Se connecter / S'enregistrer
Votre question

Services.exe utilise trop d'UC!

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Février 2008 03:27:30

Bonjour à tous ,

J'ai remarqué le problème avec services.exe lorsque soudainement mon fan du processeur s'est mis à tourner à fond continuellement, sans raison. J'ai vu que lorsque je suis branché sur internet, services.exe s'emballe et utilise mon UC. J'ai tenté le tout pour le tout en effectuant quelques scans de routine avec notamment AVG Anti-Spyware, Avira Antivir, Combofix, Vundofix et quelques autres, mais sans faire disparaître le problème entièrement.

Voici donc mon rapport hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:51, on 2008-02-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\MDC\AEGIS Client\mgr8021x.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Genie-Soft\GBMPro7\GBMAgent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Genie-Soft\GBMPro7\GBM7.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pierre-Luc Grenier\Bureau\Hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.65.159.182:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {5748461D-C86C-4202-B7A7-FFE9A083823A} - C:\WINDOWS\system32\sstqq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1661562677.dll
O3 - Toolbar: Google Bloc-notes - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1661562677.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GBMPro7Agent] D:\Program Files\Genie-Soft\GBMPro7\GBMAgent.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] D:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Page à noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1661562677.dll/gn_menu1.html
O8 - Extra context menu item: À noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1661562677.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/...
O20 - Winlogon Notify: fjplbqrx - fjplbqrx.dll (file missing)
O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Unknown owner - D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\UnivLaval\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MySQL - Unknown owner - D:\Program.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--
End of file - 9231 bytes

Autres pages sur : services exe utilise

a b 8 Sécurité
17 Février 2008 13:40:28

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    17 Février 2008 20:02:31

    Merci pour cette réponse rapide!!

    Voici mon rapport Combofix :

    ComboFix 08-02-17.2 - Pierre-Luc Grenier 2008-02-17 13:45:32.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.505 [GMT -5:00]
    Endroit: C:\Documents and Settings\Pierre-Luc Grenier\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-16 20:48 . 2008-02-16 20:48 <REP> d-------- C:\Rustbfix
    2008-02-16 17:51 . 2008-02-16 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
    2008-02-16 17:43 . 2008-02-16 17:43 <REP> d-------- C:\Program Files\Avira
    2008-02-16 17:43 . 2008-02-16 17:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-16 17:31 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
    2008-02-16 14:54 . 2004-08-19 18:09 160,768 --a------ C:\WINDOWS\msconfig.exe
    2008-02-14 14:12 . 2008-02-14 14:12 1,158 --a------ C:\WINDOWS\mozver.dat
    2008-02-14 14:08 . 2008-02-14 14:08 0 --a------ C:\WINDOWS\nsreg.dat
    2008-02-13 23:37 . 2008-02-13 23:37 <REP> d-------- C:\Program Files\MDC
    2008-02-13 23:37 . 2008-02-13 23:37 45,056 --a------ C:\WINDOWS\system32\bindctl.dll
    2008-02-13 23:37 . 2008-02-13 23:37 19,915 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2008-02-12 15:49 . 2008-02-12 15:49 14 --a------ C:\WINDOWS\system32\tmpPrst.tgz
    2008-02-10 10:38 . 2008-02-10 01:00 1,593,889 --a------ C:\ComboFix.exe
    2008-02-10 01:43 . 2008-02-10 01:43 <REP> d-------- C:\Documents and Settings\Pierre-Luc Grenier\Application Data\Grisoft
    2008-02-10 01:42 . 2008-02-10 01:42 149 --a------ C:\WINDOWS\wininit.ini
    2008-02-10 01:26 . 2008-02-10 01:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-10 01:26 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-02-10 01:25 . 2008-02-10 01:24 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-10 01:25 . 2008-02-10 01:25 3,462 --a------ C:\WINDOWS\unins000.dat
    2008-02-10 00:32 . 2008-02-10 00:34 <REP> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    2008-02-10 00:04 . 2008-02-10 00:04 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2008-02-09 23:35 . 2008-02-16 18:22 <REP> d-------- C:\VundoFix Backups
    2008-02-09 22:04 . 2008-02-09 22:04 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
    2008-02-09 22:04 . 2008-02-09 22:04 2 --a------ C:\1275973434
    2008-02-09 21:59 . 2008-02-09 21:59 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
    2008-02-09 21:59 . 2008-02-10 01:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
    2008-02-09 21:44 . 2008-02-09 21:58 <REP> d-------- C:\Documents and Settings\Pierre-Luc Grenier\Application Data\Download Manager
    2008-02-09 20:59 . 2008-02-09 21:02 318 --ahs---- C:\WINDOWS\system32\bcbeg.ini
    2008-02-09 20:58 . 2008-02-15 23:28 <REP> d-------- C:\Program Files\Drmupgds
    2008-02-09 20:54 . 2008-02-10 02:08 <REP> d-------- C:\WINDOWS\system32\ver2
    2008-02-09 20:54 . 2008-02-09 20:54 <REP> d-------- C:\WINDOWS\system32\jap8
    2008-02-09 20:54 . 2008-02-16 18:02 <REP> d-------- C:\WINDOWS\system32\hlp6
    2008-02-09 20:54 . 2008-02-10 14:04 <REP> d--hs---- C:\WINDOWS\R3Jlbmllcg
    2008-02-09 20:54 . 2008-02-16 11:15 <REP> d-------- C:\Temp
    2008-02-09 20:54 . 2008-02-09 20:57 <REP> d-------- C:\Program Files\RABCO
    2008-02-09 16:39 . 2008-02-09 16:39 <REP> d-------- C:\Documents and Settings\Pierre-Luc Grenier\Application Data\Nitro PDF
    2008-01-28 20:26 . 2008-01-28 20:27 <REP> d-------- C:\Program Files\SML
    2008-01-17 15:52 . 2008-01-17 15:52 <REP> d-------- C:\Documents and Settings\Pierre-Luc Grenier\Application Data\vlc

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-13 01:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-10 06:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-10 05:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-10 05:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-06 01:01 --------- d-----w C:\Documents and Settings\Pierre-Luc Grenier\Application Data\Azureus
    2008-02-02 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-01-14 21:31 --------- d-----w C:\Documents and Settings\Pierre-Luc Grenier\Application Data\Elluminate
    2008-01-08 09:48 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-24 03:49 --------- d-----w C:\Documents and Settings\Pierre-Luc Grenier\Application Data\CyberLink
    2007-12-24 03:48 --------- d-----w C:\Program Files\Cyberlink
    2007-12-24 03:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2007-12-24 03:17 --------- d-----w C:\Program Files\Zoom Player
    2005-09-09 23:55 35 ----a-w C:\Program Files\SCSSDist.ini
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5748461D-C86C-4202-B7A7-FFE9A083823A}]
    C:\WINDOWS\system32\sstqq.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
    @={30351346-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
    @={30351347-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
    @={30351348-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
    @={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
    @={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
    @={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
    @={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Le Petit Robert Hyperappel"="D:\Program Files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 11:11 22560]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "GBMPro7Agent"="D:\Program Files\Genie-Soft\GBMPro7\GBMAgent.exe" [2007-02-27 08:09 204800]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-02-16 17:49 149024]
    "!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-16 17:57 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Spyware Doctor"="" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fjplbqrx]
    fjplbqrx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mdc]
    notification.dll 2005-05-16 14:51 294912 C:\WINDOWS\system32\notification.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^C2CMonitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\C2CMonitor.lnk
    backup=C:\WINDOWS\pss\C2CMonitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Client Push.LNK]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Client Push.LNK
    backup=C:\WINDOWS\pss\Client Push.LNKCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Universite Laval Client VPN ULaval.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Universite Laval Client VPN ULaval.lnk
    backup=C:\WINDOWS\pss\Universite Laval Client VPN ULaval.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Pierre-Luc Grenier^Menu Démarrer^Programmes^Démarrage^Anapod Manager.lnk]
    path=C:\Documents and Settings\Pierre-Luc Grenier\Menu Démarrer\Programmes\Démarrage\Anapod Manager.lnk
    backup=C:\WINDOWS\pss\Anapod Manager.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Pierre-Luc Grenier^Menu Démarrer^Programmes^Démarrage^RABCO - Auto Update.lnk]
    path=C:\Documents and Settings\Pierre-Luc Grenier\Menu Démarrer\Programmes\Démarrage\RABCO - Auto Update.lnk
    backup=C:\WINDOWS\pss\RABCO - Auto Update.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    --a------ 2007-06-11 04:25 6731312 D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4c0dcf95]
    C:\WINDOWS\system32\hqyeyaaj.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
    --a------ 2007-02-16 17:57 1945960 D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CalendaMail]
    --a------ 2006-02-13 15:38 685186 D:\Program Files\Emula Soft\CalendaMail\CalendaMail.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    --a------ 2005-05-19 08:47 57344 D:\Program Files\CloneCD\CloneCDTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2004-08-19 18:09 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2005-12-10 09:57 133016 D:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drmupgds]
    C:\Program Files\Drmupgds\Drmupgds.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    --a------ 2005-06-10 04:21 217088 C:\Program Files\Microsoft IntelliPoint\point32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-10-30 09:36 256576 D:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    --------- 2007-01-08 22:17 52256 D:\Program Files\CyberLink\PowerDVD\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-02-16 10:54 282624 D:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
    C:\WINDOWS\system32\regscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --------- 2007-03-14 21:01 71216 D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
    --a------ 2007-02-16 17:45 1169776 D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
    --a------ 2005-06-10 04:24 196608 C:\Program Files\Microsoft IntelliType Pro\type32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC6Player]
    C:\Program Files\HHVcdV6Sys\VC6Play.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WintelUpdate]
    c:\exujd.exe

    R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 14:18]
    S2 Apache2.2;Apache2.2;"D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" []
    S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 20:23]
    S3 msftesql$GRENIER;SQL Server FullText Search (GRENIER);"D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe" -s:MSSQL.2 []
    S3 MSSQL$GRENIER;SQL Server (GRENIER);"D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" [2005-10-14 03:51]
    S3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
    S3 SQLAgent$GRENIER;SQL Server Agent (GRENIER);"D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE" [2005-10-14 03:51]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;"D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 06:01]
    S4 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;D:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR []
    S4 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-19 18:09]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-17 18:25:08 C:\WINDOWS\Tasks\GBMPro7 Task - Data.job"
    - D:\Program Files\Genie-Soft\GBMPro7\GBM7.exe
    "2008-02-17 18:52:11 C:\WINDOWS\Tasks\XoftSpySE 2.job"
    - D:\Program Files\XoftSpySE\XoftSpy.exe
    "2008-01-26 08:56:52 C:\WINDOWS\Tasks\XoftSpySE.job"
    - D:\Program Files\XoftSpySE\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-17 13:53:11
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Le Petit Robert Hyperappel = D:\Program Files\Le Robert\Le Petit Robert\prhyper.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????\??? /??\??????????????????????|? ??\???Q??|x???m??|????????\??????|Z????????????,K????????????

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql$GRENIER]
    "ImagePath"="\"D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:GRENIER"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-17 13:57:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-17 18:56:59
    ComboFix2.txt 2008-02-16 17:48:41
    ComboFix3.txt 2008-02-16 16:40:12
    ComboFix4.txt 2008-02-10 15:56:02
    ComboFix5.txt 2008-02-10 06:16:57
    Contenus similaires
    a b 8 Sécurité
    17 Février 2008 20:13:04

    Re,

    Télécharge Gmer.
    Dézippe le dans un dossier ou sur ton bureau.

    Déconnecte toi d'Internet puis et ferme tous les programmes.
    Double-clique sur Gmer.exe.

    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

    Clique sur l'onglet rootkit.
    A droite, coche Files et Services.
    Clique maintenant sur Scan.

    Lorsque le scan est terminé, clique sur Copy.

    Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
    17 Février 2008 20:33:21

    Re,

    Voici le rapport Gmer :

    GMER 1.0.14.14116 - http://www.gmer.net
    Rootkit scan 2008-02-17 14:30:14
    Windows 5.1.2600 Service Pack 2


    ---- Services - GMER 1.0.14 ----

    Service C:\WINDOWS\system32\4fdw.dll (*** hidden *** ) [SYSTEM] 4fdw <-- ROOTKIT !!!
    Service system32\DRIVERS\obvious.sys (*** hidden *** ) [SYSTEM] obvious <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.14 ----
    a b 8 Sécurité
    17 Février 2008 21:24:25

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\hqyeyaaj.dll

    Rootkit::
    C:\WINDOWS\system32\4fdw.dll
    C:\WINDOWS\system32\DRIVERS\obvious.sys

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5748461D-C86C-4202-B7A7-FFE9A083823A}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4c0dcf95]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    17 Février 2008 22:02:23

    Re,

    Voici le rapport Combofix :

    ComboFix 08-02-17.2 - Pierre-Luc Grenier 2008-02-17 15:37:16.6 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.496 [GMT -5:00]
    Endroit: C:\Documents and Settings\Pierre-Luc Grenier\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Pierre-Luc Grenier\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\hqyeyaaj.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\4fdw.dll
    C:\WINDOWS\system32\DRIVERS\obvious.sys

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-17 15:42 . 2008-02-17 15:42 73 --a------ C:\WINDOWS\system32\ssprs.dll
    2008-02-17 15:42 . 2008-02-17 15:42 0 --a------ C:\WINDOWS\system32\tmpPrst.dll
    2008-02-17 15:42 . 2008-02-17 15:42 0 --a------ C:\WINDOWS\system32\lsprst7.dll
    2008-02-17 14:23 . 2008-02-17 14:24 250 --a------ C:\WINDOWS\gmer.ini
    2008-02-16 20:48 . 2008-02-16 20:48 <REP> d-------- C:\Rustbfix
    2008-02-16 17:51 . 2008-02-16 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
    2008-02-16 17:43 . 2008-02-16 17:43 <REP> d-------- C:\Program Files\Avira
    2008-02-16 17:43 . 2008-02-16 17:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-16 17:31 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
    2008-02-16 14:54 . 2004-08-19 18:09 160,768 --a------ C:\WINDOWS\msconfig.exe
    2008-02-14 14:12 . 2008-02-14 14:12 1,158 --a------ C:\WINDOWS\mozver.dat
    2008-02-14 14:08 . 2008-02-14 14:08 0 --a------ C:\WINDOWS\nsreg.dat
    2008-02-13 23:37 . 2008-02-13 23:37 <REP> d-------- C:\Program Files\MDC
    2008-02-13 23:37 . 2008-02-13 23:37 45,056 --a------ C:\WINDOWS\system32\bindctl.dll
    2008-02-13 23:37 . 2008-02-13 23:37 19,915 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2008-02-12 15:49 . 2008-02-12 15:49 14 --a------ C:\WINDOWS\system32\tmpPrst.tgz
    2008-02-10 10:38 . 2008-02-10 01:00 1,593,889 --a------ C:\ComboFix.exe
    2008-02-10 01:43 . 2008-02-10 01:43 <REP> d-------- C:\Documents and Settings\Pierre-Luc Grenier\Application Data\Grisoft
    2008-02-10 01:42 . 2008-02-10 01:42 149 --a------ C:\WINDOWS\wininit.ini
    2008-02-10 01:26 . 2008-02-10 01:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-10 01:26 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-02-10 01:25 . 2008-02-10 01:24 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-10 01:25 . 2008-02-10 01:25 3,462 --a------ C:\WINDOWS\unins000.dat
    2008-02-10 00:32 . 2008-02-10 00:34 <REP> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    2008-02-10 00:04 . 2008-02-10 00:04 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2008-02-09 23:35 . 2008-02-16 18:22 <REP> d-------- C:\VundoFix Backups
    2008-02-09 22:04 . 2008-02-09 22:04 2 --a------ C:\1275973434
    2008-02-09 21:59 . 2008-02-09 21:59 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
    2008-02-09 21:59 . 2008-02-10 01:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
    2008-02-09 21:44 . 2008-02-09 21:58 <REP> d-------- C:\Documents and Settings\Pierre-Luc Grenier\Application Data\Download Manager
    2008-02-09 20:59 . 2008-02-09 21:02 318 --ahs---- C:\WINDOWS\system32\bcbeg.ini
    2008-02-09 20:58 . 2008-02-15 23:28 <REP> d-------- C:\Program Files\Drmupgds
    2008-02-09 20:54 . 2008-02-10 02:08 <REP> d-------- C:\WINDOWS\system32\ver2
    2008-02-09 20:54 . 2008-02-09 20:54 <REP> d-------- C:\WINDOWS\system32\jap8
    2008-02-09 20:54 . 2008-02-16 18:02 <REP> d-------- C:\WINDOWS\system32\hlp6
    2008-02-09 20:54 . 2008-02-10 14:04 <REP> d--hs---- C:\WINDOWS\R3Jlbmllcg
    2008-02-09 20:54 . 2008-02-16 11:15 <REP> d-------- C:\Temp
    2008-02-09 20:54 . 2008-02-09 20:57 <REP> d-------- C:\Program Files\RABCO
    2008-02-09 16:39 . 2008-02-09 16:39 <REP> d-------- C:\Documents and Settings\Pierre-Luc Grenier\Application Data\Nitro PDF
    2008-01-28 20:26 . 2008-01-28 20:27 <REP> d-------- C:\Program Files\SML
    2008-01-17 15:52 . 2008-01-17 15:52 <REP> d-------- C:\Documents and Settings\Pierre-Luc Grenier\Application Data\vlc

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-13 01:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-10 06:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-10 05:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-10 05:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-06 01:01 --------- d-----w C:\Documents and Settings\Pierre-Luc Grenier\Application Data\Azureus
    2008-02-02 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-01-14 21:31 --------- d-----w C:\Documents and Settings\Pierre-Luc Grenier\Application Data\Elluminate
    2008-01-08 09:48 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-24 03:49 --------- d-----w C:\Documents and Settings\Pierre-Luc Grenier\Application Data\CyberLink
    2007-12-24 03:48 --------- d-----w C:\Program Files\Cyberlink
    2007-12-24 03:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2007-12-24 03:17 --------- d-----w C:\Program Files\Zoom Player
    2005-09-09 23:55 35 ----a-w C:\Program Files\SCSSDist.ini
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
    @={30351346-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
    @={30351347-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
    @={30351348-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
    @={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
    @={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
    @={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
    @={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

    [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-08-26 10:40 536576 --a------ D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Le Petit Robert Hyperappel"="D:\Program Files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 11:11 22560]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "GBMPro7Agent"="D:\Program Files\Genie-Soft\GBMPro7\GBMAgent.exe" [2007-02-27 08:09 204800]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-02-16 17:49 149024]
    "!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-16 17:57 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Spyware Doctor"="" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fjplbqrx]
    fjplbqrx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mdc]
    notification.dll 2005-05-16 14:51 294912 C:\WINDOWS\system32\notification.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^C2CMonitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\C2CMonitor.lnk
    backup=C:\WINDOWS\pss\C2CMonitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Client Push.LNK]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Client Push.LNK
    backup=C:\WINDOWS\pss\Client Push.LNKCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Universite Laval Client VPN ULaval.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Universite Laval Client VPN ULaval.lnk
    backup=C:\WINDOWS\pss\Universite Laval Client VPN ULaval.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Pierre-Luc Grenier^Menu Démarrer^Programmes^Démarrage^Anapod Manager.lnk]
    path=C:\Documents and Settings\Pierre-Luc Grenier\Menu Démarrer\Programmes\Démarrage\Anapod Manager.lnk
    backup=C:\WINDOWS\pss\Anapod Manager.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Pierre-Luc Grenier^Menu Démarrer^Programmes^Démarrage^RABCO - Auto Update.lnk]
    path=C:\Documents and Settings\Pierre-Luc Grenier\Menu Démarrer\Programmes\Démarrage\RABCO - Auto Update.lnk
    backup=C:\WINDOWS\pss\RABCO - Auto Update.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    --a------ 2007-06-11 04:25 6731312 D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
    --a------ 2007-02-16 17:57 1945960 D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CalendaMail]
    --a------ 2006-02-13 15:38 685186 D:\Program Files\Emula Soft\CalendaMail\CalendaMail.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    --a------ 2005-05-19 08:47 57344 D:\Program Files\CloneCD\CloneCDTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2004-08-19 18:09 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2005-12-10 09:57 133016 D:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drmupgds]
    C:\Program Files\Drmupgds\Drmupgds.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    --a------ 2005-06-10 04:21 217088 C:\Program Files\Microsoft IntelliPoint\point32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-10-30 09:36 256576 D:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    --------- 2007-01-08 22:17 52256 D:\Program Files\CyberLink\PowerDVD\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-02-16 10:54 282624 D:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
    C:\WINDOWS\system32\regscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --------- 2007-03-14 21:01 71216 D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
    --a------ 2007-02-16 17:45 1169776 D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
    --a------ 2005-06-10 04:24 196608 C:\Program Files\Microsoft IntelliType Pro\type32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC6Player]
    C:\Program Files\HHVcdV6Sys\VC6Play.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WintelUpdate]
    c:\exujd.exe

    R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 14:18]
    S1 4fdw;4fdw;C:\WINDOWS\system32\4fdw.dll []
    S2 Apache2.2;Apache2.2;"D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" []
    S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 20:23]
    S3 msftesql$GRENIER;SQL Server FullText Search (GRENIER);"D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe" -s:MSSQL.2 []
    S3 MSSQL$GRENIER;SQL Server (GRENIER);"D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" [2005-10-14 03:51]
    S3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
    S3 SQLAgent$GRENIER;SQL Server Agent (GRENIER);"D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE" [2005-10-14 03:51]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;"D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 06:01]
    S4 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;D:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR []
    S4 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-19 18:09]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-17 18:25:08 C:\WINDOWS\Tasks\GBMPro7 Task - Data.job"
    - D:\Program Files\Genie-Soft\GBMPro7\GBM7.exe
    "2008-02-17 20:42:03 C:\WINDOWS\Tasks\XoftSpySE 2.job"
    - D:\Program Files\XoftSpySE\XoftSpy.exe
    "2008-01-26 08:56:52 C:\WINDOWS\Tasks\XoftSpySE.job"
    - D:\Program Files\XoftSpySE\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-17 15:42:51
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Le Petit Robert Hyperappel = D:\Program Files\Le Robert\Le Petit Robert\prhyper.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????\??? /??\??????????????????????|? ??\???Q??|x???m??|????????\??????|Z????????????,K????????????

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql$GRENIER]
    "ImagePath"="\"D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:GRENIER"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-17 15:46:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-17 20:46:55
    ComboFix2.txt 2008-02-17 18:57:03
    ComboFix3.txt 2008-02-16 17:48:41
    ComboFix4.txt 2008-02-16 16:40:12
    ComboFix5.txt 2008-02-10 15:56:02




    Et le rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:58:24, on 2008-02-17
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    D:\Program Files\Genie-Soft\GBMPro7\GBMAgent.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Pierre-Luc Grenier\Bureau\Hjt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1661562677.dll
    O3 - Toolbar: Google Bloc-notes - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1661562677.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [GBMPro7Agent] D:\Program Files\Genie-Soft\GBMPro7\GBMAgent.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] D:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Page à noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1661562677.dll/gn_menu1.html
    O8 - Extra context menu item: À noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1661562677.dll/gn_menu2.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
    O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/...
    O20 - Winlogon Notify: fjplbqrx - fjplbqrx.dll (file missing)
    O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apache2.2 - Unknown owner - D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\UnivLaval\cvpnd.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: MySQL - Unknown owner - D:\Program.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

    --
    End of file - 8771 bytes


    a b 8 Sécurité
    17 Février 2008 22:06:31

    Mieux ?
    17 Février 2008 22:26:01

    Oui vraiment, services.exe utilise beaucoup moins d'espace mémoire et son UC est à 0!

    Je vais continuer d'observer si je ne vois pas d'autres comportements bizzares.

    Question, c'est quelle genre d'attaque au juste? Est-ce que je peux m'être fait voler des informations ou autres? De ce que j'ai constaté, c'est comme si des données était transféré par internet via services.exe, puisque lorsque celui-ci s'emballait, mon down/up augmentait aussi.

    Dans tous les cas, je te remercie vraiment pour ton aide efficace!

    A+
    a b 8 Sécurité
    18 Février 2008 12:24:10

    Tu étais victime de deux rootkits. Tiens moi au courant.
    18 Février 2008 19:04:23

    Re,

    J'ai refait un scan avec GMER et un des deux rootkit semble toujours présent :

    GMER 1.0.14.14116 - http://www.gmer.net
    Rootkit scan 2008-02-18 13:00:21
    Windows 5.1.2600 Service Pack 2


    ---- Services - GMER 1.0.14 ----

    Service system32\DRIVERS\obvious.sys (*** hidden *** ) [SYSTEM] obvious <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.14 ----
    a b 8 Sécurité
    18 Février 2008 19:32:03

    Refais un scan Combofix.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS