malware redirection google (RESOLU)

Bonjour à tous,

J'ai un souci depuis peu, quand je fais une recherche avec Google et que je clique sur un lien, je suis redirigé le plus souvent vers des sites douteux...
Sur le rapport de fixewareout, je vois bien qu'il y a qqchose qui cloche (notamment ,yp66odyiz"="C:\\WINDOWS\\system32\\yp66odyiz.exe" ) mais je ne sais absolument pas comment procéder ensuite...
Pouvez-vous m'aider ?

Merci beaucoup

Fred.

ps: je joins le rapport.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"ShowLOMControl"=dword:00000001
"NexusServer"="\"C:\\Program Files\\Fichiers communs\\Canopus Shared\\ProCoder 2\\Kernel\\PNXSERVR.exe\" -SelfLaunch"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"WD Button Manager"="WDBtnMgr.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"yp66odyiz"="C:\\WINDOWS\\system32\\yp66odyiz.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\" /d=60"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"µTorrent"="\"C:\\Program Files\\uTorrent\\utorrent.exe\""
"yp66odyiz"="C:\\WINDOWS\\system32\\yp66odyiz.exe"
"eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Message édité par lunef le 14-01-2008 à 19:03:35

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Merci beaucoup Angeldark.

Voici donc le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:50:02, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\p2csvc.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Fichiers communs\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.219\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {38FB1156-70AC-4258-AF4B-FFC0B450B81C} - c:\windows\system32\cmutilk.dll
O2 - BHO: (no name) - {E8E8C2FE-D1AD-4E0D-B494-62B2EBD206ED} - C:\WINDOWS\system32\dpnlobbyr.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Fichiers communs\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [yp66odyiz] C:\WINDOWS\system32\yp66odyiz.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [yp66odyiz] C:\WINDOWS\system32\yp66odyiz.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: e-Backup 1.42 Scheduler.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: P2 Card Manager.lnk = C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O20 - Winlogon Notify: fieaqpbw - C:\WINDOWS\SYSTEM32\cmutilk.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: p2csvc - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\p2csvc.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10216 bytes

Répondre à lunef

Re,

Télécharge DelDomains.inf (de Mike Burgess) sur ton Bureau.
**Si tu utilises FireFox : fais un clic droit sur le lien et choisis "Enregistrer la cible du lien sous..."**

Fais un clique droit sur le fichier, puis choisis "Installer" du menu contextuel.
Le script s'installe rapidement et aucune confirmation ne sera affichée à l'écran, ceci est normal.

&

Désactive tes protections résidentes (antivirus, Spybot...) !

Télécharge Combofix (sUBs) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Ok voici le scan.
Petit souci après le reboot, on m'a demandé un mot de passe pour ouvrir la session... j'en ai jamais eu. Obligé de redémarrer, plus de pb ensuite.

Merci encore!

ComboFix 08-01-09.2 - Admin 2008-01-13 20:24:23.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1486 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\media
C:\WINDOWS\system32\media\AvidRender.wav
C:\WINDOWS\system32\cmutilk.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SEDWDXVX
-------\sedwdxvx

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))))))))
.

2008-01-13 20:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 11:01 . 2008-01-13 15:15 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-12 00:54 . 2008-01-12 00:54 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Grisoft
2008-01-12 00:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-12 00:09 . 2008-01-12 00:09 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-01-12 00:04 . 2008-01-12 00:04 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-12 00:04 . 2008-01-12 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 00:04 . 2008-01-12 00:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVG7
2008-01-12 00:04 . 2008-01-12 00:14 <REP> d-------- C:\Documents and Settings\Admin\Application Data\AVG7
2008-01-11 20:20 . 2007-11-16 11:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-11 20:20 . 2007-11-16 11:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-11 20:20 . 2007-11-16 10:53 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-11 20:20 . 2007-11-16 11:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-11 20:20 . 2007-11-16 11:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-11 20:20 . 2007-11-16 10:57 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-01-11 20:20 . 2008-01-12 00:04 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-11 19:28 . 2008-01-11 19:28 <REP> d-------- C:\Program Files\Lavasoft
2008-01-11 19:28 . 2008-01-11 19:28 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-11 19:28 . 2008-01-11 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-11 18:54 . 2008-01-11 18:54 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2008-01-11 18:54 . 2008-01-11 18:54 741,632 --a------ C:\WINDOWS\system32\idmkahmt.dat
2008-01-11 18:54 . 2008-01-11 18:54 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2008-01-11 18:54 . 2008-01-11 18:54 120,576 --a------ C:\WINDOWS\system32\eorrkkxy.dat
2008-01-11 18:54 . 2008-01-11 18:54 42,240 --a------ C:\WINDOWS\system32\wfzcvxhd.dat
2008-01-11 18:54 . 2008-01-12 18:58 36,608 --a------ C:\WINDOWS\system32\mhcmqlby.dat
2008-01-11 18:54 . 2008-01-11 18:54 35,072 --a------ C:\WINDOWS\system32\jvgjgzbr.dat
2008-01-11 17:54 . 2008-01-11 18:50 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft
2008-01-11 16:12 . 19,584 C:\WINDOWS\system32\drivers\vlqasnuj.dat
2008-01-11 16:05 . 2008-01-13 20:26 83,968 --a------ C:\WINDOWS\system32\cmutilk.dll
2008-01-11 16:04 . 2004-08-19 17:08 83,968 --a------ C:\WINDOWS\system32\dpnlobbyr.dll
2008-01-10 00:00 . 2008-01-10 00:16 64,309 --a------ C:\PokerStars.log.0
2008-01-08 11:06 . 2008-01-08 11:06 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Canon
2008-01-08 11:05 . 2005-07-26 13:44 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-08 10:53 . 2008-01-08 10:53 <REP> d-------- C:\Program Files\Canon
2008-01-08 10:53 . 2008-01-08 10:53 <REP> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-01-08 10:53 . 2002-05-14 11:57 305,664 --a------ C:\WINDOWS\IsUninst.exe
2008-01-08 10:52 . 2002-04-12 20:23 339,968 --a------ C:\WINDOWS\system32\N124UFW.dll
2008-01-08 10:52 . 2001-04-11 02:10 327,740 --a------ C:\WINDOWS\system32\UCS32P.DLL
2008-01-08 10:52 . 2002-04-26 18:37 32,768 --a------ C:\WINDOWS\system32\CNQU70.DLL
2008-01-04 10:59 . 2005-07-26 13:44 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-04 10:59 . 2005-07-26 13:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-04 10:59 . 2005-07-26 13:43 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-04 10:59 . 2005-07-26 13:43 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-03 13:37 . 2008-01-03 15:16 295 --a------ C:\WINDOWS\MindMan.INI
2008-01-03 09:17 . 2005-07-26 13:43 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-01-03 09:17 . 2005-07-26 13:43 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2008-01-03 09:17 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2008-01-03 09:17 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2008-01-03 09:17 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2008-01-03 09:17 . 2005-07-26 13:43 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-12-25 23:10 . 2007-12-25 23:10 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-12-25 23:09 . 2007-12-25 23:09 <REP> d-------- C:\Program Files\Real
2007-12-25 23:09 . 2007-12-25 23:10 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-21 00:37 . 2008-01-13 12:02 <REP> d-------- C:\Program Files\eMule
2007-12-17 13:03 . 2001-11-30 16:49 1,335,648 --a------ C:\WINDOWS\system32\Sbe6_32.dll
2007-12-17 13:03 . 2001-06-20 19:21 1,056,768 --a------ C:\WINDOWS\system32\RoboEx32.dll
2007-12-17 13:03 . 2001-11-30 16:49 558,656 --a------ C:\WINDOWS\system32\Sb6ent.ocx
2007-12-17 13:03 . 2001-11-30 16:49 329,423 --a------ C:\WINDOWS\system32\Sbe6_000.hlp
2007-12-17 13:03 . 2001-11-30 16:49 102,400 --a------ C:\WINDOWS\system32\Sbe6@fra.dll
2007-12-17 13:03 . 2001-06-20 19:21 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2007-12-17 13:03 . 2001-11-30 16:49 6,537 --a------ C:\WINDOWS\system32\Sbe6_000.cnt
2007-12-17 08:35 . 2007-12-17 08:35 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer
2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 19:26 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent
2008-01-13 02:12 --------- d-----w C:\Program Files\PokerStars
2008-01-09 14:33 --------- d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM
2007-12-30 21:12 --------- d-----w C:\Documents and Settings\Admin\Application Data\TribalWeb
2007-12-11 08:20 --------- d-----w C:\Program Files\hp deskjet 845c series
2007-12-11 08:18 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-09 13:12 --------- d-----w C:\Program Files\FileZilla
2007-12-06 22:14 --------- d-----w C:\Program Files\QuickTime
2007-12-06 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-06 14:23 --------- d-----w C:\Program Files\PowerPoint Viewer
2007-12-05 18:37 --------- d-----w C:\Program Files\Panasonic P2
2007-12-04 17:53 28,912 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2007-11-30 19:57 --------- d-----w C:\Program Files\TribalWeb.net
2007-11-29 18:07 --------- d-----w C:\Program Files\Winamp
2007-11-29 17:47 --------- d-----w C:\Program Files\uTorrent
2007-11-26 09:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 09:03 --------- d-----w C:\Program Files\Avid
2007-11-26 09:02 --------- d-----w C:\Program Files\SafeNet Sentinel
2007-11-26 09:01 --------- d-----w C:\Program Files\Fichiers communs\Avid
2007-11-26 08:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-26 08:40 --------- d-----w C:\Program Files\RegCleaner
2007-11-26 08:39 --------- d-----w C:\Program Files\QuickTime(2)
2007-11-26 08:39 --------- d-----w C:\Program Files\Avid(3)
2007-11-26 08:39 --------- d-----w C:\Program Files\Apple Software Update
2007-11-26 08:36 --------- d-----w C:\Program Files\Avid(2)
2007-11-19 07:03 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
2007-11-19 07:01 --------- d-----w C:\Program Files\Fichiers communs\SafeNet Sentinel
2007-11-19 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-19 06:38 --------- d-----w C:\Program Files\Mindjet
2007-11-17 21:36 --------- d-----w C:\Documents and Settings\Admin\Application Data\vlc
2007-11-17 21:34 --------- d-----w C:\Program Files\VideoLAN
2007-11-16 11:47 --------- d-----w C:\Program Files\Western Digital Technologies
2007-11-16 11:47 --------- d-----w C:\Program Files\My Book
2007-11-16 11:46 339,968 ----a-w C:\WINDOWS\system32\WDBtnMgr.exe
2007-11-16 11:22 --------- d-----w C:\Documents and Settings\Admin\Application Data\Canopus
2007-11-16 11:19 --------- d-----w C:\Program Files\VERITAS Software
2007-11-16 11:19 --------- d-----w C:\Documents and Settings\Admin\Application Data\VERITAS
2007-11-16 11:16 --------- d-----w C:\Program Files\Windows Media Components
2007-11-16 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-16 11:14 --------- d-----w C:\Program Files\Ulead Systems
2007-11-16 11:14 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2007-11-16 11:14 --------- d-----w C:\Program Files\Fichiers communs\SONY Digital Images
2007-11-16 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-16 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Canopus
2007-11-16 11:05 --------- d-----w C:\Program Files\DivX
2007-11-16 11:04 --------- d-----w C:\Program Files\Fichiers communs\Canopus Shared
2007-11-16 11:04 --------- d-----w C:\Program Files\Canopus
2007-11-16 11:01 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-16 10:59 --------- d-----w C:\Program Files\nfoViewer
2007-11-16 10:50 --------- d-----w C:\Program Files\Kerio
2007-11-16 10:49 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-16 10:49 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-11-16 10:46 --------- d-----w C:\Program Files\Inachis
2007-11-16 10:20 --------- d-----w C:\Program Files\Dell
2007-11-16 10:16 --------- d-----w C:\Program Files\Intel
2007-11-16 10:14 --------- d-----w C:\Documents and Settings\Admin\Application Data\Logitech
2007-11-16 10:13 --------- d-----w C:\Program Files\SetPoint
2007-11-16 10:13 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-11-16 10:11 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-16 10:11 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2007-11-16 10:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2007-11-16 10:11 --------- d-----w C:\Documents and Settings\Admin\Application Data\Intel
2007-11-16 10:10 --------- d-----w C:\Program Files\Broadcom
2007-11-16 10:08 --------- d-----w C:\Program Files\Synaptics
2007-11-16 10:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-16 10:05 --------- d-----w C:\Program Files\CONEXANT
2007-11-16 10:03 --------- d-----w C:\Program Files\SigmaTel
2007-11-16 09:57 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-16 09:56 --------- d-----w C:\Program Files\Services en ligne
2007-11-16 09:55 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38FB1156-70AC-4258-AF4B-FFC0B450B81C}]
2008-01-13 20:26 83968 --a------ c:\windows\system32\cmutilk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8E8C2FE-D1AD-4E0D-B494-62B2EBD206ED}]
2004-08-19 17:08 83968 --a------ C:\WINDOWS\system32\dpnlobbyr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-02-15 21:17 177152]
"yp66odyiz"="C:\WINDOWS\system32\yp66odyiz.exe" [ ]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-14 11:40 5304320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 12:17 282624 C:\WINDOWS\stsystra.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 20:38 7118848]
"nwiz"="nwiz.exe" [2005-12-14 20:38 1519616 C:\WINDOWS\system32\nwiz.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-06 10:45 839680]
"ShowLOMControl"="1 (0x1)" []
"NexusServer"="C:\Program Files\Fichiers communs\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" [2004-04-28 01:41 188416]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 00:01 155648]
"WD Button Manager"="WDBtnMgr.exe" [2007-11-16 12:46 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50 33792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 17:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 13:28 196608]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-25 23:10 185896]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 16:38 28160 C:\WINDOWS\KHALMNPR.Exe]
"yp66odyiz"="C:\WINDOWS\system32\yp66odyiz.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-12 10:34 579072]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-01-12 10:34 406528]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-12 11:07 1816208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-12 10:34 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 12:24 341]
"nlsf"="cmd.exe" [2004-08-19 17:09 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 16:52 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

R0 wghwufgi;wghwufgi;C:\WINDOWS\system32\drivers\vlqasnuj.dat []
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 12:28]
R2 p2csvc;p2csvc;C:\WINDOWS\system32\p2csvc.exe [2007-03-08 14:05]
S3 p2usb;Panasonic P2 Series USB Device;C:\WINDOWS\system32\DRIVERS\p2usb.sys [2007-05-15 17:20]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-09 10:46:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 20:37:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 20:40:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 19:40:29

Répondre à lunef

Re,

Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

Driver::
wghwufgi

Rootkit::
c:\windows\system32\cmutilk.dll
C:\WINDOWS\system32\dpnlobbyr.dll

File::
C:\WINDOWS\system32\idmkahmt.dat
C:\WINDOWS\system32\eorrkkxy.dat
C:\WINDOWS\system32\wfzcvxhd.dat
C:\WINDOWS\system32\mhcmqlby.dat
C:\WINDOWS\system32\jvgjgzbr.dat
C:\WINDOWS\system32\drivers\vlqasnuj.dat
C:\WINDOWS\system32\yp66odyiz.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38FB1156-70AC-4258-AF4B-FFC0B450B81C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8E8C2FE-D1AD-4E0D-B494-62B2EBD206ED}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yp66odyiz"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yp66odyiz"=-

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Ok, voici le rapport combofix:

ComboFix 08-01-09.2 - Admin 2008-01-14 6:59:53.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1546 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Bureau\CFScript.txt..txt
* Created a new restore point

FILE
C:\WINDOWS\system32\drivers\vlqasnuj.dat
C:\WINDOWS\system32\eorrkkxy.dat
C:\WINDOWS\system32\idmkahmt.dat
C:\WINDOWS\system32\jvgjgzbr.dat
C:\WINDOWS\system32\mhcmqlby.dat
C:\WINDOWS\system32\wfzcvxhd.dat
C:\WINDOWS\system32\yp66odyiz.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cmutilk.dll
C:\WINDOWS\system32\dpnlobbyr.dll
C:\WINDOWS\system32\drivers\vlqasnuj.dat
C:\WINDOWS\system32\eorrkkxy.dat
C:\WINDOWS\system32\idmkahmt.dat
C:\WINDOWS\system32\jvgjgzbr.dat
C:\WINDOWS\system32\mhcmqlby.dat
C:\WINDOWS\system32\wfzcvxhd.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SEDWDXVX
-------\LEGACY_WGHWUFGI
-------\sedwdxvx
-------\wghwufgi

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))))))))
.

2008-01-13 20:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 11:01 . 2008-01-13 15:15 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-12 00:54 . 2008-01-12 00:54 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Grisoft
2008-01-12 00:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-12 00:09 . 2008-01-12 00:09 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-01-12 00:04 . 2008-01-12 00:04 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-12 00:04 . 2008-01-12 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 00:04 . 2008-01-12 00:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVG7
2008-01-12 00:04 . 2008-01-12 00:14 <REP> d-------- C:\Documents and Settings\Admin\Application Data\AVG7
2008-01-11 20:20 . 2007-11-16 11:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-11 20:20 . 2007-11-16 11:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-11 20:20 . 2007-11-16 10:53 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-11 20:20 . 2007-11-16 11:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-11 20:20 . 2007-11-16 11:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-11 20:20 . 2007-11-16 10:57 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-01-11 20:20 . 2008-01-12 00:04 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-11 19:28 . 2008-01-11 19:28 <REP> d-------- C:\Program Files\Lavasoft
2008-01-11 19:28 . 2008-01-11 19:28 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-11 19:28 . 2008-01-11 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-11 18:54 . 2008-01-11 18:54 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2008-01-11 18:54 . 2008-01-11 18:54 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2008-01-11 17:54 . 2008-01-11 18:50 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft
2008-01-10 00:00 . 2008-01-10 00:16 64,309 --a------ C:\PokerStars.log.0
2008-01-08 11:06 . 2008-01-08 11:06 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Canon
2008-01-08 11:05 . 2005-07-26 13:44 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-08 10:53 . 2008-01-08 10:53 <REP> d-------- C:\Program Files\Canon
2008-01-08 10:53 . 2008-01-08 10:53 <REP> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-01-08 10:53 . 2002-05-14 11:57 305,664 --a------ C:\WINDOWS\IsUninst.exe
2008-01-08 10:52 . 2002-04-12 20:23 339,968 --a------ C:\WINDOWS\system32\N124UFW.dll
2008-01-08 10:52 . 2001-04-11 02:10 327,740 --a------ C:\WINDOWS\system32\UCS32P.DLL
2008-01-08 10:52 . 2002-04-26 18:37 32,768 --a------ C:\WINDOWS\system32\CNQU70.DLL
2008-01-04 10:59 . 2005-07-26 13:44 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-04 10:59 . 2005-07-26 13:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-04 10:59 . 2005-07-26 13:43 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-04 10:59 . 2005-07-26 13:43 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-03 13:37 . 2008-01-03 15:16 295 --a------ C:\WINDOWS\MindMan.INI
2008-01-03 09:17 . 2005-07-26 13:43 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-01-03 09:17 . 2005-07-26 13:43 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2008-01-03 09:17 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2008-01-03 09:17 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2008-01-03 09:17 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2008-01-03 09:17 . 2005-07-26 13:43 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-12-25 23:10 . 2007-12-25 23:10 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-12-25 23:09 . 2007-12-25 23:09 <REP> d-------- C:\Program Files\Real
2007-12-25 23:09 . 2007-12-25 23:10 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-21 00:37 . 2008-01-14 06:51 <REP> d-------- C:\Program Files\eMule
2007-12-17 13:03 . 2001-11-30 16:49 1,335,648 --a------ C:\WINDOWS\system32\Sbe6_32.dll
2007-12-17 13:03 . 2001-06-20 19:21 1,056,768 --a------ C:\WINDOWS\system32\RoboEx32.dll
2007-12-17 13:03 . 2001-11-30 16:49 558,656 --a------ C:\WINDOWS\system32\Sb6ent.ocx
2007-12-17 13:03 . 2001-11-30 16:49 329,423 --a------ C:\WINDOWS\system32\Sbe6_000.hlp
2007-12-17 13:03 . 2001-11-30 16:49 102,400 --a------ C:\WINDOWS\system32\Sbe6@fra.dll
2007-12-17 13:03 . 2001-06-20 19:21 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2007-12-17 13:03 . 2001-11-30 16:49 6,537 --a------ C:\WINDOWS\system32\Sbe6_000.cnt
2007-12-17 08:35 . 2007-12-17 08:35 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer
2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 06:01 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent
2008-01-13 23:00 --------- d-----w C:\Program Files\PokerStars
2008-01-09 14:33 --------- d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM
2007-12-30 21:12 --------- d-----w C:\Documents and Settings\Admin\Application Data\TribalWeb
2007-12-11 08:20 --------- d-----w C:\Program Files\hp deskjet 845c series
2007-12-11 08:18 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-09 13:12 --------- d-----w C:\Program Files\FileZilla
2007-12-06 22:14 --------- d-----w C:\Program Files\QuickTime
2007-12-06 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-06 14:23 --------- d-----w C:\Program Files\PowerPoint Viewer
2007-12-05 18:37 --------- d-----w C:\Program Files\Panasonic P2
2007-12-04 17:53 28,912 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2007-11-30 19:57 --------- d-----w C:\Program Files\TribalWeb.net
2007-11-29 18:07 --------- d-----w C:\Program Files\Winamp
2007-11-29 17:47 --------- d-----w C:\Program Files\uTorrent
2007-11-26 09:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 09:03 --------- d-----w C:\Program Files\Avid
2007-11-26 09:02 --------- d-----w C:\Program Files\SafeNet Sentinel
2007-11-26 09:01 --------- d-----w C:\Program Files\Fichiers communs\Avid
2007-11-26 08:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-26 08:40 --------- d-----w C:\Program Files\RegCleaner
2007-11-26 08:39 --------- d-----w C:\Program Files\QuickTime(2)
2007-11-26 08:39 --------- d-----w C:\Program Files\Avid(3)
2007-11-26 08:39 --------- d-----w C:\Program Files\Apple Software Update
2007-11-26 08:36 --------- d-----w C:\Program Files\Avid(2)
2007-11-19 07:03 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
2007-11-19 07:01 --------- d-----w C:\Program Files\Fichiers communs\SafeNet Sentinel
2007-11-19 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-19 06:38 --------- d-----w C:\Program Files\Mindjet
2007-11-17 21:36 --------- d-----w C:\Documents and Settings\Admin\Application Data\vlc
2007-11-17 21:34 --------- d-----w C:\Program Files\VideoLAN
2007-11-16 11:47 --------- d-----w C:\Program Files\Western Digital Technologies
2007-11-16 11:47 --------- d-----w C:\Program Files\My Book
2007-11-16 11:46 339,968 ----a-w C:\WINDOWS\system32\WDBtnMgr.exe
2007-11-16 11:22 --------- d-----w C:\Documents and Settings\Admin\Application Data\Canopus
2007-11-16 11:19 --------- d-----w C:\Program Files\VERITAS Software
2007-11-16 11:19 --------- d-----w C:\Documents and Settings\Admin\Application Data\VERITAS
2007-11-16 11:16 --------- d-----w C:\Program Files\Windows Media Components
2007-11-16 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-16 11:14 --------- d-----w C:\Program Files\Ulead Systems
2007-11-16 11:14 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2007-11-16 11:14 --------- d-----w C:\Program Files\Fichiers communs\SONY Digital Images
2007-11-16 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-16 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Canopus
2007-11-16 11:05 --------- d-----w C:\Program Files\DivX
2007-11-16 11:04 --------- d-----w C:\Program Files\Fichiers communs\Canopus Shared
2007-11-16 11:04 --------- d-----w C:\Program Files\Canopus
2007-11-16 11:01 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-16 10:59 --------- d-----w C:\Program Files\nfoViewer
2007-11-16 10:50 --------- d-----w C:\Program Files\Kerio
2007-11-16 10:49 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-16 10:49 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-11-16 10:46 --------- d-----w C:\Program Files\Inachis
2007-11-16 10:20 --------- d-----w C:\Program Files\Dell
2007-11-16 10:16 --------- d-----w C:\Program Files\Intel
2007-11-16 10:14 --------- d-----w C:\Documents and Settings\Admin\Application Data\Logitech
2007-11-16 10:13 --------- d-----w C:\Program Files\SetPoint
2007-11-16 10:13 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-11-16 10:11 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-16 10:11 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2007-11-16 10:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2007-11-16 10:11 --------- d-----w C:\Documents and Settings\Admin\Application Data\Intel
2007-11-16 10:10 --------- d-----w C:\Program Files\Broadcom
2007-11-16 10:08 --------- d-----w C:\Program Files\Synaptics
2007-11-16 10:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-16 10:05 --------- d-----w C:\Program Files\CONEXANT
2007-11-16 10:03 --------- d-----w C:\Program Files\SigmaTel
2007-11-16 09:57 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-16 09:56 --------- d-----w C:\Program Files\Services en ligne
2007-11-16 09:55 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
.

((((((((((((((((((((((((((((( snapshot@2008-01-13_20.40.01.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 19:24:07 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 05:59:36 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 19:24:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 05:59:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 19:24:08 3,342,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-14 05:59:36 3,354,624 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-13 19:24:08 65,536 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 05:59:37 65,536 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 19:24:08 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 05:59:37 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 19:24:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 05:59:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-02-15 21:17 177152]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-14 11:40 5304320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 12:17 282624 C:\WINDOWS\stsystra.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 20:38 7118848]
"nwiz"="nwiz.exe" [2005-12-14 20:38 1519616 C:\WINDOWS\system32\nwiz.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-06 10:45 839680]
"ShowLOMControl"="1 (0x1)" []
"NexusServer"="C:\Program Files\Fichiers communs\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" [2004-04-28 01:41 188416]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 00:01 155648]
"WD Button Manager"="WDBtnMgr.exe" [2007-11-16 12:46 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50 33792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 17:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 13:28 196608]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-25 23:10 185896]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 16:38 28160 C:\WINDOWS\KHALMNPR.Exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-12 10:34 579072]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-01-12 10:34 406528]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-12 11:07 1816208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-12 10:34 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 12:24 341]
"nlsf"="cmd.exe" [2004-08-19 17:09 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 16:52 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 12:28]
R2 p2csvc;p2csvc;C:\WINDOWS\system32\p2csvc.exe [2007-03-08 14:05]
S3 p2usb;Panasonic P2 Series USB Device;C:\WINDOWS\system32\DRIVERS\p2usb.sys [2007-05-15 17:20]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-09 10:46:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 07:03:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 7:06:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 06:06:21
ComboFix2.txt 2008-01-13 19:40:34

Voilà maintenant le rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:11:05, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\p2csvc.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Fichiers communs\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Fichiers communs\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: e-Backup 1.42 Scheduler.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: P2 Card Manager.lnk = C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: p2csvc - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\p2csvc.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8556 bytes

Merci à toi.

Répondre à lunef

C'est mieux ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

plus de probleme apparent, super !
Plus rien de suspect ?
Un grand grand merci à toi en tout cas !!!

Répondre à lunef

C'est ok je pense

Désactive puis réactive la restauration du système : Voir aide

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

malware redirection google (RESOLU)

Forum Sécurité - Virus : malware redirection google (RESOLU)

Attention