[Résolu]probleme fenêtres pour anti-spyware (virtumonde ?)

Deidara · Membre Inscrit le: 21 Déc 2007 Messages: 12

Bonjour,

Volia mon probleme : depuis quelque temps j'ai constaté l'apparition de fenêtre indésirées directement incrustées dans IE 7 me disant que j'ai un spyware et me conseillant de faire un scan en cliquant dessus (ce que je ne fait pas); Parfois un pop-up s'ouvre sur une page appellée protectionconnue.com qui veut absolument m'installer un anti-spyware même si je click sur annuler mais le telechargement est quand meme bloqué par mon PC.
Pour l'instant j'ai utilisé Avast, spybot S&D, ad-aware et AVG.
A chaque fois des choses ont été trouvé (sauf avast) et supprimées mais le problème persiste.
J'ai donc fait un scan Panda dont voici le résultat :

ANALYSIS: 2007-12-21 09:48:14
PROTECTIONS: 2
MALWARE: 12
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Internet Security 2006 2006 Yes Yes
avast! antivirus 4.7.1098 [VPS 071220-0] 4.7.1098 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@doubleclick[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@tradedoubler[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@fastclick[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@xiti[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@adtech[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@bluestreak[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@smartadserver[2].txt
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ytcashpb.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\xlcyaswy.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\qpupclhy.dll
02884436 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\UQKRNHBU.DLL
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\UL3V3B34\ptch[1]
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\aeqlvebd.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\cxrapcfr.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ergikpcg.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\hbilrkek.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\HXFQOKUX\hctp[1]
02884444 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\CFTRVVXU.DLL
02884444 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\ILSNHKXT.DLL
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OZLP6U20\gamadril20071203[1]
02885768 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\DDCYVTU.DLL
02886801 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\DDABC.DLL
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;=====================================

merci d'avance pour votre aide

Deidara · Membre Inscrit le: 21 Déc 2007 Messages: 12

Voila également le résultat du scan hjackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:53:59, on 21/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [d8642aa3] rundll32.exe "C:\WINDOWS\system32\cftrvvxu.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephrugby83.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://stephrugby83.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

--
End of file - 11524 bytes

VertigO · Modérateur Inscrit le: 18 Sep 2007 Messages: 294

Salut,

(bizarre, j'avais pas encore vu ton sujet).

Télécharge Combofix sUBs : combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.
_________________

Deidara · Membre Inscrit le: 21 Déc 2007 Messages: 12

Salut VertigO et merci de ton aide
voici le rapport de combofix :

ComboFix 07-12-21.4 - HP_Administrateur 2007-12-22 7:53:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.524 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrateur\Application Data\macromedia\Flash Player\#SharedObjects\X6P28CR3\iforex.com
C:\Documents and Settings\HP_Administrateur\Application Data\macromedia\Flash Player\#SharedObjects\X6P28CR3\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\HP_Administrateur\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\HP_Administrateur\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aeqlvebd.dll
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini2
C:\WINDOWS\system32\cxrapcfr.dll
C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddcyvtu.dll
C:\WINDOWS\system32\ergikpcg.dll
C:\WINDOWS\system32\hbilrkek.dll
C:\WINDOWS\system32\ilsnhkxt.dll
C:\WINDOWS\system32\qpupclhy.dll
C:\WINDOWS\system32\txkhnsli.ini
C:\WINDOWS\system32\uqkrnhbu.dll
C:\WINDOWS\system32\xlcyaswy.dll
C:\WINDOWS\system32\ytcashpb.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))))))))
.

2007-12-21 09:52 . 2007-12-21 09:52 <REP> d-------- C:\Program Files\Trend Micro
2007-12-21 09:24 . 2007-12-21 09:39 <REP> d-------- C:\Program Files\Panda Security
2007-12-21 08:25 . 2007-12-21 08:28 <REP> d-------- C:\Program Files\SpywareBlaster
2007-12-21 08:25 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-21 07:29 . 2007-12-21 07:29 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Grisoft
2007-12-21 07:29 . 2007-12-21 07:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-21 07:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-21 06:54 . 2007-12-21 11:08 <REP> d-------- C:\Chasse spy
2007-12-20 14:18 . 2007-12-20 14:18 <REP> d-------- C:\Program Files\Lavasoft
2007-12-20 13:35 . 2007-12-20 13:37 5,706 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-20 09:04 . 2007-12-21 06:47 2,482,671 ---hs---- C:\WINDOWS\system32\uxvvrtfc.ini
2007-12-19 07:23 . 2007-12-20 08:59 987,356 ---hs---- C:\WINDOWS\system32\snniefuf.ini
2007-12-18 08:26 . 2007-12-20 15:04 <REP> d-------- C:\Program Files\Opera
2007-12-18 07:22 . 2007-12-19 07:22 985,577 ---hs---- C:\WINDOWS\system32\rbetqbdx.ini
2007-12-17 07:32 . 2007-12-18 07:19 969,829 ---hs---- C:\WINDOWS\system32\lbjqlpkh.ini
2007-12-16 18:59 . 2007-12-16 18:59 <REP> d-------- C:\Program Files\Stormregion
2007-12-15 19:58 . 2007-12-16 12:28 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-15 19:48 . 2007-12-17 07:31 969,580 ---hs---- C:\WINDOWS\system32\aygaefho.ini
2007-12-15 10:30 . 2007-12-15 10:30 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-14 19:06 . 2007-12-15 19:43 971,730 ---hs---- C:\WINDOWS\system32\japdxvre.ini
2007-12-13 19:06 . 2007-12-14 17:27 937,962 ---hs---- C:\WINDOWS\system32\wfypxsvm.ini
2007-12-13 11:42 . 2007-12-13 11:42 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\ArcSoft
2007-12-12 21:18 . 2007-12-12 21:18 <REP> d-------- C:\Program Files\MSBuild
2007-12-12 21:16 . 2007-12-12 21:16 <REP> d-------- C:\Program Files\Microsoft.NET
2007-12-12 21:12 . 2007-12-12 21:12 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-12 21:10 . 2007-12-12 21:17 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-12-12 21:05 . 2007-12-12 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-04 18:36 . 2007-12-04 18:36 <REP> d-------- C:\Program Files\Microsoft Games
2007-12-04 16:03 . 2007-12-04 16:03 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-12-04 16:03 . 2007-12-04 16:03 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-11-30 10:34 . 2007-12-01 07:58 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-11-30 10:34 . 2007-12-01 07:58 35,060 --a------ C:\WINDOWS\scunin.dat
2007-11-30 10:34 . 2007-12-01 07:58 967 --a------ C:\WINDOWS\ScUnin.pif
2007-11-30 10:33 . 2007-12-01 07:59 <REP> d-------- C:\Program Files\Starcraft
2007-11-30 10:23 . 2007-12-01 08:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-29 09:37 . 2007-11-29 09:37 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Command & Conquer 3 Tiberium Wars
2007-11-27 17:58 . 1996-08-16 13:49 298,496 --a------ C:\WINDOWS\uninst.exe
2007-11-25 15:00 . 2007-11-25 15:01 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Canon
2007-11-25 14:49 . 2007-11-25 14:49 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2007-11-25 14:49 . 2007-11-25 14:49 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\ScanSoft
2007-11-25 14:49 . 2007-11-25 14:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-11-25 14:49 . 2007-11-25 14:49 416 --a------ C:\WINDOWS\MAXLINK.INI
2007-11-25 14:48 . 2007-11-25 14:48 <REP> d-------- C:\Program Files\ScanSoft
2007-11-25 14:46 . 2007-11-25 14:46 <REP> d-------- C:\Program Files\ArcSoft
2007-11-25 14:46 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-11-25 14:44 . 2007-11-25 14:44 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-11-25 14:44 . 2007-11-25 14:44 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-11-25 14:44 . 2006-07-20 07:51 1,298,432 --a------ C:\WINDOWS\system32\CNCC160.DLL
2007-11-25 14:44 . 2006-09-12 21:00 197,632 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2007-11-25 14:44 . 2006-05-26 02:54 135,168 --a------ C:\WINDOWS\system32\CNCL160.DLL
2007-11-25 14:44 . 2006-06-29 06:29 106,496 --a------ C:\WINDOWS\system32\cnco160.dll
2007-11-25 14:44 . 2006-07-20 07:51 57,344 --a------ C:\WINDOWS\system32\CNCI160.DLL
2007-11-25 14:43 . 2007-11-25 14:43 <REP> d--h----- C:\Program Files\CanonBJ
2007-11-22 08:59 . 2007-11-22 08:59 528 --a------ C:\WINDOWS\eReg.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-19 18:43 21,140 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2007-12-12 20:18 --------- d-----w C:\Program Files\Microsoft Works
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-25 13:53 --------- d-----w C:\Program Files\Canon
2007-11-25 13:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 08:02 --------- d-----w C:\Program Files\IZArc
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 21:48 --------- d-----w C:\Program Files\RSSoft
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37AC6867-229C-40BA-BE57-8CB6C7A69D92}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEBF6926-DBA6-4100-A838-1CED0169AB78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]
2007-07-31 15:33 1391640 --a------ C:\Program Files\free-downloads\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{D3E23B4B-F153-4687-82C2-816319DD3C5A}
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D3E23B4B-F153-4687-82C2-816319DD3C5A}"= C:\Program Files\free-downloads\tbfree.dll [2007-07-31 15:33 1391640]

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 15:12]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 11:22]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 00:56 C:\WINDOWS\RTHDCPL.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 01:59]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-21 01:06 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-19 05:19]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Red Swoosh"="C:\Program Files\RSSoft\RedSwoosh.exe" [2007-02-22 03:13]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-09 22:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 22:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 22:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-09 22:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-09 22:00]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45]
"ScanSoft OmniPage SE 4.0-reminder"="C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 15:38]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"d8642aa3"="C:\WINDOWS\system32\cftrvvxu.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04aac5b1-ae01-11db-ae71-0018f387d82a}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-01-26 17:01:25 C:\WINDOWS\Tasks\Warranty Reminder 11 month.job"
- c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 08:00:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-22 8:02:36 - machine was rebooted
.
2007-12-12 08:53:58 --- E O F ---

Deidara · Membre Inscrit le: 21 Déc 2007 Messages: 12

Je joint un nouveau rapport Hjackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:08:56, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [d8642aa3] rundll32.exe "C:\WINDOWS\system32\cftrvvxu.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephrugby83.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://stephrugby83.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

--
End of file - 12562 bytes

VertigO · Modérateur Inscrit le: 18 Sep 2007 Messages: 294

Salut,

Il serait temps de faire attention à ce que tu fais sur internet !

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Deidara · Membre Inscrit le: 21 Déc 2007 Messages: 12

resalut vertigO :

voici d'abord le rappord de combofix :

ComboFix 07-12-21.4 - HP_Administrateur 2007-12-22 16:38:47.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.554 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\aygaefho.ini
C:\WINDOWS\system32\japdxvre.ini
C:\WINDOWS\system32\lbjqlpkh.ini
C:\WINDOWS\system32\rbetqbdx.ini
C:\WINDOWS\system32\snniefuf.ini
C:\WINDOWS\system32\uxvvrtfc.ini
C:\WINDOWS\system32\wfypxsvm.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aygaefho.ini
C:\WINDOWS\system32\japdxvre.ini
C:\WINDOWS\system32\lbjqlpkh.ini
C:\WINDOWS\system32\rbetqbdx.ini
C:\WINDOWS\system32\snniefuf.ini
C:\WINDOWS\system32\uxvvrtfc.ini
C:\WINDOWS\system32\wfypxsvm.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))))))))
.

2007-12-22 11:45 . 2007-12-22 12:10 717,824 --a------ C:\Pr%c3%a9sentation4.pps
2007-12-21 09:52 . 2007-12-21 09:52 <REP> d-------- C:\Program Files\Trend Micro
2007-12-21 09:24 . 2007-12-21 09:39 <REP> d-------- C:\Program Files\Panda Security
2007-12-21 08:25 . 2007-12-21 08:28 <REP> d-------- C:\Program Files\SpywareBlaster
2007-12-21 08:25 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-21 07:29 . 2007-12-21 07:29 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Grisoft
2007-12-21 07:29 . 2007-12-21 07:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-21 07:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-21 06:54 . 2007-12-22 08:44 <REP> d-------- C:\Chasse spy
2007-12-20 14:18 . 2007-12-20 14:18 <REP> d-------- C:\Program Files\Lavasoft
2007-12-20 13:35 . 2007-12-20 13:37 5,706 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-18 08:26 . 2007-12-20 15:04 <REP> d-------- C:\Program Files\Opera
2007-12-16 18:59 . 2007-12-16 18:59 <REP> d-------- C:\Program Files\Stormregion
2007-12-15 19:58 . 2007-12-16 12:28 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-15 10:30 . 2007-12-15 10:30 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-13 11:42 . 2007-12-13 11:42 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\ArcSoft
2007-12-12 21:18 . 2007-12-12 21:18 <REP> d-------- C:\Program Files\MSBuild
2007-12-12 21:16 . 2007-12-12 21:16 <REP> d-------- C:\Program Files\Microsoft.NET
2007-12-12 21:12 . 2007-12-12 21:12 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-12 21:10 . 2007-12-12 21:17 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-12-12 21:05 . 2007-12-12 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-04 18:36 . 2007-12-04 18:36 <REP> d-------- C:\Program Files\Microsoft Games
2007-12-04 16:03 . 2007-12-04 16:03 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-12-04 16:03 . 2007-12-04 16:03 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-11-30 10:34 . 2007-12-01 07:58 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-11-30 10:34 . 2007-12-01 07:58 35,060 --a------ C:\WINDOWS\scunin.dat
2007-11-30 10:34 . 2007-12-01 07:58 967 --a------ C:\WINDOWS\ScUnin.pif
2007-11-30 10:33 . 2007-12-01 07:59 <REP> d-------- C:\Program Files\Starcraft
2007-11-30 10:23 . 2007-12-01 08:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-29 09:37 . 2007-11-29 09:37 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Command & Conquer 3 Tiberium Wars
2007-11-27 17:58 . 1996-08-16 13:49 298,496 --a------ C:\WINDOWS\uninst.exe
2007-11-25 15:00 . 2007-11-25 15:01 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Canon
2007-11-25 14:49 . 2007-11-25 14:49 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2007-11-25 14:49 . 2007-11-25 14:49 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\ScanSoft
2007-11-25 14:49 . 2007-11-25 14:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-11-25 14:49 . 2007-11-25 14:49 416 --a------ C:\WINDOWS\MAXLINK.INI
2007-11-25 14:48 . 2007-11-25 14:48 <REP> d-------- C:\Program Files\ScanSoft
2007-11-25 14:46 . 2007-11-25 14:46 <REP> d-------- C:\Program Files\ArcSoft
2007-11-25 14:46 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-11-25 14:44 . 2007-11-25 14:44 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-11-25 14:44 . 2007-11-25 14:44 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-11-25 14:44 . 2006-07-20 07:51 1,298,432 --a------ C:\WINDOWS\system32\CNCC160.DLL
2007-11-25 14:44 . 2006-09-12 21:00 197,632 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2007-11-25 14:44 . 2006-05-26 02:54 135,168 --a------ C:\WINDOWS\system32\CNCL160.DLL
2007-11-25 14:44 . 2006-06-29 06:29 106,496 --a------ C:\WINDOWS\system32\cnco160.dll
2007-11-25 14:44 . 2006-07-20 07:51 57,344 --a------ C:\WINDOWS\system32\CNCI160.DLL
2007-11-25 14:43 . 2007-11-25 14:43 <REP> d--h----- C:\Program Files\CanonBJ
2007-11-22 08:59 . 2007-11-22 08:59 528 --a------ C:\WINDOWS\eReg.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-19 18:43 21,140 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2007-12-12 20:18 --------- d-----w C:\Program Files\Microsoft Works
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-25 13:53 --------- d-----w C:\Program Files\Canon
2007-11-25 13:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 08:02 --------- d-----w C:\Program Files\IZArc
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 21:48 --------- d-----w C:\Program Files\RSSoft
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-22_ 8.02.11.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-22 15:00:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_644.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]
2007-07-31 15:33 1391640 --a------ C:\Program Files\free-downloads\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{D3E23B4B-F153-4687-82C2-816319DD3C5A}
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D3E23B4B-F153-4687-82C2-816319DD3C5A}"= C:\Program Files\free-downloads\tbfree.dll [2007-07-31 15:33 1391640]

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 15:12]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 11:22]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 00:56 C:\WINDOWS\RTHDCPL.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 01:59]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-21 01:06 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-19 05:19]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Red Swoosh"="C:\Program Files\RSSoft\RedSwoosh.exe" [2007-02-22 03:13]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-09 22:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 22:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 22:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-09 22:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-09 22:00]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45]
"ScanSoft OmniPage SE 4.0-reminder"="C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 15:38]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"d8642aa3"="C:\WINDOWS\system32\cftrvvxu.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04aac5b1-ae01-11db-ae71-0018f387d82a}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-01-26 17:01:25 C:\WINDOWS\Tasks\Warranty Reminder 11 month.job"
- c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 16:40:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-22 16:41:21
.
2007-12-12 08:53:58 --- E O F ---

Deidara · Membre Inscrit le: 21 Déc 2007 Messages: 12

Sinon mes problèmes semble bien avoir disparus.
J'ai refait un scan Panda dont voici le résultat :

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-12-22 17:19:00
PROTECTIONS: 2
MALWARE: 1
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Internet Security 2006 2006 Yes Yes
avast! antivirus 4.7.1098 [VPS 071221-0] 4.7.1098 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@xiti[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@xiti[1].txt
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Comme tu peut le voir Virtumonde n'apparait plus (juste un probleme mineur de cookie), mon PC a donc l'air clean grâce à toi (à part Norton desinstallé depuis longtemps mais qui continu d'apparaitre comme présent et actif ; pire qu'un spyware Content

).

Sinon pour ça :

VertigO · Modérateur Inscrit le: 18 Sep 2007 Messages: 294

A nouveau salut,

Il reste tout de même des infections sur ton ordinateur. Je te donnerai des conseils pour la protection de ton PC à la fin de la désinfection.

HiJackThis

- Relance HiJackThis avec l'option "Do a system Scan Only".
- Coches ces lignes:

Deidara · Membre Inscrit le: 21 Déc 2007 Messages: 12

Reresalut voila le rapport de Clean :

22/12/2007 a 18:30:00.70

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche des fichiers dans C:\Program Files

VertigO · Modérateur Inscrit le: 18 Sep 2007 Messages: 294

Le rapport est pas tout à fait complet. Y a-t-il quelque chose après ceci:

Deidara · Membre Inscrit le: 21 Déc 2007 Messages: 12

Le rapport de Clean était bien complet
voici le rapport Hjackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:24, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A2