 8 Sécurité
    27 Août 2008 18:54:26

    Encore des soucis ?
    27 Août 2008 19:43:32

    Fond d'écran bleu et rame...
    a b 8 Sécurité
    27 Août 2008 20:08:53

    Tu peux faire un screen de ton bureau ?

    Télécharge Smitfraudfix (de S!ri).
    Enregistre-le sur ton bureau.
    Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
    Choisis l'Option 1 (Recherche)
    Poste le premier rapport ici.

    **Si le lien ne fonctionne pas, clique ici**
    27 Août 2008 20:26:39

    Le fond bureau :





    Et le rapport :

    SmitFraudFix v2.339

    Scan done at 20:25:17,85, 27/08/2008
    Run from C:\Windows\system32\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Titi


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Titi\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Titi\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, following keys are not inevitably infected!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» RK



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5F2F8E3B-92BE-40B3-AD02-F9FFA3FDB227}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5F2F8E3B-92BE-40B3-AD02-F9FFA3FDB227}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{5F2F8E3B-92BE-40B3-AD02-F9FFA3FDB227}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End


    a b 8 Sécurité
    28 Août 2008 21:21:01

    Impossible de le changer maintenant ?
    29 Août 2008 08:35:27

    Si, c'est bon et je l'ai redémarrer et il s'est mis...
    Merci beaucoup !!!
    Vous pensez qu'il n'y a plus rien du tout d'infecté ??
    a b 8 Sécurité
    29 Août 2008 12:16:20

    Ouaip, c'est ok pour moi.
    30 Août 2008 13:24:30

    Eu, non...
    J'ai mon fond qui a disparu, et j'ai eu un écran bleu Windows, j'ai du attendre qu'il reboot 3 ou 4 fois jusqu'à temps qu'il marche il rebooter tout le temps....
    a b 8 Sécurité
    30 Août 2008 14:57:44

    On peut regarder en profondeur si tu veux.

    Télécharge Gmer.
    Dézippe le dans un dossier ou sur ton bureau.

    Déconnecte toi d'Internet puis et ferme tous les programmes.
    Double-clique sur Gmer.exe.

    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

    Clique sur l'onglet rootkit.
    A droite, coche Files et Services.
    Clique maintenant sur Scan.

    Lorsque le scan est terminé, clique sur Copy.

    Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
    30 Août 2008 16:53:33

    Voilà, pour information toutes les cases étaient cochés :

    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-08-30 16:52:09
    Windows 6.0.6001 Service Pack 1


    ---- System - GMER 1.0.14 ----

    SSDT 8A908314 ZwCreateThread
    SSDT 8A908300 ZwOpenProcess
    SSDT 8A908305 ZwOpenThread
    SSDT 8A90830F ZwTerminateProcess
    SSDT 8A90830A ZwWriteVirtualMemory

    INT 0x52 ? 857E3BF8
    INT 0x72 ? 857E3BF8
    INT 0x92 ? 849D4BF8
    INT 0xA2 ? 849D4BF8
    INT 0xB3 ? 857E3BF8

    ---- Kernel code sections - GMER 1.0.14 ----

    .text ntoskrnl.exe!KeInsertQueue + 411 81C759C8 4 Bytes [ 14, 83, 90, 8A ]
    .text ntoskrnl.exe!KeInsertQueue + 5E1 81C75B98 4 Bytes [ 00, 83, 90, 8A ]
    .text ntoskrnl.exe!KeInsertQueue + 5FD 81C75BB4 4 Bytes [ 05, 83, 90, 8A ]
    .text ntoskrnl.exe!KeInsertQueue + 811 81C75DC8 4 Bytes [ 0F, 83, 90, 8A ]
    .text ntoskrnl.exe!KeInsertQueue + 871 81C75E28 4 Bytes [ 0A, 83, 90, 8A ]
    ? System32\Drivers\spcn.sys Le fichier spécifié est introuvable. !
    .text USBPORT.SYS!DllUnload 8BC3046F 5 Bytes JMP 857E31D8

    ---- User code sections - GMER 1.0.14 ----

    .text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtOpenProcess 76F58868 5 Bytes JMP 002F0010
    .text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtTerminateProcess 76F59128 5 Bytes JMP 00380010

    ---- Kernel IAT/EAT - GMER 1.0.14 ----

    IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 849D32D8
    IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [87A63C4C] \SystemRoot\System32\Drivers\spcn.sys
    IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [87A63CA0] \SystemRoot\System32\Drivers\spcn.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [87A336D2] \SystemRoot\System32\Drivers\spcn.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [87A33040] \SystemRoot\System32\Drivers\spcn.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [87A337FC] \SystemRoot\System32\Drivers\spcn.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [87A330BE] \SystemRoot\System32\Drivers\spcn.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [87A3313C] \SystemRoot\System32\Drivers\spcn.sys
    IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 849D42D8
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 857E32D8
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [87A43048] \SystemRoot\System32\Drivers\spcn.sys
    IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 857142D8

    ---- Devices - GMER 1.0.14 ----

    Device \FileSystem\Ntfs \Ntfs 849D91F8
    Device \Driver\volmgr \Device\VolMgrControl 849D61F8
    Device \Driver\usbuhci \Device\USBPDO-0 856841F8
    Device \Driver\usbuhci \Device\USBPDO-1 856841F8
    Device \Driver\usbuhci \Device\USBPDO-2 856841F8
    Device \Driver\usbehci \Device\USBPDO-3 8567D1F8
    Device \Driver\volmgr \Device\HarddiskVolume1 849D61F8
    Device \Driver\volmgr \Device\HarddiskVolume2 849D61F8
    Device \Driver\cdrom \Device\CdRom0 856901F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 849D81F8
    Device \Driver\atapi \Device\Ide\IdePort0 849D81F8
    Device \Driver\atapi \Device\Ide\IdePort1 849D81F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 849D81F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{86352F6B-5036-44FE-A872-6B93C2773082} 85E9E500
    Device \Driver\netbt \Device\NetBt_Wins_Export 85E9E500
    Device \Driver\Smb \Device\NetbiosSmb 85DD0500
    Device \Driver\iScsiPrt \Device\RaidPort0 8568E500
    Device \Driver\netbt \Device\NetBT_Tcpip_{986AC586-03BC-49B3-8843-E366D5BD3A65} 85E9E500
    Device \Driver\usbuhci \Device\USBFDO-0 856841F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{5F2F8E3B-92BE-40B3-AD02-F9FFA3FDB227} 85E9E500
    Device \Driver\usbuhci \Device\USBFDO-1 856841F8
    Device \Driver\usbuhci \Device\USBFDO-2 856841F8
    Device \Driver\usbehci \Device\USBFDO-3 8567D1F8
    Device \FileSystem\cdfs \Cdfs 867D01F8

    ---- Registry - GMER 1.0.14 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x31 0x12 0x08 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x31 0x12 0x08 ...

    ---- EOF - GMER 1.0.14 ----
    30 Août 2008 17:07:44

    Et une avec file et system :

    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-08-30 17:05:50
    Windows 6.0.6001 Service Pack 1


    ---- System - GMER 1.0.14 ----

    SSDT 8A908314 ZwCreateThread
    SSDT 8A908300 ZwOpenProcess
    SSDT 8A908305 ZwOpenThread
    SSDT 8A90830F ZwTerminateProcess
    SSDT 8A90830A ZwWriteVirtualMemory

    INT 0x52 ? 857E3BF8
    INT 0x72 ? 857E3BF8
    INT 0x92 ? 849D4BF8
    INT 0xA2 ? 849D4BF8
    INT 0xB3 ? 857E3BF8

    ---- EOF - GMER 1.0.14 ----
    a b 8 Sécurité
    30 Août 2008 17:36:45

    Je pense plus à un problème Hardware.
    30 Août 2008 20:28:14

    Ah, et donc je fais quoi moi... Lol
    Sachez que mon problème viens d'un logiciel téléchargé sur le net que j'ai désinstaller de suite après !!
    a b 8 Sécurité
    30 Août 2008 20:44:07

    Bah tu devrais voir dans la section Hardware.
    30 Août 2008 20:47:09

    Et je dis quoi ?
    a b 8 Sécurité
    30 Août 2008 20:52:20

    Bah que tu as des BSoD.
    30 Août 2008 21:40:05

    D'accord...
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS