Après réflexion j'ai appuyé sur fixer.. et j'ai relancé la machine.. et j'ai changé plusieurs fois d'utilisateur.. et je n'ai eu aucune sirène et ça semble marcher bien !
Voilà le rapport ComboFix :
ComboFix 08-02-25.3 - Pierre DISDET 2008-02-29 16:10:17.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1451 [GMT 1:00]
Endroit: C:\Documents and Settings\Pierre DISDET\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pierre DISDET\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\BM3712abaa.xml
C:\WINDOWS\pskt.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM3712abaa.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mq9
C:\WINDOWS\system32\mq9\liopud89104.exe
C:\WINDOWS\system32\rp1
C:\WINDOWS\system32\yw3
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Pierre\Application Data\ShoppingReport
C:\Documents and Settings\Pierre\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Pierre\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Pierre\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Pierre\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Pierre\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Pierre\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Pierre\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\dat.txt
C:\WINDOWS\Downloaded Program Files\UGA6PV_0001_N122M1202NetInstaller.exe
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\bakabmtx.ini
C:\WINDOWS\system32\bivjqbty.dll
C:\WINDOWS\system32\eajcsfdd.ini
C:\WINDOWS\system32\eepngunr.ini
C:\WINDOWS\system32\flfwobab.dll
C:\WINDOWS\system32\fouvciie.dll
C:\WINDOWS\system32\fqkdxhic.ini
C:\WINDOWS\system32\jxnmxnyl.dll
C:\WINDOWS\system32\mpatbxdm.ini
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ptahfugf.dll
C:\WINDOWS\system32\rnugnpee.dll
C:\WINDOWS\system32\rqroopn.dll
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\rrutv.ini2
C:\WINDOWS\system32\svrlbxjc.dll
C:\WINDOWS\system32\sydebaqp.ini
C:\WINDOWS\system32\tfcnqcuc.dll
C:\WINDOWS\system32\vmjviqmf.dll
C:\WINDOWS\system32\vrymkoxo.ini
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\wmxwrshe.ini
C:\WINDOWS\system32\wvuroml.dll
C:\WINDOWS\system32\xjliuxtv.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))))))))
.
2008-02-28 19:32 . 2008-02-28 19:50 <REP> d-------- C:\Documents and Settings\Pierre DISDET\Application Data\AdobeUM
2008-02-28 18:33 . 2008-02-28 18:33 <REP> d-------- C:\Documents and Settings\Pierre\Application Data\Grisoft
2008-02-27 19:05 . 2008-02-27 19:05 <REP> d-------- C:\Documents and Settings\Pierre DISDET\Application Data\Grisoft
2008-02-27 15:48 . 2008-02-27 15:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-27 15:48 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-27 13:14 . 2008-02-27 13:16 14,113,576 --a------ C:\Program Files\avgas-setup-7.5.1.43-3339.exe
2008-02-27 13:08 . 2008-02-27 13:07 50,688 --a------ C:\Program Files\ATF-Cleaner.exe
2008-02-26 08:49 . 2008-02-26 08:49 <REP> d-------- C:\Documents and Settings\Pierre\Application Data\Talkback
2008-02-25 15:49 . 2008-02-25 15:51 6,105,952 --a------ C:\Program Files\Firefox Setup 2.0.0.12.exe
2008-02-25 15:32 . 2008-02-25 15:32 107,134 --a------ C:\WINDOWS\UninstallFirefox.exe
2008-02-25 15:18 . 2008-02-25 15:18 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-25 15:17 . 2006-11-17 19:28 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-02-23 18:35 . 2008-02-23 18:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-02-23 18:35 . 2008-02-27 13:17 <REP> d-------- C:\Program Files\Free
2008-02-22 19:15 . 2008-02-22 19:15 <REP> d-------- C:\Program Files\eMule
2008-02-22 09:28 . 2008-02-22 09:28 <REP> d-------- C:\WINDOWS\report
2008-02-22 09:28 . 2008-02-22 19:16 <REP> d-------- C:\WINDOWS\AU_Temp(2)
2008-02-22 09:28 . 2008-02-22 08:55 36,469,841 --a------ C:\WINDOWS\LPT$VPN.119
2008-02-22 09:02 . 2008-02-22 09:17 <REP> d-------- C:\Documents and Settings\Pierre DISDET\Application Data\VirusEffaceur
2008-02-22 08:55 . 2008-02-22 19:16 <REP> d-------- C:\WINDOWS\AU_Backup
2008-02-22 08:55 . 2008-02-22 08:55 36,469,841 --a------ C:\WINDOWS\VPTNFILE.119
2008-02-22 08:55 . 2008-02-22 08:55 1,922,158 --a------ C:\WINDOWS\tsc.ptn
2008-02-22 08:54 . 2008-02-22 08:54 <REP> d-------- C:\WINDOWS\AU_Log
2008-02-21 14:03 . 2008-02-21 14:03 178,730 --a------ C:\CSmileysIM_log.39499,2879392708.err
2008-02-19 00:12 . 2008-02-19 00:13 178,730 --a------ C:\CSmileysIM_log.39496,6099245833.err
2008-02-15 13:33 . 2008-02-15 13:34 178,730 --a------ C:\CSmileysIM_log.39493,3050122917.err
2008-02-14 13:34 . 2008-02-14 13:34 178,730 --a------ C:\CSmileysIM_log.39492,3305904745.err
2008-02-13 13:34 . 2008-02-13 13:35 178,730 --a------ C:\CSmileysIM_log.39491,4474699769.err
2008-02-12 14:32 . 2008-02-12 14:32 178,730 --a------ C:\CSmileysIM_log.39490,3179345602.err
2008-02-11 13:34 . 2008-02-11 13:34 178,786 --a------ C:\CSmileysIM_log.39489,3390212616.err
2008-02-08 13:33 . 2008-02-08 13:34 178,786 --a------ C:\CSmileysIM_log.39486,3091742593.err
2008-02-07 15:46 . 2008-02-07 15:46 178,730 --a------ C:\CSmileysIM_log.39485,3347316667.err
2008-02-06 13:34 . 2008-02-06 13:35 178,730 --a------ C:\CSmileysIM_log.39484,3183854167.err
2008-02-05 10:24 . 2008-02-05 10:24 178,786 --a------ C:\CSmileysIM_log.39483,3667616088.err
2008-02-02 08:26 . 2008-02-02 08:27 178,730 --a------ C:\CSmileysIM_log.39480,3430229977.err
2008-02-01 13:33 . 2008-02-01 13:33 178,730 --a------ C:\CSmileysIM_log.39479,346698669.err
2008-01-31 13:34 . 2008-01-31 13:34 178,730 --a------ C:\CSmileysIM_log.39478,322200081.err
2008-01-30 13:34 . 2008-01-30 13:34 178,729 --a------ C:\CSmileysIM_log.39477,3259848727.err
2008-01-29 13:33 . 2008-01-29 13:34 178,729 --a------ C:\CSmileysIM_log.39476,3385421991.err
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 08:29 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-02-27 18:08 --------- d-----w C:\Program Files\Yahoo!
2008-02-27 09:18 5,834 ----a-w C:\WINDOWS\system32\tmp.reg
2008-02-26 18:13 --------- d-----w C:\Program Files\FpTest
2008-02-22 14:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 16:29 --------- d-----w C:\Program Files\Winamp
2008-01-29 14:37 3,012 ----a-w C:\drmHeader.bin
2008-01-28 18:41 --------- d-----w C:\Program Files\DivX
2008-01-26 16:20 --------- d-----w C:\Program Files\FileZilla
2008-01-26 10:58 --------- d-----w C:\Documents and Settings\Pierre DISDET\Application Data\FileZilla
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 18:21 11,811,416 ----a-w C:\Program Files\rp505fra.exe
2007-12-07 14:37 3,080,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 09:16 3,928,264 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-12-07 09:15 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-07 09:08 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-12-07 02:08 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-07 02:08 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-07 02:08 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-07 02:08 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-07 02:08 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-07 02:08 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-06 13:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 19:49 14 ----a-w C:\Documents and Settings\Pierre DISDET\getfile.dat
2007-01-11 16:36 8,105,308 ----a-w C:\Program Files\vfcjsetup.exe
2006-06-25 09:17 172,058 ----a-w C:\Program Files\couper-raccorder.zip
2006-05-29 15:46 6,057,472 ----a-w C:\Program Files\icq5_1_setup.exe
2006-03-15 17:41 4,677,596 ----a-w C:\Program Files\emule_emule_0.47a_francais_10876.exe
2006-03-04 12:22 4,277,840 ----a-w C:\Program Files\icq5_setup.exe
2006-02-08 10:48 5,163,124 ----a-w C:\Program Files\zg602std.exe
2006-02-08 10:08 4,545,563 ----a-w C:\Program Files\quickzip.exe
2006-01-18 10:10 905,216 ----a-w C:\Program Files\iview398.exe
2006-01-08 10:05 18,272,890 ----a-w C:\Program Files\FreePCvcR_v0.5.2.exe
2005-12-28 12:16 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-12-23 18:15 8 ----a-w C:\Documents and Settings\Pierre DISDET\Application Data\usb.dat.bin
2005-12-05 17:07 406,568 ----a-w C:\Program Files\msgr7fr.exe
2005-11-18 07:40 11,593,624 ----a-w C:\Program Files\DivXPlay.exe
2001-09-30 22:49 1,379,328 ----a-w C:\Program Files\DFileSplitter.exe
2007-07-20 19:21 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 12:49 4670968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-09 00:57 7110656]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 16:50 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 02:01 86016]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 16:58 425984]
"DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 23:43 69632]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-16 16:47 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 10:51 49152]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"BDNewsAgent"="c:\program files\softwin\bitdefender8\bdnagent.exe" [2005-05-09 11:19 8192]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 12:14 1836544]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-02 17:59 106496]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BestCrypt Auto Open.lnk - C:\Program Files\Jetico\BestCrypt\BestCrypt.exe [2002-04-23 05:57:10 679936]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hplun.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashSimpl.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Fritivi\\fritivi.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 BC_BFish;BC_BFish;C:\WINDOWS\system32\drivers\BC_BFish.sys [1998-11-27 10:42]
R1 BC_DES;BC_DES;C:\WINDOWS\system32\drivers\BC_DES.sys [1998-09-20 08:14]
R1 BC_Gost;BC_Gost;C:\WINDOWS\system32\drivers\BC_Gost.sys [1998-09-20 08:14]
R1 BC_RIJN;BC_RIJN;C:\WINDOWS\system32\drivers\BC_RIJN.sys [2001-02-17 10:56]
R1 BC_TFISH;BC_TFISH;C:\WINDOWS\system32\drivers\BC_TFISH.sys [1998-11-16 11:25]
R1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys [2002-05-07 10:02]
R1 fsh;fsh;C:\WINDOWS\system32\drivers\fsh.sys [2001-12-17 06:41]
R3 mhk;mhk;C:\WINDOWS\system32\drivers\mhk.sys [2001-12-07 07:41]
R3 moh;moh;C:\WINDOWS\system32\drivers\moh.sys [2001-12-07 07:34]
R3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2005-05-06 08:11]
S4 BCSWAP;BCSWAP;C:\WINDOWS\system32\drivers\BCSWAP.sys [2001-10-29 10:45]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-29 15:00:00 C:\WINDOWS\Tasks\A3967A029185F54A.job"
- c:\docume~1\pierre~1\applic~1\bagstr~1\plannounerror.exe
"2008-01-21 06:48:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-11-17 17:45:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-29 16:14:24
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-29 16:15:25
ComboFix-quarantined-files.txt 2008-02-29 15:15:09
.
2008-02-26 17:11:17 --- E O F ---
et le rapport HJThis :
Logfile of HijackThis v1.99.1
Scan saved at 16:47:05, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Jetico\BestCrypt\BCResident.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: &Yahoo!ƒc[ƒ‹ƒo[ - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search -
res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 0209849921
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) -
http://www.fnacmusic.com/telechargement ... sicDnl.CAB
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) -
http://www.fnacmusic.com/telechargement ... posant.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) -
http://dlm.tools.akamai.com/dlmanager/v ... .2.2.1.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O20 - AppInit_DLLs: hplun.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Je vais poursuivre encore un peu les essais et en cas de pb je reviendrais.. Je reviendrai sur ce se forum dès lundi matin pour voir s'il reste des manoeuvres à réaliser.
Je vous remercie de la qualité et de tous les aspects de votre travail vraiment parfait.
Bien cordialement
Pierre