programme malvaillant (résolu)
Forum Sécurité - Virus : programme malvaillant (résolu)
Bonjour,
En visitant un site, un programme malvaillant s'est installé sur mon ordinateur. En ayant winPatrol d'installer sur mon ordinateur, à titre d'exemple on me demande l'autorisation d'un nouveau BHO au nom de byXRLLIAq.dll ainsi que deux autres. Des pages s'ouvrent aussi sans cesse.
Je colle ci-joint mon rapport Hijackthis. S.V.P m'indiquer quoi supprimer.
Je vous remercie à l'avance pour votre aide.
Carole.
Logfile of HijackThis v1.99.1
Scan saved at 20:26:59, on 2008-04-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Jacques Derepentigny\Bureau\logiciels pour faire le ménage de l'ordinateur\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lemondedescroisieres.com/in [...] 78eb0df409
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O16 - DPF: mapview - https://www.mobilus.ca/applet/mapview1028.cab
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - http://www.registrefoncier.gouv.qc [...] ViewAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/control [...] oader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam [...] ontrol.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload [...] 0.0.9.cab?
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.registrefoncier.gouv.qc [...] M/Acgm.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: pmsoarbf - {E26884D9-73FD-4663-807E-6D0BAC770280} - C:\WINDOWS\pmsoarbf.dll
O21 - SSODL: omlbpkaw - {6D0DD7E0-F815-4071-BE5D-45D08FDC67A2} - C:\WINDOWS\omlbpkaw.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Message édité par carolec27 le 16-04-2008 à 22:13:23
Bonjour,
Désactive tes protections résidentes (antivirus, Spybot...) !
- Télécharge Combofix (sUBs) sur ton Bureau.
- Double clique sur combofix.exe afin de le lancer.
- Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Répondre à Angeldark
Bonjour Angeldark et merci pour ton aide!
voici le rapport de combofix:
ComboFix 08-04-15.4 - Jacques Derepentigny 2008-04-16 8:15:47.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.574 [GMT -4:00]
Endroit: C:\Documents and Settings\Jacques Derepentigny\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jacques Derepentigny\Bureau\Error Cleaner.url
C:\Documents and Settings\Jacques Derepentigny\Bureau\Privacy Protector.url
C:\Documents and Settings\Jacques Derepentigny\Bureau\Spyware&Malware Protection.url
C:\Documents and Settings\Jacques Derepentigny\Favoris\Error Cleaner.url
C:\Documents and Settings\Jacques Derepentigny\Favoris\Privacy Protector.url
C:\Documents and Settings\Jacques Derepentigny\Favoris\Spyware&Malware Protection.url
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\byXRlIAq.dll
C:\WINDOWS\system32\ddcATlKA.dll
C:\WINDOWS\system32\qAIlRXyb.ini
C:\WINDOWS\system32\qAIlRXyb.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
.
2008-04-15 20:03 . 2008-04-15 20:03 <REP> d-------- C:\Documents and Settings\Jacques Derepentigny\Application Data\TmpRecentIcons
2008-04-15 18:19 . 2005-10-21 22:00 <REP> d--h----- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Voisinage r‚seau
2008-04-15 18:19 . 2005-10-21 22:00 <REP> d--h----- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Voisinage d'impression
2008-04-15 18:19 . 2006-09-28 09:31 <REP> d--h----- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\ModŠles
2008-04-15 18:19 . 2005-10-21 22:00 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Mes documents
2008-04-15 18:19 . 2005-10-21 22:00 <REP> dr------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Menu D‚marrer
2008-04-15 18:19 . 2005-10-21 22:00 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Favoris
2008-04-15 18:19 . 2005-10-21 22:00 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Bureau
2008-04-15 18:19 . 2008-04-15 18:19 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A
2008-04-15 18:07 . 2008-04-15 18:07 212,480 --a------ C:\WINDOWS\sysweb64a.dll
2008-04-15 18:07 . 2008-04-15 18:07 52 --a------ C:\smp.bat
2008-04-15 18:06 . 2008-04-15 14:07 258,048 --a------ C:\WINDOWS\lgmxvpatkmb.dll
2008-04-15 18:06 . 2008-04-15 14:07 217,088 --a------ C:\WINDOWS\omlbpkaw.dll
2008-04-15 18:06 . 2008-04-15 14:07 172,032 --a------ C:\WINDOWS\pmsoarbf.dll
2008-04-15 18:06 . 2008-04-15 14:07 151,552 --a------ C:\WINDOWS\qtvglped.dll
2008-04-15 18:06 . 2008-04-15 14:07 94,208 --a------ C:\WINDOWS\npqtsrak.exe
2008-04-15 18:06 . 2008-04-15 14:07 81,920 --a------ C:\WINDOWS\rtqmekwg.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 12:22 --------- d-----w C:\Documents and Settings\Jacques Derepentigny\Application Data\POP Peeper
2008-04-16 12:07 --------- d-----w C:\Program Files\POP Peeper
2008-03-28 11:14 13,001,325 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-05 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-27 15:48 --------- d-----w C:\Program Files\Windows Live
2008-02-27 15:47 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-20 16:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-20 16:24 --------- d-----w C:\Documents and Settings\Jacques Derepentigny\Application Data\SUPERAntiSpyware.com
2008-02-20 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-20 16:23 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-11-25 20:23 23,073,081 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_25_13_44_33_full.dmp.zip
2007-11-25 18:45 1,617,920 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-11-25 18:44 1,617,920 ----a-w C:\WINDOWS\Internet Logs\xDB1A7.tmp
2007-03-25 20:42 28,553,327 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_03_25_16_18_49_full.dmp.zip
2006-05-23 22:05 0 ----a-w C:\Program Files\yttqj.exe
2005-11-22 22:48 24,576 ----a-w C:\Documents and Settings\.viv\1132699728406playershim1161.dll
2005-11-09 22:47 56 --sha-r C:\WINDOWS\system32\7D4F000E10.sys
2005-11-09 22:47 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2005-09-02 20:08 664576 031ca1310e4cb23e5a4f747d763d0b49 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-10-20 23:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-04 00:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 01:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 07:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 04:38 668672 b8b6f05885a6f42724e8d6bfede6bd3f C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
2004-08-05 08:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2006-06-23 07:11 663040 4f343f414f05e81cf61b1001634fc6b7 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
2006-09-14 04:40 697344 2aac838f60d5e6b8d18a56ce829ad9dc C:\WINDOWS\system32\wininet.dll
2006-09-14 04:40 697344 2aac838f60d5e6b8d18a56ce829ad9dc C:\WINDOWS\system32\dllcache\wininet.dll
2004-08-05 08:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
2004-08-05 08:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52676F4A-D830-4513-BE81-3A0C28B32C2F}]
2008-04-15 14:07 258048 --a------ C:\WINDOWS\lgmxvpatkmb.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-03-11 19:09 1429504]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" [2006-08-15 14:01 230976]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-02 21:06 949376]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pmsoarbf"= {E26884D9-73FD-4663-807E-6D0BAC770280} - C:\WINDOWS\pmsoarbf.dll [2008-04-15 14:07 172032]
"omlbpkaw"= {6D0DD7E0-F815-4071-BE5D-45D08FDC67A2} - C:\WINDOWS\omlbpkaw.dll [2008-04-15 14:07 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcATlKA]
ddcATlKA.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Akimania.com.lnk]
backup=C:\WINDOWS\pss\Akimania.com.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant Internet.lnk]
backup=C:\WINDOWS\pss\Assistant Internet.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Reality Fusion GameCam SE.lnk]
backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SmartUI.lnk]
backup=C:\WINDOWS\pss\SmartUI.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jacques Derepentigny^Menu Démarrer^Programmes^Démarrage^SpamPal.lnk]
backup=C:\WINDOWS\pss\SpamPal.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 21:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2006-06-10 09:43 467968 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
--a------ 2003-07-07 17:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-06-05 23:41 118784 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-06-05 23:45 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2002-08-12 11:07 36864 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
--a------ 2003-05-04 11:27 258116 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 14:12 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-17 14:12 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2004-05-19 10:24 385024 C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--a------ 2005-05-19 19:38 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2002-08-12 10:33 45108 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 17:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-05-04 20:28 14396416 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-11 21:41 25343016 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
--a------ 2003-05-15 16:45 114688 C:\Program Files\Microsoft IntelliType Pro\type32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
--------- 2005-05-23 09:57 90112 C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S3 brfilt;Pilote de filtre Brother MFC;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 21:12]
S3 brparimg;Pilote d'image parallèle multifonction Brother;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 21:12]
S3 BrParWdm;Pilote parallèle WDM Brother;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-23 17:01]
S3 BrSerWDM;Pilote série Brother;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 21:12]
S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-08-26 13:37]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 08:23:36
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\Documents and Settings\Jacques Derepentigny\Local Settings\Application Data\Microsoft\Messenger\carolec27@hotmail.com\SharingMetadata\Working\database_5AEC_5711_EC56_E6B3\$db_clean$ 0 bytes
Scan termin‚ avec succŠs
Les fichiers cach‚s: 2
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-16 8:26:04 - machine was rebooted [Jacques Derepentigny]
ComboFix-quarantined-files.txt 2008-04-16 12:26:01
ComboFix2.txt 2007-01-15 19:59:50
Pre-Run: 76,317,356,032 octets libres
Post-Run: 76,346,159,104 octets libres
.
2008-04-12 00:55:35 --- E O F ---
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
petit problème! je copie l'intérieur du cadre, après sauvegarde et copie dans le bloc note sous CFScript.txt, combofix se charge mais ne s'exécute pas. Rien ne se passe.
Tu peux être un peu plus clair ? 
Répondre à Angeldark
je fais exactement ce que tu m'a dit plus haut, mais lorsque je glisse le fichier CFScript.txt dans Combofix.exe, celui-ci ne se relance pas, alors impossible pour moi de te poster les rapports demandés.
Tu peux supprimer ta version de Combofix pour recommencer ?
Répondre à Angeldark
J'ai fait comme demandé et ça marché, voici les deux rapports:
ComboFix 08-04-15.8 - Jacques Derepentigny 2008-04-16 15:04:56.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.580 [GMT -4:00]
Endroit: C:\Documents and Settings\Jacques Derepentigny\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jacques Derepentigny\Bureau\CFScript.txt.txt
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\WINDOWS\lgmxvpatkmb.dll
C:\WINDOWS\npqtsrak.exe
C:\WINDOWS\omlbpkaw.dll
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\qtvglped.dll
C:\WINDOWS\rtqmekwg.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jacques Derepentigny\Bureau\Error Cleaner.url
C:\Documents and Settings\Jacques Derepentigny\Bureau\Privacy Protector.url
C:\Documents and Settings\Jacques Derepentigny\Bureau\Spyware&Malware Protection.url
C:\Documents and Settings\Jacques Derepentigny\Favoris\Error Cleaner.url
C:\Documents and Settings\Jacques Derepentigny\Favoris\Privacy Protector.url
C:\Documents and Settings\Jacques Derepentigny\Favoris\Spyware&Malware Protection.url
C:\WINDOWS\lgmxvpatkmb.dll
C:\WINDOWS\npqtsrak.exe
C:\WINDOWS\omlbpkaw.dll
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\qtvglped.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\rtqmekwg.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
.
2008-04-16 12:29 . 2008-04-16 12:50 <REP> d-------- C:\Program Files\Enigma Software Group
2008-04-15 20:03 . 2008-04-16 10:36 <REP> d-------- C:\Documents and Settings\Jacques Derepentigny\Application Data\TmpRecentIcons
2008-04-15 18:19 . 2005-10-21 22:00 <REP> d--h----- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Voisinage réseau
2008-04-15 18:19 . 2005-10-21 22:00 <REP> d--h----- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Voisinage d'impression
2008-04-15 18:19 . 2006-09-28 09:31 <REP> d--h----- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Modèles
2008-04-15 18:19 . 2005-10-21 22:00 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Mes documents
2008-04-15 18:19 . 2005-10-21 22:00 <REP> dr------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Menu Démarrer
2008-04-15 18:19 . 2005-10-21 22:00 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Favoris
2008-04-15 18:19 . 2005-10-21 22:00 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Bureau
2008-04-15 18:19 . 2008-04-15 18:19 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A
2008-04-15 18:07 . 2008-04-15 18:07 212,480 --a------ C:\WINDOWS\sysweb64a.dll
2008-04-15 18:07 . 2008-04-15 18:07 52 --a------ C:\smp.bat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 13:12 --------- d-----w C:\Program Files\Trend Micro
2008-04-16 12:22 --------- d-----w C:\Documents and Settings\Jacques Derepentigny\Application Data\POP Peeper
2008-04-16 12:07 --------- d-----w C:\Program Files\POP Peeper
2008-03-28 11:14 13,001,325 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-05 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-27 15:48 --------- d-----w C:\Program Files\Windows Live
2008-02-27 15:47 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-20 16:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-20 16:24 --------- d-----w C:\Documents and Settings\Jacques Derepentigny\Application Data\SUPERAntiSpyware.com
2008-02-20 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-20 16:23 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-11-25 20:23 23,073,081 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_25_13_44_33_full.dmp.zip
2007-11-25 18:45 1,617,920 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-11-25 18:44 1,617,920 ----a-w C:\WINDOWS\Internet Logs\xDB1A7.tmp
2007-03-25 20:42 28,553,327 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_03_25_16_18_49_full.dmp.zip
2006-05-23 22:05 0 ----a-w C:\Program Files\yttqj.exe
2005-11-22 22:48 24,576 ----a-w C:\Documents and Settings\.viv\1132699728406playershim1161.dll
2005-11-09 22:47 56 --sha-r C:\WINDOWS\system32\7D4F000E10.sys
2005-11-09 22:47 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2005-09-02 20:08 664576 031ca1310e4cb23e5a4f747d763d0b49 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-10-20 23:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-04 00:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 01:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 07:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 04:38 668672 b8b6f05885a6f42724e8d6bfede6bd3f C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
2004-08-05 08:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2006-06-23 07:11 663040 4f343f414f05e81cf61b1001634fc6b7 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
2006-09-14 04:40 697344 2aac838f60d5e6b8d18a56ce829ad9dc C:\WINDOWS\system32\wininet.dll
2006-09-14 04:40 697344 2aac838f60d5e6b8d18a56ce829ad9dc C:\WINDOWS\system32\dllcache\wininet.dll
2004-08-05 08:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
2004-08-05 08:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-16_ 8.25.47.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-16 12:23:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 18:59:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-03-11 19:09 1429504]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" [2006-08-15 14:01 230976]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-02 21:06 949376]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]
C:\Documents and Settings\Jacques Derepentigny\Menu D‚marrer\Programmes\D‚marrage\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-03-25 09:13:04 118784]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Akimania.com.lnk]
backup=C:\WINDOWS\pss\Akimania.com.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant Internet.lnk]
backup=C:\WINDOWS\pss\Assistant Internet.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Reality Fusion GameCam SE.lnk]
backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SmartUI.lnk]
backup=C:\WINDOWS\pss\SmartUI.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jacques Derepentigny^Menu Démarrer^Programmes^Démarrage^SpamPal.lnk]
backup=C:\WINDOWS\pss\SpamPal.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 21:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2006-06-10 09:43 467968 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
--a------ 2003-07-07 17:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-06-05 23:41 118784 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-06-05 23:45 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2002-08-12 11:07 36864 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
--a------ 2003-05-04 11:27 258116 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 14:12 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-17 14:12 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2004-05-19 10:24 385024 C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--a------ 2005-05-19 19:38 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2002-08-12 10:33 45108 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 17:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-05-04 20:28 14396416 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-11 21:41 25343016 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
--a------ 2003-05-15 16:45 114688 C:\Program Files\Microsoft IntelliType Pro\type32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
--------- 2005-05-23 09:57 90112 C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S3 brfilt;Pilote de filtre Brother MFC;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 21:12]
S3 brparimg;Pilote d'image parallèle multifonction Brother;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 21:12]
S3 BrParWdm;Pilote parallèle WDM Brother;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-23 17:01]
S3 BrSerWDM;Pilote série Brother;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 21:12]
S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-08-26 13:37]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 15:06:56
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 1
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Temps d'accomplissement: 2008-04-16 15:07:53
ComboFix-quarantined-files.txt 2008-04-16 19:07:50
ComboFix2.txt 2008-04-16 12:26:06
ComboFix3.txt 2007-01-15 19:59:50
Pre-Run: 76,331,679,744 octets libres
Post-Run: 76,320,022,528 octets libres
.
2008-04-12 00:55:35 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:57, on 2008-04-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lemondedescroisieres.com/in [...] 78eb0df409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O16 - DPF: mapview - https://www.mobilus.ca/applet/mapview1028.cab
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - http://www.registrefoncier.gouv.qc [...] ViewAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/control [...] oader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9645449937
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fich [...] b?version=
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam [...] ontrol.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload [...] 0.0.9.cab?
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.registrefoncier.gouv.qc [...] M/Acgm.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7022 bytes
Encore des soucis ?
Répondre à Angeldark
Tout m'apparait bien fonctionner, je te remercie Angeldark, c'est vraiment un service de pro.
Bon surf 
- Télécharge ToolsCleaner sur ton Bureau.
- Clique sur Recherche et laisse le scan se terminer.
- Clique sur Suppression pour finaliser.
- Clique sur Quitter, pour que le rapport puisse se créer.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)
Désactive puis réactive la restauration du système : Voir aide
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer" 
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :
Répondre à Angeldark
Il y a 2568 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
