Barre d'outil Mirar - Sécurité, virus et assimilés::Spam

Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...

Auteur

Message

Lostboy14

Posté le 26/01/2008 19:09:19

Bonsoir. Je n'arrive pas à enlever la barre d'outil Mirar alors que je n'ai rien fait pour l'avoir. Quelqu'un pourrait m'aider à m'en débarasser svp? Merki d'avance

Diablo_n_me

Posté le 26/01/2008 19:26:53

Bonjour

poste un rapport hijackthis

Aide toi ici :
http://www.sasi.ifrance.com/hijackthis_tutoriel.htm

Lostboy14

Posté le 26/01/2008 19:33:30

Logfile of HijackThis v1.99.1
Scan saved at 19:32:53, on 26/01/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\System32\service.exe
C:\Users\Jacques-Antoine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1TFLVYDD\HijackThis[2].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\Windows\system32\WinNB58.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\Windows\system32\WinNB58.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MDNS] C:\Windows\system32\service.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Media Share Synch Service (IMSSync) - Intel® Corporation - C:\Program Files\Intel\Intel Media Share Software\IMSSync.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Diablo_n_me

Posté le 26/01/2008 19:35:54

En plus sur Vista

Suis ce tutorial et Génére un rapport avec la version 2 pas avec celle-ci
http://www.sasi.ifrance.com/hijackthis_tutoriel.htm

Lostboy14

Posté le 26/01/2008 19:44:33

La page ne veut pas s'ouvrir

Lostboy14

Posté le 26/01/2008 19:52:34

Si c'est bon ca a bugué quelques minutes.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:28, on 26/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\service.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\Windows\system32\WinNB58.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\Windows\system32\WinNB58.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MDNS] C:\Windows\system32\service.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Media Share Synch Service (IMSSync) - Intel® Corporation - C:\Program Files\Intel\Intel Media Share Software\IMSSync.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

--
End of file - 8143 bytes

bibou0007

team sécurité
:-)

Posté le 26/01/2008 20:57:16

en attendant le retour de Diablo_n_me

Télécharge BTFix de Bibi26.

Dézippe l'archive sur ton Bureau.

Ouvre le dossier BTFix.

Double clique sur BTFix.exe.

Clique sur Rechercher.

Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

---------------------------------------------

Ouvre BTFix.

Clique sur Nettoyer.

Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

-------
http://bibou0007.com/
-------
Il est plus simple d'infecter votre pc que de le désinfecter,pensez y.Ne pas cliquer ici!

Lostboy14

Posté le 26/01/2008 21:52:20

BTFix 1.071 (par bibi26) - 26/01/2008 21:51:32 - Analyse
Lancé depuis C:\Users\Jacques-Antoine\Desktop\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\Windows\system32\service.exe
- C:\Windows\system32\WinNB58.dll

---> Analyse terminée

Lostboy14

Posté le 26/01/2008 21:54:03

Il ne se passe rien quand je mets nettoyer

bibou0007

team sécurité
:-)

Posté le 26/01/2008 21:57:09

desactive l uac peut etre !!

voir la

http://bibou0007.com/tutos-f45/tutorial-desactiver-l-uac-sur-vista-t132.htm

-------
http://bibou0007.com/
-------
Il est plus simple d'infecter votre pc que de le désinfecter,pensez y.Ne pas cliquer ici!

Lostboy14

Posté le 26/01/2008 22:07:34

BTFix 1.071 (par bibi26) - 26/01/2008 22:04:23 - Nettoyage - Mode normal
Lancé depuis C:\Users\Jacques-Antoine\Desktop\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés
- C:\Windows\system32\service.exe
- C:\Windows\system32\WinNB58.dll

---> Nettoyage terminé

bibou0007

team sécurité
:-)

Posté le 26/01/2008 22:17:22

tu me remettra un hijacthis!!stp

-------
http://bibou0007.com/
-------
Il est plus simple d'infecter votre pc que de le désinfecter,pensez y.Ne pas cliquer ici!

Lostboy14

Posté le 26/01/2008 22:17:35

Je te remercie parce que visiblement la barre mirar a disparu et le programme mirar n'apparait plus dans ma liste de programme installés. Merci beaucoup. Bonne soirée

bibou0007

team sécurité
:-)

Posté le 26/01/2008 22:18:12

c est pas fini je t ai rep plus haut

-------
http://bibou0007.com/
-------
Il est plus simple d'infecter votre pc que de le désinfecter,pensez y.Ne pas cliquer ici!

Lostboy14

Posté le 26/01/2008 22:18:43

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:28, on 26/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\service.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\Windows\system32\WinNB58.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\Windows\system32\WinNB58.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MDNS] C:\Windows\system32\service.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Media Share Synch Service (IMSSync) - Intel® Corporation - C:\Program Files\Intel\Intel Media Share Software\IMSSync.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

--
End of file - 8143 bytes

bibou0007

team sécurité
:-)

Posté le 26/01/2008 22:23:53

c est une vrai plais ce truc meme si il n apparait plus il est encore la!!

Télécharge combofix de sUBs

lien et tuto ici
suis les indications et poste le rapport et un nouveau rapport hijackthis dans ton prochain message.

bibou0007

-------
http://bibou0007.com/
-------
Il est plus simple d'infecter votre pc que de le désinfecter,pensez y.Ne pas cliquer ici!

Lostboy14

Posté le 26/01/2008 22:28:02

Il faut que je désactive mon anti virus?

bibou0007

team sécurité
:-)

Posté le 26/01/2008 22:29:35

oui c mieux!!
mais de toute facon avast ne vois rien lol
si tu voudras etre mieux proteger aprés ta desinfection dit le moi j ai bcp as te prosé et gratos aussi!!

-------
http://bibou0007.com/
-------
Il est plus simple d'infecter votre pc que de le désinfecter,pensez y.Ne pas cliquer ici!

Lostboy14

Posté le 26/01/2008 22:35:06

ComboFix 08-01-23.1C - Jacques-Antoine 2008-01-26 22:29:29.1 - NTFSx86
Endroit: C:\Users\Jacques-Antoine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQ5DPWQR\ComboFix[1].exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))))))))
.

2008-01-26 22:25 . 2000-08-31 08:00 51,200 --a------ C:\Windows\Nircmd.exe
2008-01-26 22:02 . 2008-01-26 22:02 54,156 --ah----- C:\Windows\QTFont.qfn
2008-01-26 22:02 . 2008-01-26 22:02 1,409 --a------ C:\Windows\QTFont.for
2008-01-26 19:51 . 2008-01-26 19:51 <REP> d-------- C:\Program Files\Trend Micro
2008-01-26 02:12 . 2008-01-26 02:12 <REP> d-------- C:\Program Files\PlayMP3z
2008-01-23 11:20 . 2008-01-23 11:20 <REP> d--hs---- C:\Windows\ftpcache
2008-01-19 18:01 . 2008-01-19 18:01 <REP> d-------- C:\Program Files\EA GAMES
2008-01-19 18:01 . 2005-02-26 06:34 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
2008-01-12 17:14 . 2008-01-12 18:39 <REP> d-------- C:\Program Files\Incomplete
2008-01-12 15:34 . 2008-01-12 15:34 <REP> d-------- C:\Program Files\iTunes
2008-01-12 15:34 . 2008-01-12 15:34 <REP> d-------- C:\Program Files\iPod
2008-01-12 15:31 . 2008-01-12 15:32 <REP> d-------- C:\Program Files\QuickTime
2008-01-12 15:30 . 2008-01-12 15:30 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-12 15:28 . 2008-01-12 15:28 <REP> d-------- C:\Program Files\Common Files\Apple
2008-01-12 15:01 . 2008-01-12 15:01 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-12 15:01 . 2008-01-12 15:01 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-12 15:01 . 2008-01-12 15:01 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-12 15:01 . 2008-01-12 15:01 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-12 15:01 . 2008-01-12 15:01 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-12 15:00 . 2008-01-12 15:00 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-12 15:00 . 2008-01-12 15:00 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-12 14:59 . 2008-01-12 14:59 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-12 14:59 . 2008-01-12 14:59 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-12 14:59 . 2008-01-12 14:59 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-12 14:59 . 2008-01-12 14:59 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-12 14:59 . 2008-01-12 14:59 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-12 14:59 . 2008-01-12 14:59 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-12 14:59 . 2008-01-12 14:59 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-12 14:59 . 2008-01-12 14:59 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-02 17:45 . 2008-01-02 17:46 <REP> d-------- C:\Program Files\Picasa2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 20:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 20:58 --------- d-----w C:\Program Files\Samsung
2008-01-23 10:00 --------- d-----w C:\Program Files\LucasArts
2008-01-12 17:40 --------- d-----w C:\Program Files\LimeWire
2008-01-12 14:03 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-12 14:03 --------- d-----w C:\Program Files\Windows Mail
2008-01-12 14:00 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-12 14:00 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-12 14:00 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-12 14:00 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-04 13:06 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-15 01:07 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-15 01:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-15 01:06 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-15 01:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-15 01:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-15 01:05 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-15 01:05 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-15 01:05 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-15 01:05 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-15 01:05 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-15 01:05 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-15 01:04 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-15 01:04 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-04 14:53 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 14:51 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-11-22 09:15 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-22 09:15 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-22 09:15 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-22 09:15 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-22 09:15 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-22 09:15 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-22 09:15 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-22 09:15 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-22 09:15 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-22 09:15 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-22 09:12 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-08-29 10:29 174 --sha-w C:\Program Files\desktop.ini
2007-03-21 00:32 3,062 ----a-w C:\Program Files\MSetup.xml
2007-02-12 03:12 2,010 ----a-w C:\Program Files\MSetup.ini
2007-01-09 00:43 528,040 ----a-w C:\Program Files\MSetup.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-21 17:27 171448]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 14:59 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-10 14:34 185632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\Windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=C:\Windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2006-11-02 13:35 125440 C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaBarFileManager]
--a------ 2007-06-25 10:55 30024 C:\Program Files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-09 16:31 8429568 C:\Windows\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-09 16:31 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-04-09 16:31 86016 C:\Windows\system32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Play AVStation TV Scheduler]
--a------ 2007-01-08 10:09 73728 C:\Program Files\Samsung\Play AVStation\TvScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-03-14 07:50 4399104 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
--a------ 2007-02-05 03:05 4354048 C:\Program Files\Shareaza\Shareaza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-12 14:59 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-21 17:27 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-02-06 10:17 839680 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViivMonitor]
--a------ 2007-03-10 12:41 69632 C:\Program Files\Intel\Intel Media Share Software\ViivMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-07-20 10:25 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 13:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-26 20:46:26 C:\Windows\Tasks\User_Feed_Synchronization-{AC27B4C3-1931-4862-AA84-3E468DFCB8BC}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 22:31:52
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-01-26 22:33:29
.
2008-01-12 14:01:57 --- E O F ---

Lostboy14

Posté le 26/01/2008 22:36:46

bibou0007

team sécurité
:-)

Posté le 26/01/2008 22:44:48

oki
il fait de la resistence !!

on va l avoir

Note: Cette procédure a été créée spécifiquement pour cet utilisateur ! Si vous n'êtes pas cet utilisateur en question, ne suivez pas ces instructions au risque d'endommager votre PC !!!

tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
[list]

Lance HijackThis

Clic sur "Do a system scan only"

Tu coches les lignes suivantes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\Windows\system32\WinNB58.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\Windows\system32\WinNB58.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

[/list]
Fix checked

ensuite fait ca

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.

Double-clique sur OTMoveIt.exe pour le lancer.

Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!

Copie le texte qui se trouve dans l'encadré ci-dessous, et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.

C:\Windows\System32\service.exe
C:\Windows\system32\WinNB58.dll

Clique sur MoveIt! pour lancer la suppression.

Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.

Redémarre ton PC

Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.

+ un hijackthis

A+ bibou0007

-------
http://bibou0007.com/
-------
Il est plus simple d'infecter votre pc que de le désinfecter,pensez y.Ne pas cliquer ici!

Lostboy14

Posté le 26/01/2008 22:53:35

Le blem c'est que il n'y a pas possibilité de coché :

O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\Windows\system32\WinNB58.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\Windows\system32\WinNB58.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

parce qu'il n'aparaisse pas dans la liste

bibou0007

team sécurité
:-)

Posté le 26/01/2008 23:10:00

remet un hijackthis

-------
http://bibou0007.com/
-------
Il est plus simple d'infecter votre pc que de le désinfecter,pensez y.Ne pas cliquer ici!

Lostboy14

Posté le 26/01/2008 23:14:37

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13:43, on 26/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Pr