Virus

Bonjour,
Alors voila j'ai des Pub qui s'affiche sur mon PC et sa me dit que j'ai des virus. Que dois-je faire svp?

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26, on 29/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\documents and settings\administrateur\local settings\application data\qguqqqc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Popsicle - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [qguqqqc] "c:\documents and settings\administrateur\local settings\application data\qguqqqc.exe" qguqqqc
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/inst [...] -kiwen.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V0 [...] /CTPID.cab
O20 - Winlogon Notify: 8437bb70509 - C:\WINDOWS\System32\ds32gt32.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8239 bytes

Répondre à Beber-du-24

Re,

! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

Télécharge ComboFix (sUBs) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voici le rapport:

ComboFix 08-12-29.02 - Administrateur 2008-12-30 13:32:32.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.223.43 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\020000007f0256af509C.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509O.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509P.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509S.manifest
c:\documents and settings\Administrateur\Local Settings\Application Data\qguqqqc.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\qguqqqc.exe
c:\documents and settings\Administrateur\Local Settings\Application Data\qguqqqc_nav.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\qguqqqc_navps.dat
c:\documents and settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\10.setup.zip
c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.unpack.zip
c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.limepro.zip
c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.keygen.zip
c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-30 ))))))))))))))))))))))))))))))))))))
.

2008-12-30 13:38 . 2008-12-30 13:39 <REP> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-12-30 13:38 . 2008-12-30 13:38 373,760 --ahs---- c:\windows\system32\1.tmp
2008-12-25 21:29 . 2008-12-25 21:29 373,760 --ahs---- c:\windows\system32\374.tmp
2008-12-25 21:29 . 2008-12-25 21:29 135,168 --a------ c:\windows\system32\ds32gt32.dll
2008-12-25 18:41 . 2008-12-25 18:41 <REP> dr-h----- c:\documents and settings\Administrateur\Application Data\SecuROM
2008-12-25 18:41 . 2008-12-25 18:41 108,144 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-25 18:17 . 2008-12-25 18:17 <REP> d-------- c:\program files\Atari
2008-12-25 18:10 . 2008-12-25 18:10 <REP> d-------- c:\program files\Logitech
2008-12-25 18:10 . 2008-12-25 18:10 <REP> d-------- c:\program files\Fichiers communs\Logitech
2008-12-25 18:10 . 2004-05-13 23:40 167,936 --a------ c:\windows\system32\WmJoyFrc.dll
2008-12-25 18:10 . 2004-05-13 23:54 44,384 --a------ c:\windows\system32\drivers\WmXlCore.sys
2008-12-25 18:10 . 2004-05-13 23:54 21,440 --a------ c:\windows\system32\drivers\WmFilter.sys
2008-12-25 18:10 . 2004-05-13 23:54 14,720 --a------ c:\windows\system32\drivers\WmHidLo.sys
2008-12-25 18:10 . 2004-05-13 23:54 10,144 --a------ c:\windows\system32\drivers\WmBEnum.sys
2008-12-25 18:10 . 2004-05-13 23:54 5,600 --a------ c:\windows\system32\drivers\WmVirHid.sys
2008-12-10 13:22 . 2008-12-10 13:21 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-11 20:37 . 2008-11-11 20:37 0 --a------ c:\windows\graphedit.INI
2008-11-11 20:11 . 2008-11-11 20:11 <REP> d--h----- c:\windows\PIF
2008-11-11 19:32 . 2008-11-11 19:32 <REP> d-------- c:\program files\K-Lite Codec Pack

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 12:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
2008-12-30 10:31 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2008-12-29 17:36 --------- d-----w c:\documents and settings\Administrateur\Application Data\LimeWire
2008-12-29 13:42 --------- d-----w c:\program files\LimeWire
2008-12-29 13:42 --------- d-----w c:\program files\Incomplete
2008-12-29 12:56 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-25 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 17:07 --------- d-----w c:\program files\Google
2008-12-24 11:25 --------- d-----w c:\documents and settings\Administrateur\Application Data\HPAppData
2008-12-10 12:21 --------- d-----w c:\program files\Java
2008-10-30 16:55 --------- d-----w c:\program files\aideinfo
2008-02-02 18:47 126 ----a-w c:\documents and settings\Administrateur\patching.reg
2005-09-08 07:25 276 ----a-w c:\documents and settings\Administrateur\install.cmd
.

------- Sigcheck -------

2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\termsrv.dll
2005-01-03 19:16 215552 a77219a971029dc2fb683e8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"VTTimer"="VTTimer.exe" [2003-08-20 c:\windows\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\8437bb70509]
2008-12-25 21:29 135168 c:\windows\system32\ds32gt32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\explorer.exe"=

R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2008-02-03 178913]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-qguqqqc - c:\documents and settings\administrateur\local settings\application data\qguqqqc.exe
HKU-Default-RunOnce-LSD_II - c:\windows\LSD\lsd.cmd

.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
.
.
------- Associations de fichier -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 13:38:38
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\system32\GroupPolicy000.dat 0 bytes
c:\windows\system32\GroupPolicyManifest

Scan terminé avec succès
Fichiers cachés: 2

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1032)
c:\windows\System32\ds32gt32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Opera\opera.exe
.
**************************************************************************
.
Heure de fin: 2008-12-30 13:43:30 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2008-12-30 12:43:27

Avant-CF: 21,616,742,400 octets libres
Après-CF: 21,684,953,088 octets libres

174 --- E O F --- 2008-09-10 17:04:11

Répondre à Beber-du-24

Analyse le fichier suivant sur Virus Total puis poste le rapport :
c:\windows\system32\ds32gt32.dll

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voici se que j'ai obtenu de l'analyse du fichier sur Virus Total:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2008.12.27 Trojan-Downloader.Win32.Tracur!IK
AhnLab-V3 2008.12.25.0 2008.12.27 Win-Trojan/Agent.135168.DL
AntiVir 7.9.0.45 2008.12.27 TR/Spy.Gen
Authentium 5.1.0.4 2008.12.27 W32/Heuristic-KPP!Eldorado
Avast 4.8.1281.0 2008.12.27 Win32:Spyware-gen
AVG 8.0.0.199 2008.12.26 Agent.AMYP
BitDefender 7.2 2008.12.27 Trojan.Downloader.JLKD
CAT-QuickHeal 10.00 2008.12.27 TrojanDownloader.Agent.arsg
ClamAV 0.94.1 2008.12.27 Trojan.Downloader-62388
Comodo 826 2008.12.27 TrojWare.Win32.TrojanDownloader.Agent.arsg
DrWeb 4.44.0.09170 2008.12.27 Trojan.DownLoad.26530
eSafe 7.0.17.0 2008.12.24 -
eTrust-Vet 31.6.6276 2008.12.24 Win32/SillyDl.GES
Ewido 4.0 2008.12.27 -
F-Prot 4.4.4.56 2008.12.24 W32/Heuristic-KPP!Eldorado
F-Secure 8.0.14332.0 2008.12.27 Trojan-Downloader.Win32.Agent.arsg
Fortinet 3.117.0.0 2008.12.27 PossibleThreat
GData 19 2008.12.27 Trojan.Downloader.JLKD
Ikarus T3.1.1.45.0 2008.12.27 Trojan-Downloader.Win32.Tracur
K7AntiVirus 7.10.568 2008.12.27 Trojan-Downloader.Win32.Agent.arsg
Kaspersky 7.0.0.125 2008.12.27 Trojan-Downloader.Win32.Agent.arsg
McAfee 5476 2008.12.27 Generic Downloader.x
McAfee+Artemis 5476 2008.12.27 Generic Downloader.x
Microsoft 1.4205 2008.12.27 TrojanDownloader:Win32/Tracur.A
NOD32 3719 2008.12.27 Win32/Agent.OAF
Norman 5.80.02 2008.12.26 W32/DLoader.LUXM
Panda 9.0.0.4 2008.12.27 Trj/Downloader.MDW
PCTools 4.4.2.0 2008.12.27 -
Prevx1 V2 2008.12.27 Cloaked Malware
Rising 21.09.52.00 2008.12.27 Trojan.DL.Win32.Mnless.buo
SecureWeb-Gateway 6.7.6 2008.12.27 Trojan.Spy.Gen
Sophos 4.37.0 2008.12.27 Troj/Agent-IKQ
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.27 Downloader.Trojan
TheHacker 6.3.1.4.200 2008.12.26 Trojan/Downloader.Agent.arsg
TrendMicro 8.700.0.1004 2008.12.26 TROJ_AGENT.AEMH
VBA32 3.12.8.10 2008.12.27 Trojan-Downloader.Win32.Agent.arsg
ViRobot 2008.12.26.1536 2008.12.26 -
VirusBuster 4.5.11.0 2008.12.27 -
Information additionnelle
File size: 135168 bytes
MD5...: de7c6c753ba2b54c3080fa1d7189b294
SHA1..: c6afd88f5b68a9b1802af6bf5850387d5536cc77
SHA256: f1a49c8599149af15e1af728f048b2a55800b300f94e8b23a9dbfb1e2128fade
SHA512: 90100627d1131b6c5a9b8dd554fe3cf243f4a58c27b941f6970130a1f5c3af61
0c422e56b6428a97baeba25ae245867d6d1e8f4eaed396077083fbf84d74cbf8
ssdeep: 3072:ynHzaargsDli/VFyWMdKGIQ/VMnBGN0TBfCItnhZjQ:sHWWliNFyj+B00TB
qwnhBQ
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10001ff0
timedatestamp.....: 0x49283491 (Sat Nov 22 16:34:25 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x15224 0x16000 6.46 b2a51b0d0f77443ff0ad537de55e0b38
.rdata 0x17000 0x6319 0x7000 6.29 66b304a3b9c2fb6934a1a268ea54cf9a
.data 0x1e000 0x1498 0x1000 2.08 e41c1d65c451f95e029882aeeb464886
.reloc 0x20000 0x1abc 0x2000 5.87 1b7f473a37a669a94a8b022bb0e83730

( 11 imports )
> ntdll.dll: _snprintf, _strnicmp, strlen, strstr, _stricmp, memcmp, atoi, _itoa, memcpy, _ultoa, tolower, memset, _chkstk, _allmul, _alldiv
> msvcrt.dll: strtok
> WS2_32.dll: WSASocketW, -, WSASend, -, WSAWaitForMultipleEvents, WSAIoctl, -, -, -, WSARecv, WSACreateEvent, WSAGetOverlappedResult, -, -, -, -, -, -
> WININET.dll: HttpOpenRequestA, HttpSendRequestA, InternetOpenA, HttpQueryInfoA, InternetReadFile, InternetCloseHandle, InternetOpenUrlA, InternetSetOptionA, InternetConnectA, HttpAddRequestHeadersA
> OLEAUT32.dll: -, -
> SHLWAPI.dll: PathFileExistsA
> KERNEL32.dll: WaitForMultipleObjects, GetVolumeInformationA, GetWindowsDirectoryA, GetFileTime, RemoveDirectoryA, TransactNamedPipe, HeapSetInformation, HeapCreate, FindFirstFileA, HeapDestroy, HeapFree, WaitNamedPipeA, FindNextFileA, SetNamedPipeHandleState, HeapAlloc, GetSystemDirectoryA, GetVersionExA, FindClose, FreeLibrary, MapViewOfFile, CreateFileMappingA, OpenFileMappingA, UnmapViewOfFile, ExitProcess, GetFileAttributesExA, SetFileAttributesA, CreateDirectoryA, TlsSetValue, TlsGetValue, TlsAlloc, InterlockedExchange, CreateEventA, ProcessIdToSessionId, Process32Next, Process32First, WriteProcessMemory, VirtualAllocEx, Thread32Next, GetModuleHandleA, Thread32First, CreateToolhelp32Snapshot, InterlockedIncrement, InterlockedDecrement, GetCurrentThreadId, GetProcAddress, CloseHandle, OpenThread, GetCurrentProcessId, GetFileSize, lstrcpyA, ReadFile, GetModuleFileNameA, GetModuleFileNameW, InitializeCriticalSection, ResetEvent, lstrcatA, GetLocalTime, WaitForSingleObject, OpenMutexA, InterlockedCompareExchange, lstrlenA, CreateMutexA, SetEvent, TerminateThread, Sleep, OutputDebugStringA, DuplicateHandle, GetExitCodeThread, FlushFileBuffers, ReleaseMutex, OpenEventA, SetUnhandledExceptionFilter, LeaveCriticalSection, GetCurrentThread, VirtualFree, GetLastError, GetFileInformationByHandle, SystemTimeToFileTime, lstrcmpiA, GetSystemTime, GetCurrentProcess, WriteFile, EnterCriticalSection, CreateFileA, CreateThread, VirtualFreeEx, DisconnectNamedPipe, CreateNamedPipeA, ConnectNamedPipe, PeekNamedPipe, lstrcmpA, SetFilePointer, SetEndOfFile, GetTempFileNameA, DeleteCriticalSection, GetTempPathA, FlushInstructionCache, VirtualQuery, VirtualAlloc, SuspendThread, ResumeThread, GetThreadContext, SetThreadContext, VirtualProtect, SetLastError, lstrcmpW, MultiByteToWideChar, DeleteFileA, CreateProcessA, GetTickCount, GetFileAttributesA, LoadLibraryA, CreateRemoteThread, OpenProcess
> USER32.dll: SetForegroundWindow, ShowWindow, PeekMessageA, WaitForInputIdle, MsgWaitForMultipleObjects, GetSystemMetrics, wsprintfA, DispatchMessageA
> ADVAPI32.dll: RegCreateKeyExA, OpenServiceA, ControlService, ChangeServiceConfigA, RegDeleteKeyA, OpenSCManagerA, RegQueryValueExA, CloseServiceHandle, RegQueryInfoKeyA, RegEnumKeyExA, RegSetValueExA, RegCloseKey, RegOpenKeyExA
> SHELL32.dll: ShellExecuteA, SHGetFolderPathA
> ole32.dll: CoUninitialize, CoInitializeEx, CoCreateInstance

( 2 exports )
DllGetClassObject, EventStartup

Répondre à Beber-du-24

Re,

! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
c:\windows\system32\1.tmp
c:\windows\system32\374.tmp
c:\windows\system32\ds32gt32.dll

Folder::
c:\windows\system32\GroupPolicyManifest

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\8437bb70509]

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" (les guillemets sont importantes).

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :

Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.
* le nom de la partition peut changer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voici le rapport de Combofix:

ComboFix 08-12-30.02 - Administrateur 2008-12-31 16:58:14.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.223.31 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
c:\windows\system32\1.tmp
c:\windows\system32\374.tmp
c:\windows\system32\ds32gt32.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\020000007f0256af509C.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509O.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509P.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509S.manifest
c:\windows\GnuHashes.ini
c:\windows\system32\1.tmp
c:\windows\system32\374.tmp
c:\windows\system32\ds32gt32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\10.setup.zip
c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.unpack.zip
c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.limepro.zip
c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.keygen.zip
c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-31 ))))))))))))))))))))))))))))))))))))
.

2008-12-25 18:41 . 2008-12-25 18:41 <REP> dr-h----- c:\documents and settings\Administrateur\Application Data\SecuROM
2008-12-25 18:41 . 2008-12-25 18:41 108,144 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-25 18:17 . 2008-12-25 18:17 <REP> d-------- c:\program files\Atari
2008-12-25 18:10 . 2008-12-25 18:10 <REP> d-------- c:\program files\Logitech
2008-12-25 18:10 . 2008-12-25 18:10 <REP> d-------- c:\program files\Fichiers communs\Logitech
2008-12-25 18:10 . 2004-05-13 23:40 167,936 --a------ c:\windows\system32\WmJoyFrc.dll
2008-12-25 18:10 . 2004-05-13 23:54 44,384 --a------ c:\windows\system32\drivers\WmXlCore.sys
2008-12-25 18:10 . 2004-05-13 23:54 21,440 --a------ c:\windows\system32\drivers\WmFilter.sys
2008-12-25 18:10 . 2004-05-13 23:54 14,720 --a------ c:\windows\system32\drivers\WmHidLo.sys
2008-12-25 18:10 . 2004-05-13 23:54 10,144 --a------ c:\windows\system32\drivers\WmBEnum.sys
2008-12-25 18:10 . 2004-05-13 23:54 5,600 --a------ c:\windows\system32\drivers\WmVirHid.sys
2008-12-10 13:22 . 2008-12-10 13:21 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-11 20:37 . 2008-11-11 20:37 0 --a------ c:\windows\graphedit.INI
2008-11-11 20:11 . 2008-11-11 20:11 <REP> d--h----- c:\windows\PIF
2008-11-11 19:32 . 2008-11-11 19:32 <REP> d-------- c:\program files\K-Lite Codec Pack

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 16:02 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
2008-12-31 12:06 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2008-12-30 21:02 --------- d-----w c:\documents and settings\Administrateur\Application Data\HPAppData
2008-12-29 17:36 --------- d-----w c:\documents and settings\Administrateur\Application Data\LimeWire
2008-12-29 13:42 --------- d-----w c:\program files\LimeWire
2008-12-29 13:42 --------- d-----w c:\program files\Incomplete
2008-12-29 12:56 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-25 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 17:07 --------- d-----w c:\program files\Google
2008-12-10 12:21 --------- d-----w c:\program files\Java
2008-10-30 16:55 --------- d-----w c:\program files\aideinfo
2008-02-02 18:47 126 ----a-w c:\documents and settings\Administrateur\patching.reg
2005-09-08 07:25 276 ----a-w c:\documents and settings\Administrateur\install.cmd
.

------- Sigcheck -------

2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\termsrv.dll
2005-01-03 19:16 215552 a77219a971029dc2fb683e8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-30_13.42.47.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-31 16:03:32 16,384 ----atw c:\windows\temp\Perflib_Perfdata_270.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"VTTimer"="VTTimer.exe" [2003-08-20 c:\windows\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2008-02-03 178913]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 17:05:23
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
@Security="Inherited"
"??"=hex:7b,00,59,e5,c8,29,95,73,e9,23,65,24,45,60,a7,f2,f0,1b,c5,20,9c,52,25,\
96,45,33,0e,70,2d,77,32,e9,5a,00,3a,99,0b,88,b9,36,29,c7,c0,ac,b2,90,4d,21,\
64,b7,d3,d3,ac,0a,58,ab,8c,f9,77,88,13,64,a1,0c,d2,56,e2,7c,86,63,d7,58,4a,\
ed,30,8f,43,da,ef,07,10,57,be,bc,c8,a4,5a,e2,59,27,7b,c0,3b,8b,4b,ae,a9,96,\
e7,f7,f2,bf,14,be,74,40,be,48,8e,fc,cb,16,43,45,a8,6f,60,80,3c,87,75,5b,0a,\
51,af,ec,9e,c4,ed,95,97,a7,54,85,0b,77,2e,9b,f1,7f,80,78,4c,dc,34,87,35,f6,\
aa,cc,dd,48,9e,88,a6,ab,66,3a,d4,72,63,28,cb,59,4b,d6,04,51,21,d5,58,cd,ce,\
4b,a4,b6,c1,91,49,12,7a,bd,c9,46,05,53,74,48,5c,77,65,c4,9a,65,30,f1,b1,c6,\
fb,08,ba,31,5c,d6,a3,d1,6e,2c,a1,18,52,bb,dc,04,8c,98,01,a6,db,46,f0,f5,65,\
22,ea,59,f5,8f,f1,0b,a3,79,24,c6,84,62,1b,b6,c5,34,e5,39,27,12,9a,67,9b,d2,\
e1,f1,ef,56,58,e3,8a,f4,1e,2a,87,48,62,da,3b,77,5d,58,5b,20,99,17,b2,02,1a,\
52,c6,df,b7,31,71,b6,53,83,4b,5b,c8,cd,93,e2,34,33,61,6f,95,9c,3d,40,0a,c9,\
16,88,85,bd,80,56,a5,49,c2,a5,32,44,a6,76,cb,41,5a,42,2a,cd,53,7c,fd,f5,ca,\
43,7d,a3,02,d7,e1,67,24,ca,12,94,e3,f2,59,18,ad,56,0a,e4,89,ef,58,c6,83,20,\
fd,37,5a,7c,52,f5,7e,6d,80,32,23,0b,46,3d,5c,21,f4,5b,ff,85,6a,e1,34,5f,cb,\
35,48,bb,9a,91,d2,ca,3e,43,c5,dc,2d,ce,62,9c,db,82,fa,54,94,db,29,ec,87,ee,\
58,6f,1a,23,a4,e1,c6,3c,29,a5,89,64,84,58,b0,09,9e,7c,91,07,1b,94,aa,fc,cf,\
02,0d,e6,8f,80,d0,b3,f7,bc,c3,07,35,56,b3,88,25,1b,5a,44,9a,49,ee,1b,a5,5a,\
84,a9,03,b4,ef,d0,bf,a9,c8,cc,49,aa,a8,8f,91,d9,d2,1a,e7,e8,b4,59,4e,3f,fa,\
7a,c3,78,49,22,ed,16,b7,37,ff,57,08,4a,2a,10,26,25,a1,2e,aa,51,09,54,7a,8e,\
1a,ee,46,f4,67,61,b2,b4,6b,bd,81,8d,8a,e7,cd,c8,4a,a5,39,4c,bb,ea,7b,8e,71,\
42,fa,c1,30,b3,70,18,fb,82,4c,85,fa,aa,ea,fd,77,a2,8a,2b,0c,87,8f,06,94,d7,\
bc,63,c7,25,89,c3,fe,ff,e1,b4,cd,69,f2,a5,64,17,1d,01,57,6e,95,3a,fe,0f,4c,\
6e,99,5c,a8,9c,bb,38,45,9d,4e,85,47,08,3d,0c,19,5e,61,93,aa,32,ec,15,df,ca,\
ff,9e,20,f6,04,76,43,e0,bd,33,5b,ff,58,8d,65,cd,ca,c4,f8,d4,1f,8b,08,4a,71,\
65,1f,87,e4,62,c5,c3,62,b8,1b,bf,90,2c,0e,71,1d,bf,f2,51,45,76,13,aa,a5,e8,\
cd,9f,22,54,68,67,e0,ea,8c,09,08,ab,0d,31,79,73,84,b8,6f,e5,45,d8,9d,e0,1f,\
48,db,ca,bb,0b,5d,81,2b,55,47,c6,d9,19,20,16,a5,f8,dd,a7,bf,d4,d8,5a,98,48,\
bd,3d,08,35,72,77,7b,b9,56,c3,39,53,f5,38,b4,dd,fe,d4,6b,31,78,3d,11,ea,43,\
b6,cb,dd,d1,f3,45,1f,44,e7,ba,8a,5e,d2,4b,17,47,1c,3d,3f,ca,84,28,aa,0c,c9,\
87,15,05,b4,30,69,44,f9,7b,92,93,d6,d0,30,f2,6e,37,5f,88,33,60,0e,55,3e,38,\
f6,68,e9,6b,b9,ec,0d,30,01,1f,12,88,b1,f5,f2,e5,1c,f1,08,22,42,8b,b5,f3,90,\
d6,32,bc,eb,1a,57,f1,58,94,41,86,e9,58,35,a2,b7,d0,a8,f3,ad,83,93,ca,0d,72,\
ba,b8,e4,49,f0,42,25,50,59,cb,eb,6b,6b,6c,e4,19,c9,e6,67,16,ac,e8,2b,fa,c2,\
85,bd,d2,8b,9d,b5,d2,8b,85
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*NULL*]
@Security="Inherited"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2008-12-31 17:09:50 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2008-12-31 16:09:46
ComboFix2.txt 2008-12-30 12:43:32

Avant-CF: 21 680 201 728 octets libres
Après-CF: 21,681,324,032 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

207 --- E O F --- 2008-09-10 17:04:11

Répondre à Beber-du-24

Voici le Rapport de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14, on 31/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/inst [...] -kiwen.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V0 [...] /CTPID.cab
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7506 bytes

Répondre à Beber-du-24

Tu as encore des soucis ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Non, il n'y a plus de probléme, Merci Beaucoup!!!

Répondre à Beber-du-24

Bon surf.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Merci

Répondre à Beber-du-24

Forum Sécurité - Virus : Virus

Attention