Votre question

Connexion internet impossible, rapport ComboFix

Tags :
  • Connexion
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Juin 2008 01:52:57

Bonsoir,
Depuis 4 ou 5 jours j'ai des fenêtre IE qui s'ouvrent et qui me disent que je suis infecté etc. Il y a 3 ou 4 jours j'ai commencé à ne plus pouvoir aller sur certains sites, d'autres marchant parfaitement. Et depuis deux jours impossible d'avoir accès à internet.

J'ai détecté avec HijackThis un MsServer posant problème mais impossible de le virer. J'ai juste lancé ComboFix, je n'ai plus ce MsServer mais toujours pas internet. De plus il est fortement conseillé de poster son log donc le voici.

Merci d'avance pour votre aide, ça devient vraiment gênant.

ComboFix 08-06-05.3 - John 2008-06-06 1:34:43.1 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.1343 [GMT 2:00]
Endroit: F:\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\abefksgx.dll
C:\Windows\system32\acIhRXyb.ini
C:\Windows\System32\acIhRXyb.ini2
C:\Windows\system32\bssuvnwp.dll
C:\Windows\System32\cunnhegu.ini
C:\Windows\system32\dlfgsosd.dll
C:\Windows\system32\dscsuqcu.dll
C:\Windows\system32\hcibomio.ini
C:\Windows\system32\heshmtig.exe
C:\Windows\system32\ihxkmbeb.dll
C:\Windows\system32\jkwntfvl.dll
C:\Windows\system32\kaiuxeke.dll
C:\Windows\System32\kmoYFNnn.ini
C:\Windows\System32\kmoYFNnn.ini2
C:\Windows\System32\lnsgsxcu.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\moemfxsj.dll
C:\Windows\System32\MprYbccf.ini
C:\Windows\System32\MprYbccf.ini2
C:\Windows\system32\nmefedyl.exe
C:\Windows\system32\pvmvqpxw.dll
C:\Windows\System32\RBLlnUtv.ini
C:\Windows\System32\RBLlnUtv.ini2
C:\Windows\system32\roqtahdx.dll
C:\Windows\system32\ucxsgsnl.dll
C:\Windows\system32\ugehnnuc.dll
C:\Windows\system32\utloblal.dll
C:\Windows\system32\vgswhadu.dll
C:\Windows\system32\wvUmkhhf.dll
C:\Windows\system32\ymjnqqxj.exe
C:\Windows\system32\yueeeakv.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))))))
.

2008-06-04 19:34 . 2008-06-04 19:34 126,976 --a------ C:\Windows\System32\lcbwjxrb.dll
2008-06-02 21:15 . 2008-06-04 21:01 265 --a------ C:\Windows\wininit.ini
2008-06-02 21:06 . 2008-06-04 18:52 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-02 21:06 . 2008-06-04 18:52 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-02 21:06 . 2008-06-04 18:43 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-31 12:59 . 2008-05-31 12:59 <REP> d-------- C:\Program Files\Trend Micro
2008-05-30 21:00 . 2008-05-30 21:00 <REP> d-------- C:\Users\All Users\FLEXnet
2008-05-30 21:00 . 2008-05-30 21:00 <REP> d-------- C:\ProgramData\FLEXnet
2008-05-30 20:58 . 2008-06-04 21:09 <REP> d-------- C:\Program Files\Bonjour
2008-05-30 20:53 . 2008-05-30 20:53 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-30 20:21 . 2008-05-30 20:21 <REP> d-------- C:\Users\All Users\Google
2008-05-30 20:21 . 2008-05-30 20:21 <REP> d-------- C:\Program Files\Google
2008-05-30 18:14 . 2008-05-30 18:14 <REP> d-------- C:\Users\All Users\Apple Computer
2008-05-30 18:14 . 2008-05-30 18:14 <REP> d-------- C:\ProgramData\Apple Computer
2008-05-30 18:14 . 2008-05-30 18:14 <REP> d-------- C:\Program Files\QuickTime Alternative
2008-05-30 18:14 . 2008-05-30 18:14 <REP> d-------- C:\Program Files\Media Player Classic
2008-05-30 18:14 . 2005-10-17 20:58 65,536 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-05-30 18:14 . 2005-10-17 20:57 49,152 --a------ C:\Windows\System32\QuickTime.qts
2008-05-30 18:04 . 2008-05-30 18:05 <REP> d-------- C:\Program Files\Steinberg
2008-05-30 18:04 . 2005-10-17 09:35 704,512 --a------ C:\Windows\System32\SYNSOACC.dll
2008-05-30 18:04 . 1999-12-01 01:40 401,462 --a------ C:\Windows\System32\temp.001
2008-05-30 18:04 . 2004-05-10 15:58 147,456 --a------ C:\Windows\System32\SynsoLChk.dll
2008-05-30 18:04 . 2003-07-31 20:28 147,425 --a------ C:\Windows\System32\SYNSOACC-Aide.chm
2008-05-30 18:04 . 2003-05-26 15:29 120,468 --a------ C:\Windows\System32\SYNSOACC-Hilfe.chm
2008-05-30 18:04 . 2003-05-26 15:29 114,279 --a------ C:\Windows\System32\SYNSOACC-Help.chm
2008-05-30 18:04 . 2002-11-25 08:36 45,056 --a------ C:\Windows\System32\Synsopos.exe
2008-05-29 19:25 . 2008-05-30 20:58 <REP> d-------- C:\Users\All Users\Adobe
2008-05-29 19:25 . 2008-05-30 20:58 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-05-29 17:32 . 2008-05-29 17:32 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-05-28 18:19 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 18:19 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-27 19:23 . 2008-05-27 19:23 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_xusb20_01001.Wdf
2008-05-27 17:54 . 2008-05-29 00:44 <REP> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2008-05-27 17:47 . 2008-05-27 17:47 <REP> d-------- C:\Program Files\Drum Machine
2008-05-27 17:46 . 2008-05-27 17:46 <REP> d-------- C:\Program Files\XBox 360 Controller for Windows Software
2008-05-26 20:24 . 2008-05-26 20:24 <REP> d-------- C:\Users\John\AppData\Roaming\Steinberg
2008-05-26 20:19 . 2008-05-30 18:04 <REP> d-------- C:\Program Files\Syncrosoft
2008-05-26 20:19 . 1999-12-01 01:40 401,462 --a------ C:\Windows\System32\temp.000
2008-05-26 20:19 . 2005-05-09 20:08 33,792 --a------ C:\Windows\System32\drivers\cledx.sys
2008-05-26 20:19 . 2002-11-25 05:46 16,896 --a------ C:\Windows\System32\drivers\synasUSB.sys
2008-05-25 19:44 . 2008-05-25 21:35 <REP> d-------- C:\Program Files\GUILD WARS
2008-05-17 22:14 . 2008-05-17 22:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-17 18:18 . 2008-05-17 18:18 <REP> d-------- C:\Windows\nvidia icons
2008-05-17 18:12 . 2008-05-17 18:12 <REP> d-------- C:\Windows\Sun
2008-05-17 18:12 . 2008-05-17 18:12 <REP> d-------- C:\Users\John\AppData\Roaming\SystemRequirementsLab
2008-05-17 18:12 . 2008-05-17 18:12 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-05-17 18:11 . 2008-05-17 18:11 <REP> d-------- C:\Program Files\Java
2008-05-17 18:11 . 2008-05-17 18:11 <REP> d-------- C:\Program Files\Common Files\Java
2008-05-17 15:11 . 2008-05-17 15:11 <REP> d-------- C:\Users\John\AppData\Roaming\teamspeak2
2008-05-17 15:11 . 2008-05-17 15:11 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-05-17 15:11 . 2008-05-17 15:11 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-05-17 12:19 . 2008-05-17 12:19 <REP> d-------- C:\Program Files\Frameworkx
2008-05-16 22:57 . 2008-05-16 22:57 <REP> d-------- C:\Users\All Users\media center programs
2008-05-16 22:57 . 2008-05-16 22:57 <REP> d-------- C:\ProgramData\media center programs
2008-05-16 22:23 . 2008-05-16 22:23 <REP> d-------- C:\Program Files\Funcom
2008-05-15 23:14 . 2008-05-15 23:14 <REP> d-------- C:\Users\All Users\Funcom
2008-05-15 23:14 . 2008-05-15 23:14 <REP> d-------- C:\ProgramData\Funcom
2008-05-15 19:13 . 2008-05-15 19:13 <REP> d-------- C:\Program Files\RivaTuner v2.09
2008-05-13 20:37 . 2007-05-22 16:39 29,184 --a------ C:\Windows\System32\drivers\iteatapi.sys
2008-05-12 22:33 . 2008-05-12 22:33 <REP> d-------- C:\Program Files\Memtest
2008-05-12 21:55 . 2008-05-12 21:55 <REP> d-------- C:\Program Files\Intel Corporation
2008-05-12 20:36 . 2008-05-22 18:51 148,637,949 --a------ C:\Windows\MEMORY.DMP
2008-05-12 20:10 . 2008-05-12 20:40 <REP> d-------- C:\Program Files\OCCT
2008-05-12 20:06 . 2008-05-16 20:00 <REP> d-------- C:\Program Files\CPU-Z
2008-05-12 19:44 . 2008-05-12 19:44 <REP> d-------- C:\Program Files\Ant Renamer
2008-05-12 01:26 . 2008-05-12 01:26 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-11 23:37 . 2008-05-11 23:37 <REP> d-------- C:\PerfLogs
2008-05-11 23:29 . 2008-05-11 23:16 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-05-11 23:29 . 2008-05-11 23:16 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-05-11 23:21 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-11 23:21 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-05-11 23:21 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-05-11 23:21 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-05-11 23:21 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-05-11 23:18 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-05-11 23:17 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-05-11 23:16 . 2008-05-11 23:30 196,608 --a------ C:\Windows\SPInstall.etl
2008-05-11 22:53 . 2008-05-11 22:53 <REP> d-------- C:\Users\John\AppData\Roaming\dvdcss
2008-05-11 22:24 . 2008-05-11 22:24 <REP> d-------- C:\Users\John\AppData\Roaming\vlc
2008-05-11 21:44 . 2008-06-06 01:34 69 --a------ C:\Windows\NeroDigital.ini
2008-05-11 19:09 . 2008-06-06 01:37 <REP> d-------- C:\Program Files\SpeedFan
2008-05-11 19:09 . 2008-05-11 19:09 45 --a------ C:\Windows\System32\initdebug.nfo
2008-05-11 18:22 . 2008-05-11 18:22 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-05-11 18:19 . 2008-05-11 18:19 <REP> d-------- C:\Program Files\PowerISO
2008-05-11 17:38 . 2008-05-11 17:38 <REP> d-------- C:\Program Files\VideoLAN
2008-05-11 17:35 . 2008-06-04 20:39 <REP> d-------- C:\Users\John\AppData\Roaming\Azureus
2008-05-11 17:35 . 2008-05-11 17:35 <REP> d-------- C:\Users\All Users\Azureus
2008-05-11 17:35 . 2008-05-11 17:35 <REP> d-------- C:\ProgramData\Azureus
2008-05-11 15:20 . 2008-05-11 15:22 <REP> d-------- C:\Users\John\AppData\Roaming\App Launcher Gadget
2008-05-11 15:00 . 2008-05-11 15:00 262,144 --a------ C:\Windows\System32\wrap_oal.dll
2008-05-11 15:00 . 2008-05-11 15:00 86,016 --a------ C:\Windows\System32\OpenAL32.dll
2008-05-11 14:59 . 2008-05-11 14:59 <REP> d-------- C:\Windows\System32\Futuremark
2008-05-11 14:59 . 2007-08-20 10:05 27,672 -ra------ C:\Windows\System32\drivers\Entech.sys
2008-05-11 14:59 . 2007-09-07 14:55 12,744 --a------ C:\Windows\System32\drivers\Entech64.sys
2008-05-11 14:59 . 2007-09-07 14:55 6,173 --a------ C:\Windows\System32\drivers\Entech.vxd
2008-05-11 14:59 . 2001-11-19 20:05 3,972 --a------ C:\Windows\System32\drivers\PciBus.sys
2008-05-11 14:58 . 2008-05-11 14:58 <REP> d-------- C:\Program Files\Futuremark
2008-05-10 21:51 . 2008-05-10 21:51 <REP> d-------- C:\Program Files\Azureus
2008-05-10 21:46 . 2008-05-10 21:46 <REP> d-------- C:\Program Files\Python25
2008-05-10 21:44 . 2008-05-10 21:44 <REP> d-------- C:\Program Files\Blender
2008-05-10 19:09 . 2008-05-10 19:09 <REP> d-------- C:\Users\All Users\Ahead
2008-05-10 19:09 . 2008-05-10 19:09 <REP> d-------- C:\ProgramData\Ahead
2008-05-10 19:08 . 2008-05-10 19:08 <REP> d-------- C:\Users\All Users\Nero
2008-05-10 19:08 . 2008-05-10 19:08 <REP> d-------- C:\ProgramData\Nero
2008-05-10 19:08 . 2008-05-10 19:08 <REP> d-------- C:\Program Files\Nero
2008-05-10 19:08 . 2008-05-10 19:09 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-05-10 19:07 . 2008-05-30 20:59 <REP> d--hs---- C:\Windows\Installer
2008-05-10 18:09 . 2008-05-10 18:09 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-05-10 18:01 . 2008-05-10 18:01 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-05-10 17:58 . 2008-05-10 17:58 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-05-10 17:58 . 2008-05-10 17:58 826,880 --a------ C:\Windows\System32\wininet.dll
2008-05-10 17:50 . 2008-06-02 20:51 <REP> d-------- C:\Users\All Users\TrackMania
2008-05-10 17:50 . 2008-06-02 20:51 <REP> d-------- C:\ProgramData\TrackMania
2008-05-10 17:50 . 2008-05-10 17:00 <REP> d-------- C:\Program Files\Intel
2008-05-10 17:50 . 2008-05-12 22:31 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 17:50 . 2008-05-10 17:50 <REP> d-------- C:\Program Files\GIGABYTE
2008-05-10 17:50 . 2008-05-10 17:50 <REP> d-------- C:\Program Files\Common Files\InstallShield
2008-05-10 17:50 . 2008-05-10 17:50 <REP> d-------- C:\Intel
2008-05-10 17:50 . 2007-07-26 16:15 53,248 --a------ C:\Windows\System32\CSVer.dll
2008-05-10 17:49 . 2007-06-21 08:34 203,328 -ra------ C:\Windows\GSetup.exe
2008-05-10 17:49 . 2008-06-05 18:19 16,608 --a------ C:\Windows\gdrv.sys
2008-05-10 17:49 . 2008-06-05 18:19 10 --a------ C:\Windows\GSetup.ini
2008-05-10 17:47 . 2008-05-10 17:47 <REP> dr------- C:\Users\John\Videos
2008-05-10 17:47 . 2008-05-10 18:29 <REP> dr------- C:\Users\John\Searches
2008-05-10 17:47 . 2008-05-10 17:47 <REP> dr------- C:\Users\John\Saved Games

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 17:47 --------- d-----w C:\Program Files\Windows Mail
2008-05-11 21:42 174 --sha-w C:\Program Files\desktop.ini
2008-05-11 21:38 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-11 21:38 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-11 21:38 --------- d-----w C:\Program Files\Windows Journal
2008-05-11 21:38 --------- d-----w C:\Program Files\Windows Defender
2008-05-11 21:38 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-11 21:38 --------- d-----w C:\Program Files\Windows Calendar
2008-05-11 21:32 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-11 21:32 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-10 16:02 988,216 ----a-w C:\Windows\System32\winload.exe
2008-05-10 16:02 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-05-10 16:02 615,992 ----a-w C:\Windows\System32\ci.dll
2008-05-10 16:02 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-05-10 16:02 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-05-10 16:02 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-10 16:02 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-05-10 16:02 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-05-10 16:02 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-05-10 16:02 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-10 16:02 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-10 15:45 --------- d-sh--w C:\ProgramData\Modèles
2008-05-10 15:45 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-05-10 15:45 --------- d-sh--w C:\ProgramData\Favoris
2008-05-10 15:45 --------- d-sh--w C:\ProgramData\Bureau
2008-05-10 15:45 --------- d-sh--w C:\Program Files\Fichiers communs
2008-05-10 14:57 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-10 14:57 315,392 ----a-w C:\Windows\HideWin.exe
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-05 14:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 14:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 14:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 13:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 13:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45A7644B-0870-4B91-9661-29E716DD0EAF}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 16:36 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 08:50 4702208 C:\Windows\RtHDVCpl.exe]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" [2008-04-28 20:25 24576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05 734264]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
"BM452a3872"="C:\Windows\system32\lcbwjxrb.dll" [2008-06-04 19:34 126976]

C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2008-04-22 09:59:28 3287552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 gupdate1c8c281fe543860;Google Update Service (gupdate1c8c281fe543860);"C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe" /svc /lang en []
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
S3 gdrv;gdrv;C:\Windows\gdrv.sys [2008-06-05 18:19]
S3 GEST Service;GEST Service for program management.;"C:\Program Files\GIGABYTE\GEST\GSvr.exe" [2007-12-14 11:46]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\Windows\system32\DRIVERS\xusb20.sys [2006-10-13 14:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3d8a817-992f-11db-a2c9-806e6f6e6963}]
\shell\AutoRun\command - D:\Run.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-05 23:37:08 C:\Windows\Tasks\GoogleUpdateTask.job"
- C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 01:37:18
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\lcbwjxrb.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-06 1:39:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 23:39:31

Pre-Run: 185,541,398,528 octets libres
Post-Run: 185,581,998,080 octets libres

288 --- E O F --- 2008-05-30 16:02:16

Autres pages sur : connexion internet impossible rapport combofix

7 Juin 2008 14:21:45

Bonjour,

Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
Ne tiens pas compte de l'avertissement
En bas à gauche , clique sur Outils
Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
Et décoche l'option Resident "TeaTimer" (Tu pourras la recocher lorsque nous aurons terminé)

********

Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

  • Connecte tous les périphériques externes ( DD , USB , ..... )
  • Double clique sur Flash Disinfector et laisse toi guider.

    ********

    Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    C:\Windows\system32\lcbwjxrb.dll
    D:\Run.exe

    Driver::
    gupdate1c8c281fe543860

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3d8a817-992f-11db-a2c9-806e6f6e6963}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"=-
    "Adobe Reader Speed Launcher"=-
    "BM452a3872"=-


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.

  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    7 Juin 2008 16:22:39

    C'est fait, voici le log :

    ComboFix 08-06-05.3 - John 2008-06-07 15:55:10.1 - NTFSx86
    Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.1387 [GMT 2:00]
    Endroit: C:\Users\John\Desktop\ComboFix.exe
    Command switches used :: C:\Users\John\Desktop\CFScript.txt
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\iifgDUml.dll
    C:\Windows\System32\RBLlnUtv.ini
    C:\Windows\System32\RBLlnUtv.ini2
    C:\Windows\system32\vtUnlLBR.dll
    C:\Windows\system32\wvUmkhhf.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_gupdate1c8c281fe543860


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-07 12:18 . 2008-06-07 12:18 <REP> d-------- C:\VundoFix Backups
    2008-06-02 21:06 . 2008-06-06 17:50 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-06-02 21:06 . 2008-06-06 17:50 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-05-31 12:59 . 2008-05-31 12:59 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-30 21:00 . 2008-06-07 12:43 <REP> d-------- C:\Users\All Users\FLEXnet
    2008-05-30 21:00 . 2008-06-07 12:43 <REP> d-------- C:\ProgramData\FLEXnet
    2008-05-30 20:58 . 2008-06-07 12:43 <REP> d-------- C:\Program Files\Bonjour
    2008-05-30 20:53 . 2008-05-30 20:53 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-05-30 20:21 . 2008-05-30 20:21 <REP> d-------- C:\Users\All Users\Google
    2008-05-30 20:21 . 2008-05-30 20:21 <REP> d-------- C:\Program Files\Google
    2008-05-30 18:14 . 2008-05-30 18:14 <REP> d-------- C:\Users\All Users\Apple Computer
    2008-05-30 18:14 . 2008-05-30 18:14 <REP> d-------- C:\ProgramData\Apple Computer
    2008-05-30 18:14 . 2008-05-30 18:14 <REP> d-------- C:\Program Files\QuickTime Alternative
    2008-05-30 18:14 . 2008-05-30 18:14 <REP> d-------- C:\Program Files\Media Player Classic
    2008-05-30 18:14 . 2005-10-17 20:58 65,536 --a------ C:\Windows\System32\QuickTimeVR.qtx
    2008-05-30 18:14 . 2005-10-17 20:57 49,152 --a------ C:\Windows\System32\QuickTime.qts
    2008-05-30 18:04 . 2008-05-30 18:05 <REP> d-------- C:\Program Files\Steinberg
    2008-05-30 18:04 . 2005-10-17 09:35 704,512 --a------ C:\Windows\System32\SYNSOACC.dll
    2008-05-30 18:04 . 1999-12-01 01:40 401,462 --a------ C:\Windows\System32\temp.001
    2008-05-30 18:04 . 2004-05-10 15:58 147,456 --a------ C:\Windows\System32\SynsoLChk.dll
    2008-05-30 18:04 . 2003-07-31 20:28 147,425 --a------ C:\Windows\System32\SYNSOACC-Aide.chm
    2008-05-30 18:04 . 2003-05-26 15:29 120,468 --a------ C:\Windows\System32\SYNSOACC-Hilfe.chm
    2008-05-30 18:04 . 2003-05-26 15:29 114,279 --a------ C:\Windows\System32\SYNSOACC-Help.chm
    2008-05-30 18:04 . 2002-11-25 08:36 45,056 --a------ C:\Windows\System32\Synsopos.exe
    2008-05-29 19:25 . 2008-05-30 20:58 <REP> d-------- C:\Users\All Users\Adobe
    2008-05-29 19:25 . 2008-05-30 20:58 <REP> d-------- C:\Program Files\Common Files\Adobe
    2008-05-29 17:32 . 2008-05-29 17:32 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01001.Wdf
    2008-05-28 18:19 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-28 18:19 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
    2008-05-27 19:23 . 2008-05-27 19:23 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_xusb20_01001.Wdf
    2008-05-27 17:54 . 2008-05-29 00:44 <REP> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
    2008-05-27 17:47 . 2008-05-27 17:47 <REP> d-------- C:\Program Files\Drum Machine
    2008-05-27 17:46 . 2008-05-27 17:46 <REP> d-------- C:\Program Files\XBox 360 Controller for Windows Software
    2008-05-26 20:24 . 2008-05-26 20:24 <REP> d-------- C:\Users\John\AppData\Roaming\Steinberg
    2008-05-26 20:19 . 2008-05-30 18:04 <REP> d-------- C:\Program Files\Syncrosoft
    2008-05-26 20:19 . 1999-12-01 01:40 401,462 --a------ C:\Windows\System32\temp.000
    2008-05-26 20:19 . 2005-05-09 20:08 33,792 --a------ C:\Windows\System32\drivers\cledx.sys
    2008-05-26 20:19 . 2002-11-25 05:46 16,896 --a------ C:\Windows\System32\drivers\synasUSB.sys
    2008-05-25 19:44 . 2008-05-25 21:35 <REP> d-------- C:\Program Files\GUILD WARS
    2008-05-17 22:14 . 2008-05-17 22:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-05-17 18:18 . 2008-05-17 18:18 <REP> d-------- C:\Windows\nvidia icons
    2008-05-17 18:12 . 2008-05-17 18:12 <REP> d-------- C:\Windows\Sun
    2008-05-17 18:12 . 2008-05-17 18:12 <REP> d-------- C:\Users\John\AppData\Roaming\SystemRequirementsLab
    2008-05-17 18:12 . 2008-05-17 18:12 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-05-17 18:11 . 2008-05-17 18:11 <REP> d-------- C:\Program Files\Java
    2008-05-17 18:11 . 2008-05-17 18:11 <REP> d-------- C:\Program Files\Common Files\Java
    2008-05-17 15:11 . 2008-06-07 12:43 <REP> d-------- C:\Users\John\AppData\Roaming\teamspeak2
    2008-05-17 15:11 . 2008-05-17 15:11 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2008-05-17 15:11 . 2008-05-17 15:11 34,064 --a------ C:\Windows\System32\lhacm.acm
    2008-05-17 12:19 . 2008-05-17 12:19 <REP> d-------- C:\Program Files\Frameworkx
    2008-05-16 22:57 . 2008-05-16 22:57 <REP> d-------- C:\Users\All Users\media center programs
    2008-05-16 22:57 . 2008-05-16 22:57 <REP> d-------- C:\ProgramData\media center programs
    2008-05-16 22:23 . 2008-05-16 22:23 <REP> d-------- C:\Program Files\Funcom
    2008-05-15 23:14 . 2008-05-15 23:14 <REP> d-------- C:\Users\All Users\Funcom
    2008-05-15 23:14 . 2008-05-15 23:14 <REP> d-------- C:\ProgramData\Funcom
    2008-05-15 19:13 . 2008-06-07 12:43 <REP> d-------- C:\Program Files\RivaTuner v2.09
    2008-05-13 20:37 . 2007-05-22 16:39 29,184 --a------ C:\Windows\System32\drivers\iteatapi.sys
    2008-05-12 22:33 . 2008-05-12 22:33 <REP> d-------- C:\Program Files\Memtest
    2008-05-12 21:55 . 2008-05-12 21:55 <REP> d-------- C:\Program Files\Intel Corporation
    2008-05-12 20:36 . 2008-05-22 18:51 148,637,949 --a------ C:\Windows\MEMORY.DMP
    2008-05-12 20:10 . 2008-05-12 20:40 <REP> d-------- C:\Program Files\OCCT
    2008-05-12 20:06 . 2008-05-16 20:00 <REP> d-------- C:\Program Files\CPU-Z
    2008-05-12 19:44 . 2008-05-12 19:44 <REP> d-------- C:\Program Files\Ant Renamer
    2008-05-12 01:26 . 2008-05-12 01:26 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-05-11 23:37 . 2008-05-11 23:37 <REP> d-------- C:\PerfLogs
    2008-05-11 23:29 . 2008-05-11 23:16 152,576 --a------ C:\Windows\System32\SPWizUI.dll
    2008-05-11 23:29 . 2008-05-11 23:16 47,560 --a------ C:\Windows\System32\SPReview.exe
    2008-05-11 23:21 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
    2008-05-11 23:21 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
    2008-05-11 23:21 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
    2008-05-11 23:21 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
    2008-05-11 23:21 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
    2008-05-11 23:18 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
    2008-05-11 23:17 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
    2008-05-11 23:16 . 2008-05-11 23:30 196,608 --a------ C:\Windows\SPInstall.etl
    2008-05-11 22:53 . 2008-05-11 22:53 <REP> d-------- C:\Users\John\AppData\Roaming\dvdcss
    2008-05-11 22:24 . 2008-05-11 22:24 <REP> d-------- C:\Users\John\AppData\Roaming\vlc
    2008-05-11 21:44 . 2008-05-30 18:13 69 --a------ C:\Windows\NeroDigital.ini
    2008-05-11 19:09 . 2008-06-07 16:00 <REP> d-------- C:\Program Files\SpeedFan
    2008-05-11 19:09 . 2008-05-11 19:09 45 --a------ C:\Windows\System32\initdebug.nfo
    2008-05-11 18:22 . 2008-05-11 18:22 <REP> d-------- C:\Program Files\Guitar Pro 5
    2008-05-11 18:19 . 2008-05-11 18:19 <REP> d-------- C:\Program Files\PowerISO
    2008-05-11 17:38 . 2008-05-11 17:38 <REP> d-------- C:\Program Files\VideoLAN
    2008-05-11 17:35 . 2008-06-07 12:43 <REP> d-------- C:\Users\John\AppData\Roaming\Azureus
    2008-05-11 17:35 . 2008-05-11 17:35 <REP> d-------- C:\Users\All Users\Azureus
    2008-05-11 17:35 . 2008-05-11 17:35 <REP> d-------- C:\ProgramData\Azureus
    2008-05-11 15:20 . 2008-05-11 15:22 <REP> d-------- C:\Users\John\AppData\Roaming\App Launcher Gadget
    2008-05-11 15:00 . 2008-05-11 15:00 262,144 --a------ C:\Windows\System32\wrap_oal.dll
    2008-05-11 15:00 . 2008-05-11 15:00 86,016 --a------ C:\Windows\System32\OpenAL32.dll
    2008-05-11 14:59 . 2008-05-11 14:59 <REP> d-------- C:\Windows\System32\Futuremark
    2008-05-11 14:59 . 2007-08-20 10:05 27,672 -ra------ C:\Windows\System32\drivers\Entech.sys
    2008-05-11 14:59 . 2007-09-07 14:55 12,744 --a------ C:\Windows\System32\drivers\Entech64.sys
    2008-05-11 14:59 . 2007-09-07 14:55 6,173 --a------ C:\Windows\System32\drivers\Entech.vxd
    2008-05-11 14:59 . 2001-11-19 20:05 3,972 --a------ C:\Windows\System32\drivers\PciBus.sys
    2008-05-11 14:58 . 2008-05-11 14:58 <REP> d-------- C:\Program Files\Futuremark
    2008-05-10 21:51 . 2008-05-10 21:51 <REP> d-------- C:\Program Files\Azureus
    2008-05-10 21:46 . 2008-05-10 21:46 <REP> d-------- C:\Program Files\Python25
    2008-05-10 21:44 . 2008-05-10 21:44 <REP> d-------- C:\Program Files\Blender
    2008-05-10 19:09 . 2008-05-10 19:09 <REP> d-------- C:\Users\All Users\Ahead
    2008-05-10 19:09 . 2008-05-10 19:09 <REP> d-------- C:\ProgramData\Ahead
    2008-05-10 19:08 . 2008-05-10 19:08 <REP> d-------- C:\Users\All Users\Nero
    2008-05-10 19:08 . 2008-05-10 19:08 <REP> d-------- C:\ProgramData\Nero
    2008-05-10 19:08 . 2008-05-10 19:08 <REP> d-------- C:\Program Files\Nero
    2008-05-10 19:08 . 2008-05-10 19:09 <REP> d-------- C:\Program Files\Common Files\Ahead
    2008-05-10 19:07 . 2008-05-30 20:59 <REP> d--hs---- C:\Windows\Installer
    2008-05-10 18:09 . 2008-05-10 18:09 1,820 --a------ C:\Windows\System32\rasctrnm.h
    2008-05-10 18:01 . 2008-05-10 18:01 295,936 --a------ C:\Windows\System32\gdi32.dll
    2008-05-10 17:58 . 2008-05-10 17:58 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-05-10 17:58 . 2008-05-10 17:58 826,880 --a------ C:\Windows\System32\wininet.dll
    2008-05-10 17:50 . 2008-06-02 20:51 <REP> d-------- C:\Users\All Users\TrackMania
    2008-05-10 17:50 . 2008-06-02 20:51 <REP> d-------- C:\ProgramData\TrackMania
    2008-05-10 17:50 . 2008-05-10 17:00 <REP> d-------- C:\Program Files\Intel
    2008-05-10 17:50 . 2008-05-12 22:31 <REP> d--h----- C:\Program Files\InstallShield Installation Information
    2008-05-10 17:50 . 2008-05-10 17:50 <REP> d-------- C:\Program Files\GIGABYTE
    2008-05-10 17:50 . 2008-05-10 17:50 <REP> d-------- C:\Program Files\Common Files\InstallShield
    2008-05-10 17:50 . 2008-05-10 17:50 <REP> d-------- C:\Intel
    2008-05-10 17:50 . 2007-07-26 16:15 53,248 --a------ C:\Windows\System32\CSVer.dll
    2008-05-10 17:49 . 2007-06-21 08:34 203,328 -ra------ C:\Windows\GSetup.exe
    2008-05-10 17:49 . 2008-05-12 20:30 16,608 --a------ C:\Windows\gdrv.sys
    2008-05-10 17:49 . 2008-05-10 16:59 10 --a------ C:\Windows\GSetup.ini
    2008-05-10 17:47 . 2008-05-10 17:47 <REP> dr------- C:\Users\John\Videos
    2008-05-10 17:47 . 2008-05-10 18:29 <REP> dr------- C:\Users\John\Searches
    2008-05-10 17:47 . 2008-05-10 17:47 <REP> dr------- C:\Users\John\Saved Games
    2008-05-10 17:47 . 2008-05-10 17:47 <REP> dr------- C:\Users\John\Pictures
    2008-05-10 17:47 . 2008-05-10 17:47 <REP> dr------- C:\Users\John\Music

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-14 17:47 --------- d-----w C:\Program Files\Windows Mail
    2008-05-11 21:42 174 --sha-w C:\Program Files\desktop.ini
    2008-05-11 21:38 --------- d-----w C:\Program Files\Windows Sidebar
    2008-05-11 21:38 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-05-11 21:38 --------- d-----w C:\Program Files\Windows Journal
    2008-05-11 21:38 --------- d-----w C:\Program Files\Windows Defender
    2008-05-11 21:38 --------- d-----w C:\Program Files\Windows Collaboration
    2008-05-11 21:38 --------- d-----w C:\Program Files\Windows Calendar
    2008-05-10 15:45 --------- d-sh--w C:\ProgramData\Modèles
    2008-05-10 15:45 --------- d-sh--w C:\ProgramData\Menu Démarrer
    2008-05-10 15:45 --------- d-sh--w C:\ProgramData\Favoris
    2008-05-10 15:45 --------- d-sh--w C:\ProgramData\Bureau
    2008-05-10 15:45 --------- d-sh--w C:\Program Files\Fichiers communs
    2008-05-10 14:57 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-05-10 14:57 315,392 ----a-w C:\Windows\HideWin.exe
    2008-05-03 03:46 7,460,320 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
    2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F286500C-177A-4316-9E88-9814FBB1DC3D}]
    2008-05-30 20:21 156144 --a----t- C:\Program Files\Google\Update\1.1.27.3\GoopdateBho.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 16:36 178712]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 08:50 4702208 C:\Windows\RtHDVCpl.exe]
    "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" [2008-04-28 20:25 24576]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]
    "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05 734264]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]

    C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2008-04-22 09:59:28 3287552]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
    S3 gdrv;gdrv;C:\Windows\gdrv.sys [2008-05-12 20:30]
    S3 GEST Service;GEST Service for program management.;"C:\Program Files\GIGABYTE\GEST\GSvr.exe" [2007-12-14 11:46]
    S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\Windows\system32\DRIVERS\xusb20.sys [2006-10-13 14:48]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\AUTORUN.EXE

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-07 14:00:54 C:\Windows\Tasks\GoogleUpdateTask.job"
    - C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-07 16:01:00
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\nvvsvc.exe
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-07 16:03:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-07 14:03:03
    ComboFix2.txt 2008-06-05 23:39:46

    Pre-Run: 186,615,115,776 octets libres
    Post-Run: 186,306,605,056 octets libres

    241 --- E O F --- 2008-05-30 16:02:16
    Contenus similaires
    7 Juin 2008 18:38:16

    Re,

    Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur "Do a system scan and save a logfile".
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    7 Juin 2008 18:44:18

    Voici le log :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:42:01, on 07/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Update Class - {F286500C-177A-4316-9E88-9814FBB1DC3D} - C:\Program Files\Google\Update\1.1.27.3\GoopdateBho.dll
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /S
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O13 - Gopher Prefix:
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    --
    End of file - 4647 bytes
    7 Juin 2008 18:54:53

    Re,

    Pas d'antivirus ?

    Télécharge Clean (de Malekal) sur ton Bureau.

  • Dézippe le sur ton Bureau. Double-clic sur le dossier Clean qui vient d'apparaître.
  • Double-clic sur Clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
  • Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
  • Poste le rapport qui se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

    Aide : Comment utiliser Clean.
    7 Juin 2008 19:30:41

    J'ai uploadé le zip. Voici le rapport :

    07/06/2008 a 19:24:10,29

    *** Recherche C:
    C:\autorun.inf FOUND

    *** Recherche C:\Windows\

    *** Recherche C:\Windows\system32
    C:\Windows\system32\wininit.exe FOUND
    C:\Windows\system32\wininit.exe FOUND

    *** Recherche C:\Program Files
    *** End of the report !
    8 Juin 2008 18:02:50

    Re,

    On va mettre un antivirus.

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    ***************

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu’il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

    Pourquoi changer ? Avast vs Antivir.

    Aide : Comment installer et utiliser AntiVir.
    8 Juin 2008 20:39:07



    Avira AntiVir Personal
    Report file date: dimanche 8 juin 2008 20:31

    Scanning for 1313263 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (Service Pack 1) [6.0.6001]
    Boot mode: Normally booted
    Username: John
    Computer name: PC-DE-JOHN

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 18:30:13
    ANTIVIR3.VDF : 7.0.4.156 144896 Bytes 06/06/2008 18:30:14
    Engineversion : 8.1.0.55
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.40 266618 Bytes 08/06/2008 18:30:19
    AESCN.DLL : 8.1.0.21 119156 Bytes 08/06/2008 18:30:19
    AERDL.DLL : 8.1.0.20 418165 Bytes 08/06/2008 18:30:18
    AEPACK.DLL : 8.1.1.5 364918 Bytes 08/06/2008 18:30:18
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 08/06/2008 18:30:17
    AEHEUR.DLL : 8.1.0.30 1253750 Bytes 08/06/2008 18:30:17
    AEHELP.DLL : 8.1.0.15 115063 Bytes 08/06/2008 18:30:16
    AEGEN.DLL : 8.1.0.28 307572 Bytes 08/06/2008 18:30:15
    AEEMU.DLL : 8.1.0.6 430451 Bytes 08/06/2008 18:30:15
    AECORE.DLL : 8.1.0.31 168310 Bytes 08/06/2008 18:30:14
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Rootkit search
    Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
    Logging..........................: high
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Scan memory......................: off
    Process scan.....................: off
    Scan registry....................: off
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high
    Expanded search settings.........: 0x00300922

    Start of the scan: dimanche 8 juin 2008 20:31

    Starting search for hidden objects.
    '359637' objects were checked, '0' hidden objects were found.


    End of the scan: dimanche 8 juin 2008 20:34
    Used time: 03:25 min

    The scan has been done completely.

    0 Scanning directories
    0 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    0 Files cannot be scanned
    0 Files not concerned
    0 Archives were scanned
    0 Warnings
    0 Notes
    359637 Objects were scanned with rootkit scan
    0 Hidden objects were found

    8 Juin 2008 20:55:32

    Tu n'as rien scanné !
    8 Juin 2008 21:20:04

    Oui effectivement erreur de manip, désole !



    Avira AntiVir Personal
    Report file date: dimanche 8 juin 2008 21:00

    Scanning for 1313263 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (Service Pack 1) [6.0.6001]
    Boot mode: Normally booted
    Username: John
    Computer name: PC-DE-JOHN

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 18:30:13
    ANTIVIR3.VDF : 7.0.4.156 144896 Bytes 06/06/2008 18:30:14
    Engineversion : 8.1.0.55
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.40 266618 Bytes 08/06/2008 18:30:19
    AESCN.DLL : 8.1.0.21 119156 Bytes 08/06/2008 18:30:19
    AERDL.DLL : 8.1.0.20 418165 Bytes 08/06/2008 18:30:18
    AEPACK.DLL : 8.1.1.5 364918 Bytes 08/06/2008 18:30:18
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 08/06/2008 18:30:17
    AEHEUR.DLL : 8.1.0.30 1253750 Bytes 08/06/2008 18:30:17
    AEHELP.DLL : 8.1.0.15 115063 Bytes 08/06/2008 18:30:16
    AEGEN.DLL : 8.1.0.28 307572 Bytes 08/06/2008 18:30:15
    AEEMU.DLL : 8.1.0.6 430451 Bytes 08/06/2008 18:30:15
    AECORE.DLL : 8.1.0.31 168310 Bytes 08/06/2008 18:30:14
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 8 juin 2008 21:00

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'vlc.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
    Scan process 'Azureus.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'speedfan.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'cledx.exe' - '1' Module(s) have been scanned
    Scan process 'XBoxStat.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
    Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
    Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    55 processes with 55 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '12' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'E:\' <Documents>


    End of the scan: dimanche 8 juin 2008 21:17
    Used time: 16:39 min

    The scan has been done completely.

    14033 Scanning directories
    230238 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    230238 Files not concerned
    1804 Archives were scanned
    2 Warnings
    0 Notes

    9 Juin 2008 07:10:11

    Bizarre qu'il soit aussi court :p 

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.
    10 Juin 2008 09:14:54

    Salut,
    J'ai pas eu le temps de le faire hier donc je te posterais le résultat ce soir.

    Par contre lorsque j'ai allumé mon pc, internet marchait parfaitement. Pourtant je n'ai rien fait de plus... J'espère que ça va rester, je te tiens au courant. Mais j'aime pas trop le coup de "ça marche, ça marche plus, ça remarche" :??: 
    10 Juin 2008 20:43:40

    Voilà :

    Malwarebytes' Anti-Malware 1.16
    Version de la base de données: 845

    20:42:49 10/06/2008
    mbam-log-6-10-2008 (20-42-49).txt

    Type de recherche: Examen complet (C:\|E:\|)
    Eléments examinés: 143794
    Temps écoulé: 16 minute(s), 44 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\Windows\System32\ucxsgsnl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\ugehnnuc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\vtUnlLBR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    10 Juin 2008 20:53:02

    Re,

    Poste un nouveau rapport HijackThis.
    Plus de dysfonctionnements ?
    10 Juin 2008 21:29:02

    Non ça m'a l'air de fonctionner correctement. Et le rapport parait clean.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:27:10, on 10/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Alliance MCA\SafeFax\faxtray.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\WerCon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /S
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
    O4 - Global Startup: Lancement Application Fax.lnk = C:\Program Files\Alliance MCA\SafeFax\faxtray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O13 - Gopher Prefix:
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    --
    End of file - 5401 bytes
    11 Juin 2008 15:25:56

    Re,

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Poste ce rapport ~>C:\TCleaner.txt<~

  • Garde Ccleaner, Avg (ou MBAM) et AntiVir si nous les avons installés..
  • Désactive-réactive la restauration système.
  • Rapporte ton infection sur Malware Complaints >Tuto<
  • Ton(tes) infection(s) : Vundo.
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections,

  • Mets ton ordi correctement à jour >ici<
  • Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

    Puis regarde ces dossiers :

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    12 Juin 2008 00:19:32

    Eh bien merci pour tout !

    Bonne soirée à toi.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS