Se connecter / S'enregistrer
Votre question

possible infection

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Février 2008 02:09:58

bonjour.
Voila j'ai voulu faire un test hijackthis sur mon pc et j'aimerais savoir si je suis infecté.
notamment cette partie m'inquiete...:
O1 - Hosts: ::1 localhost
O1 - Hosts: luciolis2.servegame.com 80.239.180.113
O1 - Hosts: luciolis2.servegame.com 91.121.124.125
O1 - Hosts: luciolis2.servegame.com 91.121.106.15
O1 - Hosts: luciolis2.servegame.com 91.121.69.136
je me demande bien ce que c'est...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:48:12, on 23/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\alexis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: luciolis2.servegame.com 80.239.180.113
O1 - Hosts: luciolis2.servegame.com 91.121.124.125
O1 - Hosts: luciolis2.servegame.com 91.121.106.15
O1 - Hosts: luciolis2.servegame.com 91.121.69.136
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\Windows\mpcodecplg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NeoTrace Express\NTXcontext.htm
O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NeoTrace Express\NTXtoolbar.htm (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSN...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 8051 bytes

merci a tous ceux qui m'aideront.

Autres pages sur : possible infection

a b 8 Sécurité
23 Février 2008 13:05:57

Bonjour,

Tu as touché à ton fichier Hosts ?
23 Février 2008 13:19:31

non pas du tout...
Contenus similaires
a b 8 Sécurité
23 Février 2008 13:21:04

Re,

Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.
23 Février 2008 13:25:08

je dispose de windows vista et mon systeme ne fais pas partie des systeme accepté
a b 8 Sécurité
23 Février 2008 13:38:23

Ok :) 

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

O1 - Hosts: luciolis2.servegame.com 80.239.180.113
O1 - Hosts: luciolis2.servegame.com 91.121.124.125
O1 - Hosts: luciolis2.servegame.com 91.121.106.15
O1 - Hosts: luciolis2.servegame.com 91.121.69.136
23 Février 2008 14:01:02

voila c fais :) 

et voila un noouveau log hijackthis.
ils n'y a rien d'autre de suspect?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59:46, on 23/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Users\alexis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\Windows\mpcodecplg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NeoTrace Express\NTXcontext.htm
O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NeoTrace Express\NTXtoolbar.htm (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSN...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7618 bytes

En tout cas merci de ton aide.
a b 8 Sécurité
23 Février 2008 14:10:57

J'ai raté une infection.

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    23 Février 2008 18:06:16

    desolé de n'avoir pas pu repondre plus rapidement j'eatasi absent cette apres midi ;) 
    alors voila le rapport combofix.

    ComboFix 08-02-23.2 - alexis 2008-02-23 18:01:36.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1168 [GMT 1:00]
    Endroit: C:\Users\alexis\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\alexis\AppData\Roaming\inst.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-23 15:32 --------- d-----w C:\Program Files\Zattoo
    2008-02-23 15:03 --------- d-----w C:\Program Files\dizzler
    2008-02-23 12:56 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
    2008-02-23 11:30 --------- d-----w C:\Program Files\UltraDefrag
    2008-02-23 11:29 --------- d-----w C:\Program Files\Dofus
    2008-02-23 00:10 --------- d-----w C:\Users\alexis\AppData\Roaming\GlarySoft
    2008-02-23 00:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-23 00:09 --------- d-----w C:\ProgramData\Media Center Programs
    2008-02-23 00:09 --------- d-----w C:\Program Files\Sierra Entertainment
    2008-02-23 00:04 --------- d-----w C:\Users\alexis\AppData\Roaming\uTorrent
    2008-02-23 00:04 --------- d-----w C:\Program Files\Nvu
    2008-02-22 23:59 --------- d-----w C:\Program Files\Glary Utilities
    2008-02-20 09:40 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
    2008-02-20 00:37 --------- d-----w C:\Program Files\World of Warcraft
    2008-02-19 22:57 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-14 19:33 --------- d-----w C:\Users\alexis\AppData\Roaming\Xfire
    2008-02-13 12:46 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-13 12:46 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-13 12:40 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-13 12:40 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-13 12:40 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-13 12:40 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-13 12:40 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-13 12:40 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-13 12:40 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-13 12:40 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-13 12:40 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-13 12:40 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-13 12:40 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-13 12:40 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-13 12:39 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-13 12:39 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-13 12:39 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-13 12:39 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-13 12:39 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-13 12:39 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-13 12:37 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-13 12:37 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-13 12:37 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-13 12:37 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-13 12:36 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2008-02-12 22:05 --------- d-----w C:\Program Files\Yahoo!
    2008-02-12 19:03 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-02-12 19:03 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-02-09 10:39 --------- d-----w C:\Users\alexis\AppData\Roaming\PCF-VLC
    2008-02-09 10:34 --------- d-----w C:\Users\alexis\AppData\Roaming\Participatory Culture Foundation
    2008-02-09 10:06 --------- d-----w C:\ProgramData\avg7
    2008-02-09 10:02 --------- d-----w C:\Users\alexis\AppData\Roaming\AVG7
    2008-02-06 20:53 --------- d-----w C:\Users\alexis\AppData\Roaming\Vso
    2008-02-06 20:48 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
    2008-02-06 20:48 47,360 ----a-w C:\Users\alexis\AppData\Roaming\pcouffin.sys
    2008-02-06 20:48 --------- d-----w C:\Program Files\VSO
    2008-02-06 13:55 --------- d-----w C:\Program Files\Windows Live
    2008-02-06 13:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-06 13:44 --------- d-----w C:\ProgramData\WLInstaller
    2008-02-04 17:58 --------- d-----w C:\Program Files\FLV Player
    2008-01-25 17:25 --------- d-----w C:\Program Files\UltraVNC
    2008-01-25 17:18 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-01-25 17:18 --------- d-----w C:\Program Files\Sweet Home 3D
    2008-01-25 17:18 --------- d-----w C:\Program Files\CrossLoop
    2008-01-25 14:35 --------- d-----w C:\Program Files\ItsLabel
    2008-01-24 12:32 --------- d-----w C:\Users\alexis\AppData\Roaming\ItsLabel
    2008-01-23 14:22 --------- d-----w C:\Users\alexis\AppData\Roaming\gtk-2.0
    2008-01-23 12:39 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig(452).xml
    2008-01-17 18:23 --------- d-----w C:\ProgramData\Xfire
    2008-01-17 18:05 --------- d-----w C:\Program Files\Xfire
    2008-01-13 22:29 --------- d-----w C:\Program Files\MessengerDiscovery
    2008-01-13 20:15 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-01-13 16:31 --------- d-----w C:\Program Files\Activision
    2008-01-13 16:27 22,328 ----a-w C:\Users\alexis\AppData\Roaming\PnkBstrK.sys
    2008-01-12 15:44 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-01-11 00:30 54,608 ----a-w C:\Windows\System32\xfcodec.dll
    2008-01-09 17:05 18,207,736 ----a-w C:\Users\alexis\VeohSetup-3.8.0.1051.exe
    2008-01-09 16:21 --------- d-----w C:\Program Files\Windows Mail
    2008-01-09 16:20 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-09 13:39 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-09 13:39 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-09 13:39 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-09 02:32 276,368 ----a-w C:\Windows\system32\drivers\vsdatant.sys
    2008-01-09 02:31 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
    2008-01-04 22:25 159,916,982 ----a-w C:\Users\alexis\DofusInstaller_v1_21_0.exe
    2008-01-04 15:49 --------- d-----w C:\Users\moi\AppData\Roaming\DivX
    2008-01-04 15:48 --------- d-----w C:\Users\moi\AppData\Roaming\ATI
    2008-01-03 21:48 --------- d-----w C:\Program Files\Common Files\Steam
    2008-01-03 14:24 --------- d-----w C:\Users\alexis\AppData\Roaming\DivX
    2008-01-03 14:23 --------- d-----w C:\Program Files\DivX
    2008-01-03 14:18 17,322,400 ----a-w C:\Users\alexis\DivXInstaller.exe
    2008-01-03 12:34 --------- d-----w C:\Program Files\Veoh Networks
    2008-01-02 15:58 1,697,248 ----a-w C:\Users\alexis\DivXWebPlayerInstaller1.3Dinavix.exe
    2008-01-01 19:12 --------- d-----w C:\Program Files\RayV
    2008-01-01 14:44 --------- d-----w C:\Users\alexis\AppData\Roaming\MessengerGadget
    2008-01-01 14:29 187,340 ----a-w C:\Users\alexis\ultradefrag-1.2.3.bin.i386.exe
    2007-12-28 22:35 --------- d-----w C:\Program Files\NeoTrace Express
    2007-12-28 11:11 30,968,934 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2007_12_28_12_09_12_full.dmp.zip
    2007-12-28 11:08 --------- d-----w C:\Program Files\Common Files\Real
    2007-12-27 10:29 30,985,797 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2007_12_26_21_32_35_full.dmp.zip
    2007-12-26 20:32 65,024 ----a-w C:\Windows\IFinst26.exe
    2007-12-26 20:30 --------- d-----w C:\Program Files\Samsung
    2007-12-24 18:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-23 09:28 --------- d-----w C:\ProgramData\Kaspersky Lab
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]
    2007-11-18 00:57 130048 --a------ C:\Windows\mpcodecplg.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 12:01 413696]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-30 15:00 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 10:14 4444160 C:\Windows\RtHDVCpl.exe]
    "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 09:39 411192]
    "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 15:49 55416]
    "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 14:57 509496]
    "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 15:32 538744]
    "HWSetup"="\HWSetup.exe" [ ]
    "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 19:42 438272]
    "NDSTray.exe"="NDSTray.exe" []
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-27 06:32 898344]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 06:00 204800]
    "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C5C2DDDE-206E-4310-B641-94DD2EA7C806}"= UDP:C:\Program Files\Sierra Entertainment\Démo World in Conflict\wic.exe:D émo World in Conflict
    "{26B03EDB-2B99-4DE5-8374-DEACA6A0C173}"= TCP:C:\Program Files\Sierra Entertainment\Démo World in Conflict\wic.exe:D émo World in Conflict
    "TCP Query User{D33D4649-8D0A-48FB-8B7B-385225EDC8D8}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "UDP Query User{DC3F91A3-9054-4035-A7CF-64E1FAD94DB9}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "TCP Query User{33F2634A-5921-4E16-A2CF-64B02B043772}C:\program files\real\realplayer\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer|Desc=RealPlayer
    "UDP Query User{E8975846-6D3F-4942-AF9D-E869D2AFC15F}C:\program files\real\realplayer\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer|Desc=RealPlayer
    "TCP Query User{E0AC8731-D945-4D6F-963B-8988B157C9E8}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
    "UDP Query User{2DB1159B-9340-4C6B-ADEB-FC011AEB560F}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
    "{34F3DD0F-1BDE-4039-B2EF-C3F06256C89B}"= UDP:C:\Program Files\CEZEO software\LanTalk XP\LanTalk.exe:LanTalk XP Messenger
    "{E9C59E1B-1203-48C8-BFCC-AD427522DC4F}"= TCP:C:\Program Files\CEZEO software\LanTalk XP\LanTalk.exe:LanTalk XP Messenger
    "TCP Query User{CB7B52CA-67C5-44C5-BFD2-65991FAF3C27}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "UDP Query User{8CC26703-2B32-4836-B6B2-847454B98334}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "TCP Query User{5904DADF-4C62-413E-B14D-0EAA60C8D125}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
    "UDP Query User{7DD00FEF-7429-41C5-A57C-FF56E4193573}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
    "TCP Query User{B379E3C2-2430-4BB9-9410-8E1D1BBFF166}C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe"= UDP:C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe:D ofus Client|Desc=Dofus Client
    "UDP Query User{8F220F3B-3BDF-4134-AA8C-DF89E3D4A719}C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe"= TCP:C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe:D ofus Client|Desc=Dofus Client
    "TCP Query User{EC1546C3-33BD-4689-96EC-7058637F4BF1}C:\windows\system32\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
    "UDP Query User{89747583-76E6-4DEA-A52F-ABA98A753C6C}C:\windows\system32\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
    "TCP Query User{DA7C8FE9-9591-4CCD-B05F-A8B6CFD2D2F4}C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe"= UDP:C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe:D ofus Client|Desc=Dofus Client
    "UDP Query User{1ABDFD43-CFB0-408C-A7D5-F4EA3392F100}C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe"= TCP:C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe:D ofus Client|Desc=Dofus Client
    "TCP Query User{5B7D6556-A37C-4FD3-B643-8614682F6437}C:\windows\system32\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
    "UDP Query User{18189D8A-3DA9-446A-8790-3DAA2676683D}C:\windows\system32\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
    "TCP Query User{79FD54D9-5052-4DE5-9086-F7BCB03F75E9}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
    "UDP Query User{EBC995C1-B607-4222-BCDB-E415EBD9B879}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
    "TCP Query User{8C38CD06-5AA6-4D48-944C-F5A098FA2626}C:\program files\valve\steam\steamapps\xoniax\condition zero\hl.exe"= UDP:C:\program files\valve\steam\steamapps\xoniax\condition zero\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher
    "UDP Query User{E6584009-FFEB-48B8-9406-6E702F193CAE}C:\program files\valve\steam\steamapps\xoniax\condition zero\hl.exe"= TCP:C:\program files\valve\steam\steamapps\xoniax\condition zero\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher
    "TCP Query User{3AB7EC81-FC7F-4037-86A2-03495C8B841A}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
    "UDP Query User{52BA3292-A890-4326-ACA7-A231D204297E}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
    "TCP Query User{EF4B6694-0200-4163-BC55-BF5CDBD000D4}C:\program files\codemasters\rf online;\rf.exe"= UDP:C:\program files\codemasters\rf online;\rf.exe:RFLauncher|Desc=RFLauncher
    "UDP Query User{7BDD3A51-2AEA-47C2-9319-8BA04E64D23E}C:\program files\codemasters\rf online;\rf.exe"= TCP:C:\program files\codemasters\rf online;\rf.exe:RFLauncher|Desc=RFLauncher
    "TCP Query User{3734A43D-7723-48FD-A56A-DCBC055DA40A}C:\program files\valve\steam\steamapps\xoniax\counter-strike\hl.exe"= UDP:C:\program files\valve\steam\steamapps\xoniax\counter-strike\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher
    "UDP Query User{D7E9B24F-CD70-4021-953C-BCB394AFDA17}C:\program files\valve\steam\steamapps\xoniax\counter-strike\hl.exe"= TCP:C:\program files\valve\steam\steamapps\xoniax\counter-strike\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher
    "{E8F63E2E-816C-4C9F-9A5D-25453E24871F}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
    "{A6C5E231-8B78-49CB-A1F2-2EF9781298DA}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
    "{027DAD55-B3FE-42CD-9E25-DC90828077A9}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - En ligne uniquement
    "{BA25E098-6300-4A6D-8D87-A8477BBA2E09}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - En ligne uniquement
    "{1D135037-9F70-4830-A8CD-04017F12896C}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Serveur dédié
    "{56C0BF04-4CF6-46BE-8D88-60874A2FF5B5}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Serveur dédié
    "{8346DF37-7014-4A1C-9994-43BC8FE9BA5E}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
    "{49AC85F4-FDB5-4C42-9949-70506749AD04}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
    "{C518158C-C635-4B35-94FE-976A7971F4B7}"= UDP:C:\Program Files\RayV\RayV\RayV.exe:RayV
    "{1A9AFBB8-9F1F-4857-B924-6A47671B2B4E}"= TCP:C:\Program Files\RayV\RayV\RayV.exe:RayV
    "{8F946687-9DA6-41CD-9AD1-7E40FB483536}"= UDP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{BF485548-5BF5-46B0-954E-48DCD489660E}"= TCP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{D1406979-7B7C-460F-972E-09482959B1E7}"= UDP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{343C9735-2C6D-4549-9562-347ABA7FD1DA}"= TCP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{D938BA47-68B5-428F-8A25-8C0D9C3FE3E4}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{8ABC031B-16D4-424B-9100-D2CA4F1E071A}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{5833389A-1EEA-4F16-83BE-10BCA6736087}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{297CFAE5-7C0D-4DD5-85DE-6873107FCB15}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{D47F4ED9-7664-4C0A-A41F-08DA0B38703E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 15:25]
    R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-27 20:13]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
    R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-05-17 20:12]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-07-14 04:30]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-16 00:16]
    R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-25 17:35]
    R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
    R3 UVCFTR;UVCFTR;C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-03-12 21:47]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-11-25 19:06]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-03 17:16]
    S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40]
    S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-23 17:00:12 C:\Windows\Tasks\User_Feed_Synchronization-{F9534452-5B37-48EF-8292-1291B1B40978}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-23 18:03:01
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????-?!??8???`????????????

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-23 18:03:43
    ComboFix-quarantined-files.txt 2008-02-23 17:03:41
    .
    2008-02-22 12:08:28 --- E O F ---
    a b 8 Sécurité
    23 Février 2008 18:15:11

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Windows\mpcodecplg.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    23 Février 2008 18:25:08

    alors voici le rapport combofix.

    ComboFix 08-02-23.2 - alexis 2008-02-23 18:18:55.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1322 [GMT 1:00]
    Endroit: C:\Users\alexis\Desktop\ComboFix.exe

    Command switches used :: C:\Users\alexis\Desktop\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Windows\mpcodecplg.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\mpcodecplg.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-23 17:11 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
    2008-02-23 15:32 --------- d-----w C:\Program Files\Zattoo
    2008-02-23 15:03 --------- d-----w C:\Program Files\dizzler
    2008-02-23 11:30 --------- d-----w C:\Program Files\UltraDefrag
    2008-02-23 11:29 --------- d-----w C:\Program Files\Dofus
    2008-02-23 00:10 --------- d-----w C:\Users\alexis\AppData\Roaming\GlarySoft
    2008-02-23 00:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-23 00:09 --------- d-----w C:\ProgramData\Media Center Programs
    2008-02-23 00:09 --------- d-----w C:\Program Files\Sierra Entertainment
    2008-02-23 00:04 --------- d-----w C:\Users\alexis\AppData\Roaming\uTorrent
    2008-02-23 00:04 --------- d-----w C:\Program Files\Nvu
    2008-02-22 23:59 --------- d-----w C:\Program Files\Glary Utilities
    2008-02-20 09:40 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
    2008-02-20 00:37 --------- d-----w C:\Program Files\World of Warcraft
    2008-02-19 22:57 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-14 19:33 --------- d-----w C:\Users\alexis\AppData\Roaming\Xfire
    2008-02-13 12:46 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-13 12:46 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-13 12:40 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-13 12:40 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-13 12:40 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-13 12:40 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-13 12:40 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-13 12:40 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-13 12:40 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-13 12:40 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-13 12:40 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-13 12:40 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-13 12:40 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-13 12:40 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-13 12:39 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-13 12:39 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-13 12:39 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-13 12:39 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-13 12:39 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-13 12:39 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-13 12:37 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-13 12:37 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-13 12:37 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-13 12:37 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-13 12:36 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2008-02-12 22:05 --------- d-----w C:\Program Files\Yahoo!
    2008-02-12 19:03 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-02-12 19:03 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-02-09 10:39 --------- d-----w C:\Users\alexis\AppData\Roaming\PCF-VLC
    2008-02-09 10:34 --------- d-----w C:\Users\alexis\AppData\Roaming\Participatory Culture Foundation
    2008-02-09 10:06 --------- d-----w C:\ProgramData\avg7
    2008-02-09 10:02 --------- d-----w C:\Users\alexis\AppData\Roaming\AVG7
    2008-02-06 20:53 --------- d-----w C:\Users\alexis\AppData\Roaming\Vso
    2008-02-06 20:48 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
    2008-02-06 20:48 47,360 ----a-w C:\Users\alexis\AppData\Roaming\pcouffin.sys
    2008-02-06 20:48 --------- d-----w C:\Program Files\VSO
    2008-02-06 13:55 --------- d-----w C:\Program Files\Windows Live
    2008-02-06 13:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-06 13:44 --------- d-----w C:\ProgramData\WLInstaller
    2008-02-04 17:58 --------- d-----w C:\Program Files\FLV Player
    2008-01-25 17:25 --------- d-----w C:\Program Files\UltraVNC
    2008-01-25 17:18 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-01-25 17:18 --------- d-----w C:\Program Files\Sweet Home 3D
    2008-01-25 17:18 --------- d-----w C:\Program Files\CrossLoop
    2008-01-25 14:35 --------- d-----w C:\Program Files\ItsLabel
    2008-01-24 12:32 --------- d-----w C:\Users\alexis\AppData\Roaming\ItsLabel
    2008-01-23 14:22 --------- d-----w C:\Users\alexis\AppData\Roaming\gtk-2.0
    2008-01-23 12:39 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig(452).xml
    2008-01-17 18:23 --------- d-----w C:\ProgramData\Xfire
    2008-01-17 18:05 --------- d-----w C:\Program Files\Xfire
    2008-01-13 22:29 --------- d-----w C:\Program Files\MessengerDiscovery
    2008-01-13 20:15 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-01-13 16:31 --------- d-----w C:\Program Files\Activision
    2008-01-13 16:27 22,328 ----a-w C:\Users\alexis\AppData\Roaming\PnkBstrK.sys
    2008-01-12 15:44 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-01-11 00:30 54,608 ----a-w C:\Windows\System32\xfcodec.dll
    2008-01-09 17:05 18,207,736 ----a-w C:\Users\alexis\VeohSetup-3.8.0.1051.exe
    2008-01-09 16:21 --------- d-----w C:\Program Files\Windows Mail
    2008-01-09 16:20 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-09 13:39 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-09 13:39 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-09 13:39 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-09 02:32 276,368 ----a-w C:\Windows\system32\drivers\vsdatant.sys
    2008-01-09 02:31 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
    2008-01-04 22:25 159,916,982 ----a-w C:\Users\alexis\DofusInstaller_v1_21_0.exe
    2008-01-04 15:49 --------- d-----w C:\Users\moi\AppData\Roaming\DivX
    2008-01-04 15:48 --------- d-----w C:\Users\moi\AppData\Roaming\ATI
    2008-01-03 21:48 --------- d-----w C:\Program Files\Common Files\Steam
    2008-01-03 14:24 --------- d-----w C:\Users\alexis\AppData\Roaming\DivX
    2008-01-03 14:23 --------- d-----w C:\Program Files\DivX
    2008-01-03 14:18 17,322,400 ----a-w C:\Users\alexis\DivXInstaller.exe
    2008-01-03 12:34 --------- d-----w C:\Program Files\Veoh Networks
    2008-01-02 15:58 1,697,248 ----a-w C:\Users\alexis\DivXWebPlayerInstaller1.3Dinavix.exe
    2008-01-01 19:12 --------- d-----w C:\Program Files\RayV
    2008-01-01 14:44 --------- d-----w C:\Users\alexis\AppData\Roaming\MessengerGadget
    2008-01-01 14:29 187,340 ----a-w C:\Users\alexis\ultradefrag-1.2.3.bin.i386.exe
    2007-12-28 22:35 --------- d-----w C:\Program Files\NeoTrace Express
    2007-12-28 11:11 30,968,934 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2007_12_28_12_09_12_full.dmp.zip
    2007-12-28 11:08 --------- d-----w C:\Program Files\Common Files\Real
    2007-12-27 10:29 30,985,797 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2007_12_26_21_32_35_full.dmp.zip
    2007-12-26 20:32 65,024 ----a-w C:\Windows\IFinst26.exe
    2007-12-26 20:30 --------- d-----w C:\Program Files\Samsung
    2007-12-24 18:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-23 09:28 --------- d-----w C:\ProgramData\Kaspersky Lab
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 12:01 413696]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-30 15:00 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 10:14 4444160 C:\Windows\RtHDVCpl.exe]
    "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 09:39 411192]
    "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 15:49 55416]
    "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 14:57 509496]
    "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 15:32 538744]
    "HWSetup"="\HWSetup.exe" [ ]
    "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 19:42 438272]
    "NDSTray.exe"="NDSTray.exe" []
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-27 06:32 898344]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 06:00 204800]
    "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C5C2DDDE-206E-4310-B641-94DD2EA7C806}"= UDP:C:\Program Files\Sierra Entertainment\Démo World in Conflict\wic.exe:D émo World in Conflict
    "{26B03EDB-2B99-4DE5-8374-DEACA6A0C173}"= TCP:C:\Program Files\Sierra Entertainment\Démo World in Conflict\wic.exe:D émo World in Conflict
    "TCP Query User{D33D4649-8D0A-48FB-8B7B-385225EDC8D8}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "UDP Query User{DC3F91A3-9054-4035-A7CF-64E1FAD94DB9}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "TCP Query User{33F2634A-5921-4E16-A2CF-64B02B043772}C:\program files\real\realplayer\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer|Desc=RealPlayer
    "UDP Query User{E8975846-6D3F-4942-AF9D-E869D2AFC15F}C:\program files\real\realplayer\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer|Desc=RealPlayer
    "TCP Query User{E0AC8731-D945-4D6F-963B-8988B157C9E8}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
    "UDP Query User{2DB1159B-9340-4C6B-ADEB-FC011AEB560F}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
    "{34F3DD0F-1BDE-4039-B2EF-C3F06256C89B}"= UDP:C:\Program Files\CEZEO software\LanTalk XP\LanTalk.exe:LanTalk XP Messenger
    "{E9C59E1B-1203-48C8-BFCC-AD427522DC4F}"= TCP:C:\Program Files\CEZEO software\LanTalk XP\LanTalk.exe:LanTalk XP Messenger
    "TCP Query User{CB7B52CA-67C5-44C5-BFD2-65991FAF3C27}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "UDP Query User{8CC26703-2B32-4836-B6B2-847454B98334}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "TCP Query User{5904DADF-4C62-413E-B14D-0EAA60C8D125}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
    "UDP Query User{7DD00FEF-7429-41C5-A57C-FF56E4193573}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
    "TCP Query User{B379E3C2-2430-4BB9-9410-8E1D1BBFF166}C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe"= UDP:C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe:D ofus Client|Desc=Dofus Client
    "UDP Query User{8F220F3B-3BDF-4134-AA8C-DF89E3D4A719}C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe"= TCP:C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe:D ofus Client|Desc=Dofus Client
    "TCP Query User{EC1546C3-33BD-4689-96EC-7058637F4BF1}C:\windows\system32\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
    "UDP Query User{89747583-76E6-4DEA-A52F-ABA98A753C6C}C:\windows\system32\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
    "TCP Query User{DA7C8FE9-9591-4CCD-B05F-A8B6CFD2D2F4}C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe"= UDP:C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe:D ofus Client|Desc=Dofus Client
    "UDP Query User{1ABDFD43-CFB0-408C-A7D5-F4EA3392F100}C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe"= TCP:C:\program files\ankama games\dofusbetahardcore\dofusbetahardcore.exe:D ofus Client|Desc=Dofus Client
    "TCP Query User{5B7D6556-A37C-4FD3-B643-8614682F6437}C:\windows\system32\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
    "UDP Query User{18189D8A-3DA9-446A-8790-3DAA2676683D}C:\windows\system32\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
    "TCP Query User{79FD54D9-5052-4DE5-9086-F7BCB03F75E9}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
    "UDP Query User{EBC995C1-B607-4222-BCDB-E415EBD9B879}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
    "TCP Query User{8C38CD06-5AA6-4D48-944C-F5A098FA2626}C:\program files\valve\steam\steamapps\xoniax\condition zero\hl.exe"= UDP:C:\program files\valve\steam\steamapps\xoniax\condition zero\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher
    "UDP Query User{E6584009-FFEB-48B8-9406-6E702F193CAE}C:\program files\valve\steam\steamapps\xoniax\condition zero\hl.exe"= TCP:C:\program files\valve\steam\steamapps\xoniax\condition zero\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher
    "TCP Query User{3AB7EC81-FC7F-4037-86A2-03495C8B841A}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
    "UDP Query User{52BA3292-A890-4326-ACA7-A231D204297E}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
    "TCP Query User{EF4B6694-0200-4163-BC55-BF5CDBD000D4}C:\program files\codemasters\rf online;\rf.exe"= UDP:C:\program files\codemasters\rf online;\rf.exe:RFLauncher|Desc=RFLauncher
    "UDP Query User{7BDD3A51-2AEA-47C2-9319-8BA04E64D23E}C:\program files\codemasters\rf online;\rf.exe"= TCP:C:\program files\codemasters\rf online;\rf.exe:RFLauncher|Desc=RFLauncher
    "TCP Query User{3734A43D-7723-48FD-A56A-DCBC055DA40A}C:\program files\valve\steam\steamapps\xoniax\counter-strike\hl.exe"= UDP:C:\program files\valve\steam\steamapps\xoniax\counter-strike\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher
    "UDP Query User{D7E9B24F-CD70-4021-953C-BCB394AFDA17}C:\program files\valve\steam\steamapps\xoniax\counter-strike\hl.exe"= TCP:C:\program files\valve\steam\steamapps\xoniax\counter-strike\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher
    "{E8F63E2E-816C-4C9F-9A5D-25453E24871F}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
    "{A6C5E231-8B78-49CB-A1F2-2EF9781298DA}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
    "{027DAD55-B3FE-42CD-9E25-DC90828077A9}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - En ligne uniquement
    "{BA25E098-6300-4A6D-8D87-A8477BBA2E09}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - En ligne uniquement
    "{1D135037-9F70-4830-A8CD-04017F12896C}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Serveur dédié
    "{56C0BF04-4CF6-46BE-8D88-60874A2FF5B5}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Serveur dédié
    "{8346DF37-7014-4A1C-9994-43BC8FE9BA5E}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
    "{49AC85F4-FDB5-4C42-9949-70506749AD04}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
    "{C518158C-C635-4B35-94FE-976A7971F4B7}"= UDP:C:\Program Files\RayV\RayV\RayV.exe:RayV
    "{1A9AFBB8-9F1F-4857-B924-6A47671B2B4E}"= TCP:C:\Program Files\RayV\RayV\RayV.exe:RayV
    "{8F946687-9DA6-41CD-9AD1-7E40FB483536}"= UDP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{BF485548-5BF5-46B0-954E-48DCD489660E}"= TCP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{D1406979-7B7C-460F-972E-09482959B1E7}"= UDP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{343C9735-2C6D-4549-9562-347ABA7FD1DA}"= TCP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{D938BA47-68B5-428F-8A25-8C0D9C3FE3E4}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{8ABC031B-16D4-424B-9100-D2CA4F1E071A}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{5833389A-1EEA-4F16-83BE-10BCA6736087}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{297CFAE5-7C0D-4DD5-85DE-6873107FCB15}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{D47F4ED9-7664-4C0A-A41F-08DA0B38703E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 15:25]
    R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-27 20:13]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
    R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-05-17 20:12]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-07-14 04:30]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-16 00:16]
    R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-25 17:35]
    R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
    R3 UVCFTR;UVCFTR;C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-03-12 21:47]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-11-25 19:06]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-03 17:16]
    S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40]
    S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-23 17:20:18 C:\Windows\Tasks\User_Feed_Synchronization-{F9534452-5B37-48EF-8292-1291B1B40978}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-23 18:19:55
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????-?!??8???`????????????

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-23 18:20:32
    ComboFix-quarantined-files.txt 2008-02-23 17:20:30
    ComboFix2.txt 2008-02-23 17:03:44
    .
    2008-02-22 12:08:28 --- E O F ---

    puis le voila le rapport hijackthis, je precise qu'il n'y a eu aucun redemarage au cas ou cela aurait une importance.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:22:50, on 23/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Users\alexis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NeoTrace Express\NTXcontext.htm
    O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NeoTrace Express\NTXtoolbar.htm (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSN...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

    --
    End of file - 7243 bytes

    23 Février 2008 22:32:52

    reste t'il des virus?
    pour information j'ai décidé de changé d'antivirus pour Antivir après avoir lue un article assez instructif sur le site de malekal qui comparé les 2 antivirus...

    si l'infection a bien etais désinstallé, je vous remercie de m'avoir aidé et je vous soushaite une bonne soirée
    a b 8 Sécurité
    1 Mars 2008 18:37:01

    Désolé pour mon grand retard. Tu es encore là ?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS