Infection par Win32:TratBHO & Co / Rapports HJT et ComboFix

[JLM33]

Bonsoir,

 

Avast! a détecté une infection de ma bécane par Win32:TratBHO, ce qui m'a fait supprimer quelques .dll.

Malheureusement un second scan a montré que ce virus est toujours présent !

 

Voici les rapports HijackThis et ComboFix.

 

Merci beaucoup pour votre aide à me débarrasser du virus.

 

1/ComboFix :

 

ComboFix 08-03-25.4 - HP_Propriétaire 2008-03-26 22:56:16.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.581 [GMT 1:00]

Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\nnnnmkk.dll

C:\WINDOWS\system32\pmnlklk.dll

C:\WINDOWS\system32\pmnmnop.dll

C:\WINDOWS\system32\rqromkj.dll

C:\WINDOWS\system32\xbeeg.ini

C:\WINDOWS\system32\xbeeg.ini2

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))

.

 

2008-03-26 09:42 . 2008-03-26 12:46 1,580,198 ---hs---- C:\WINDOWS\system32\mbxmqlkl.ini

2008-03-25 09:39 . 2008-03-26 09:39 1,580,078 ---hs---- C:\WINDOWS\system32\enmjvcdx.ini

2008-03-24 03:19 . 2008-03-24 03:19 <REP> d-------- C:\temp

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-26 18:43 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-02-21 15:43 --------- d-----w C:\Program Files\POI Mixer

2008-02-21 15:36 --------- d-----w C:\Program Files\DivX

2008-02-17 13:02 --------- d-----w C:\Program Files\OpenOffice.org 2.3

2008-02-02 17:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead

2005-09-25 19:05 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys

.

 

------- Sigcheck -------

 

2007-01-04 14:55 1222656 d7480f073b70efc3ac82a8e02dea4937 C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2007-04-18 13:32 663040 ca6f58031096fc2509c57670129469f7 C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2gdr\wininet.dll

2007-04-18 13:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2qfe\wininet.dll

2007-01-04 14:55 1222656 d7480f073b70efc3ac82a8e02dea4937 C:\WINDOWS\system32\wininet.dll

2007-01-04 14:55 663040 25d38ffa2b441e326850ae4cb67d1a91 C:\WINDOWS\system32\dllcache\wininet.dll

 

2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS

2007-11-26 12:17 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\dllcache\TCPIP.SYS

2007-11-26 12:17 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\TCPIP.SYS

 

2004-08-19 15:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\explorer.exe

2004-08-19 15:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E64BDFD2-7DC9-493A-94F2-928604F2AF8D}]

C:\WINDOWS\system32\geebx.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-11 13:08 219952]

"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05 4354048]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21 1204224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112]

"mspd"="C:\WINDOWS\system32\mspd.exe" [2003-08-27 21:22 389632]

"SoundMan"="SOUNDMAN.EXE" [2005-02-21 21:49 90112 C:\WINDOWS\SOUNDMAN.EXE]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]

"avast!"="C:\Program Files\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 15:09 138240]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoUserNameInStartMenu"= 01000000

"NoLogoff"= 0 (0x0)

"NoRecentDocsNetHood"= 01000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32]

msldr32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromkj]

rqromkj.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk

backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk

backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]

--a--c--- 2005-02-18 21:32 2754560 C:\WINDOWS\ALCWZRD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]

--a------ 2005-01-19 16:34 128000 C:\Program Files\CursorXP\CursorXP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

--a------ 2005-11-15 20:21 1204224 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMOL]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

--a------ 2003-02-11 20:02 61440 C:\HP\KBD\KBD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-07-20 19:20 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

--a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2006-11-24 00:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakDUN]

--a------ 2001-09-19 23:29 720896 C:\Program Files\TweakDUN\tweakdun.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"iPodService"=3 (0x3)

"Fax"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Shareaza\\Shareaza.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26569:TCP"= 26569:TCP:eMule : TCP entrant

"6224:UDP"= 6224:UDP:eMule : UDP entrant

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"6346:TCP"= 6346:TCP:Shareaza tcp

"6346:UDP"= 6346:UDP:Shareaza udp

"25566:TCP"= 25566:TCP:uTorrent TCP

"25566:UDP"= 25566:UDP:uTorrent udp

 

R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [1998-04-13 09:00]

R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 19:54]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3c6130e-e2ee-11dc-bb44-00604c89e097}]

\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2007-11-27 08:40:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2007-10-08 07:40:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-26 22:59:50

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\Ati2evxx.exe

c:\program files\a-squared free\a2service.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe

C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

 

2/HijackThis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:05:03, on 26/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

c:\program files\a-squared free\a2service.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ps2.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Shareaza\Shareaza.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe

C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {E64BDFD2-7DC9-493A-94F2-928604F2AF8D} - C:\WINDOWS\system32\geebx.dll (file missing)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [mspd] C:\WINDOWS\system32\mspd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe

O8 - Extra context menu item: Chercher avec Copernic 2001 - C:\Program Files\Copernic 2001 Pro\Search Extension.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs

O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs

O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {211718FB-416D-44F4-B9BA-F07DCC36CC72} - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O17 - HKLM\System\CCS\Services\Tcpip\..\{03E10338-D64C-4205-A921-F86DC07FC2D5}: NameServer = 192.168.1.1

O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)

O20 - Winlogon Notify: rqromkj - rqromkj.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

 

--

[angelique]

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\mbxmqlkl.ini
C:\WINDOWS\system32\enmjvcdx.ini

Folder::
C:\temp

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E64BDFD2-7DC9-493A-94F2-928604F2AF8D}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromkj]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

• telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

• Télécharge ewido anti-spyware micro scanner sur ton bureau.

http://downloads.ewido.net/ewido_micro.exe

 

* Double-clique sur le fichier ewido_micro.exe pour l'exécuter.

* Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.

* Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.

* Clique sur Start Scan et laisse l'outil travailler.

* Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.

* Poste le dans ta prochaine réponse.

 

Nb, clique sur Remove infections

 

• vire avast pour antivir, configure le , met le à jour , scan ton pc avec et poste son rapport + nouveau rapport HijackThis

pourquoi! : http://forum.malekal.com/viewtopic.php?f=45&t=3528

 

tuto: http://www.malekal.com/tutorial_antivir.php

[JLM33]

Merci pour ton aide.

J'ai fait la procédure intégralement et dans l'ordre, "apparemment" plus de Win32/TratBHO par contre TR/Trash.Gen et Takedawnload.a découverts.

Voici les 4 rapports demandés :

 

1/Combofix :

ComboFix 08-03-25.4 - HP_Propriétaire 2008-03-27 10:03:14.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.591 [GMT 1:00]

Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))

.

 

2008-03-27 09:41 . 2008-03-27 09:41 <REP> d-------- C:\WINDOWS\LastGood

2008-03-27 00:11 . 2008-03-27 00:11 <REP> d-------- C:\Program Files\MSXML 4.0

2008-03-27 00:11 . 2008-03-27 00:11 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-03-26 23:58 . 2008-03-27 09:44 <REP> d--h----- C:\WINDOWS\$hf_mig$

2008-03-26 09:42 . 2008-03-26 12:46 1,580,198 ---hs---- C:\WINDOWS\system32\mbxmqlkl.ini

2008-03-25 09:39 . 2008-03-26 09:39 1,580,078 ---hs---- C:\WINDOWS\system32\enmjvcdx.ini

2008-03-24 03:19 . 2008-03-24 03:19 <REP> d-------- C:\temp

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-27 08:59 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\utorrent

2008-03-27 08:49 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-03-27 08:40 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\OpenOffice.org2

2008-03-26 22:19 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\SolidDocuments

2008-02-21 15:43 --------- d-----w C:\Program Files\POI Mixer

2008-02-21 15:36 --------- d-----w C:\Program Files\DivX

2008-02-17 13:02 --------- d-----w C:\Program Files\OpenOffice.org 2.3

2008-02-02 17:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead

2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-01-09 11:18 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-01-09 11:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-01-09 11:18 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-01-09 11:18 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-01-09 11:18 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2008-01-09 11:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-01-09 11:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-01-09 11:16 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-01-09 11:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-01-09 11:16 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-12-31 11:20 14 ----a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat

2007-12-31 11:20 14 ----a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat

2005-09-25 19:05 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys

.

 

------- Sigcheck -------

 

2007-01-04 14:55 1222656 d7480f073b70efc3ac82a8e02dea4937 C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2007-12-07 02:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2gdr\wininet.dll

2007-12-07 01:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2qfe\wininet.dll

2007-04-18 13:32 663040 ca6f58031096fc2509c57670129469f7 C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2gdr\wininet.dll

2007-04-18 13:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2qfe\wininet.dll

2007-01-04 14:55 1222656 d7480f073b70efc3ac82a8e02dea4937 C:\WINDOWS\system32\wininet.dll

2007-01-04 14:55 663040 25d38ffa2b441e326850ae4cb67d1a91 C:\WINDOWS\system32\dllcache\wininet.dll

 

2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS

2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys

2007-11-26 12:17 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\dllcache\TCPIP.SYS

2007-11-26 12:17 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\TCPIP.SYS

 

2004-08-19 15:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\explorer.exe

2004-08-19 15:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe

2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-03-26_23.02.29.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-26 23:11:58 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe

- 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

+ 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

- 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

+ 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

+ 2007-12-04 18:41:36 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll

- 2006-10-18 19:47:20 10,834,432 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll

+ 2007-06-11 22:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll

- 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll

+ 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll

- 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

+ 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

- 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

+ 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

- 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll

+ 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll

- 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

+ 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

- 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll

+ 2007-07-30 18:19:28 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll

- 2006-11-04 13:14:00 1,245,696 ----a-w C:\WINDOWS\system32\msxml4.dll

+ 2007-05-08 14:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll

- 2004-08-19 14:09:38 553,472 ------w C:\WINDOWS\system32\oleaut32.dll

+ 2007-12-04 18:41:36 550,912 ------w C:\WINDOWS\system32\oleaut32.dll

+ 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll

+ 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll

- 2006-10-18 19:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll

+ 2007-06-11 22:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll

- 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

+ 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

- 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

+ 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

- 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

+ 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

- 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

+ 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

- 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

+ 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll

- 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

+ 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

- 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

+ 2007-07-30 18:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

+ 2008-03-27 08:39:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_208.dat

+ 2007-05-08 14:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E64BDFD2-7DC9-493A-94F2-928604F2AF8D}]

C:\WINDOWS\system32\geebx.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-11 13:08 219952]

"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05 4354048]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21 1204224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112]

"mspd"="C:\WINDOWS\system32\mspd.exe" [2003-08-27 21:22 389632]

"SoundMan"="SOUNDMAN.EXE" [2005-02-21 21:49 90112 C:\WINDOWS\SOUNDMAN.EXE]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]

"avast!"="C:\Program Files\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 15:09 138240]

 

C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

UberIcon.lnk - C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe [2005-08-12 20:52:34 180224]

Y'z Shadow.lnk - C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe [2002-09-30 21:09:06 151552]

Y'z ToolBar.lnk - C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 14:41:00 90112]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoUserNameInStartMenu"= 01000000

"NoLogoff"= 0 (0x0)

"NoRecentDocsNetHood"= 01000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32]

msldr32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromkj]

rqromkj.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk

backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk

backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]

--a--c--- 2005-02-18 21:32 2754560 C:\WINDOWS\ALCWZRD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]

--a------ 2005-01-19 16:34 128000 C:\Program Files\CursorXP\CursorXP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

--a------ 2005-11-15 20:21 1204224 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMOL]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

--a------ 2003-02-11 20:02 61440 C:\HP\KBD\KBD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-07-20 19:20 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

--a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2006-11-24 00:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakDUN]

--a------ 2001-09-19 23:29 720896 C:\Program Files\TweakDUN\tweakdun.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"iPodService"=3 (0x3)

"Fax"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Shareaza\\Shareaza.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26569:TCP"= 26569:TCP:eMule : TCP entrant

"6224:UDP"= 6224:UDP:eMule : UDP entrant

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"6346:TCP"= 6346:TCP:Shareaza tcp

"6346:UDP"= 6346:UDP:Shareaza udp

"25566:TCP"= 25566:TCP:uTorrent TCP

"25566:UDP"= 25566:UDP:uTorrent udp

 

R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [1998-04-13 09:00]

R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 19:54]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3c6130e-e2ee-11dc-bb44-00604c89e097}]

\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2007-11-27 08:40:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2007-10-08 07:40:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-27 10:04:54

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon.dll

.

Temps d'accomplissement: 2008-03-27 10:05:13

ComboFix-quarantined-files.txt 2008-03-27 09:05:11

.

2008-03-26 23:11:58 --- E O F ---

 

2/ Ewido :

__________________________________________________

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

 

 

Name: Not-A-Virus.PUP.Takedawnload.a

Path: C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP501\A0137236.exe

Risk: Low

 

3/ Avira :

 

AntiVir PersonalEdition Classic

Report file date: jeudi 27 mars 2008 11:40

 

Scanning for 1168332 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: HP_Propriétaire

Computer name: PROGRÉCIF

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 10:36:45

ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 10:36:45

ANTIVIR3.VDF : 7.0.3.82 107520 Bytes 27/03/2008 10:36:45

AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 27/03/2008 10:36:45

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 27/03/2008 10:36:45

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Local Hard Disks

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: jeudi 27 mars 2008 11:40

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'soffice.bin' - '1' Module(s) have been scanned

Scan process 'soffice.exe' - '1' Module(s) have been scanned

Scan process 'YzToolBar.exe' - '1' Module(s) have been scanned

Scan process 'YzShadow.exe' - '1' Module(s) have been scanned

Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned

Scan process 'rapimgr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'wcescomm.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'Shareaza.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned

Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned

Scan process 'ps2.EXE' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'a2service.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned

Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

40 processes with 40 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '36' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <Prog' Récif>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\QooBox\Quarantine\C\WINDOWS\system32\rqromkj.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[iNFO] The file was moved to '485d8388.qua'!

Begin scan in 'D:\' <HP_RECOVERY>

 

 

End of the scan: jeudi 27 mars 2008 12:35

Used time: 55:08 min

 

The scan has been done completely.

 

8761 Scanning directories

564188 Files were scanned

1 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

564187 Files not concerned

28704 Archives were scanned

3 Warnings

0 Notes

 

4/ HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:40:30, on 27/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

c:\program files\a-squared free\a2service.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\ps2.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Shareaza\Shareaza.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe

C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe

C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {E64BDFD2-7DC9-493A-94F2-928604F2AF8D} - C:\WINDOWS\system32\geebx.dll (file missing)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [mspd] C:\WINDOWS\system32\mspd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe

O8 - Extra context menu item: Chercher avec Copernic 2001 - C:\Program Files\Copernic 2001 Pro\Search Extension.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs

O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs

O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {211718FB-416D-44F4-B9BA-F07DCC36CC72} - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O17 - HKLM\System\CCS\Services\Tcpip\..\{03E10338-D64C-4205-A921-F86DC07FC2D5}: NameServer = 192.168.1.1

O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)

O20 - Winlogon Notify: rqromkj - rqromkj.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

 

--

End of file - 8462 bytes

 

[angelique]

• nop!! tu n'as pas du utiliser le CFScript correctement !!!!

 

• vide ta quarantaine d'antivir , puis desactive le temporairement , clic droit sur le parapluie dans le systray et decoche antivir guard enable

 

**desinstalle ComboFix en copiant , collant la ligne ci dessous dans executer et valide:

 

ComboFix /u

 

retelecharge ComboFix et refait la procedure CFScript.txt de mon message #2:

http://forum.zebulon.fr/index.php?showtopi...t&p=1199705

 

c'est CFScript.txt si tes extensions sont affichés , sinon c'est CFScript si tes extensions ne sont pas affichés!!!

si tu marques CFScript.txt.txt ça fonctionnera pas !!

[JLM33]

OK, revoici les rapports :

1/ il y a deux rapports combofix

2/ impossible d'avoir un rapport pour ewido malgré deux tentatives (le bouton était grisé, inactif). Ewido n'a rien détecté du tout les deux fois.

 

Combofix (1/2) :

ComboFix 07-08-09.3 - "HP_Propri‚taire" 2008-03-27 15:37:36.3 - NTFSx86

Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.497 [GMT 1:00]

Command switches used :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt

* Created a new restore point

 

FILE::

C:\WINDOWS\system32\mbxmqlkl.ini

C:\WINDOWS\system32\enmjvcdx.ini

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\temp

C:\WINDOWS\system32\enmjvcdx.ini

C:\WINDOWS\system32\mbxmqlkl.ini

 

 

((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))

 

 

2008-03-27 15:37 51,200 --a------ C:\WINDOWS\nircmd.exe

2008-03-27 11:33 <REP> d-------- C:\Program Files\Avira

2008-03-27 11:33 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

2008-03-27 00:11 <REP> d-------- C:\Program Files\MSXML 4.0

2008-03-26 23:58 <REP> d--h----- C:\WINDOWS\$hf_mig$

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2008-03-27 12:58 --------- d-------- C:\Program Files\Mozilla Thunderbird

2008-03-27 12:18 --------- d-------- C:\Program Files\Paint Shop Pro 8

2008-03-27 11:23 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\OpenOffice.org2

2008-03-27 11:04 --------- d-------- C:\Program Files\Avast4

2008-03-27 10:27 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\SolidDocuments

2008-03-24 03:18 719480 --a------ C:\WINDOWS\system32\perfh00C.dat

2008-03-24 03:18 173964 --a------ C:\WINDOWS\system32\perfc00C.dat

2008-02-21 16:43 --------- d-------- C:\Program Files\POI Mixer

2008-02-21 16:36 --------- d-------- C:\Program Files\DivX

2008-02-17 14:02 --------- d-------- C:\Program Files\OpenOffice.org 2.3

2008-02-02 18:38 --------- d-------- C:\Program Files\Fichiers communs\Ahead

2008-01-09 12:18 524288 --a------ C:\WINDOWS\system32\DivXsm.exe

2008-01-09 12:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-01-09 12:18 200704 --a------ C:\WINDOWS\system32\ssldivx.dll

2008-01-09 12:18 129784 --------- C:\WINDOWS\system32\pxafs.dll

2008-01-09 12:18 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe

2008-01-09 12:18 118520 --------- C:\WINDOWS\system32\pxinsi64.exe

2008-01-09 12:18 1044480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-01-09 12:16 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2008-01-09 12:16 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2008-01-09 12:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-01-09 12:16 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2008-01-09 12:16 682496 --a------ C:\WINDOWS\system32\DivX.dll

2008-01-09 12:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll

2005-09-25 19:05:34 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17]

"mspd"="C:\WINDOWS\system32\mspd.exe" [2003-08-27 21:22]

"SoundMan"="SOUNDMAN.EXE" [2005-02-21 21:49 C:\WINDOWS\SOUNDMAN.EXE]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-27 11:36]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-20 19:20]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]

"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

 

C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56]

UberIcon.lnk - C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe [2005-08-12 20:52:34]

Y'z Shadow.lnk - C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe [2002-09-30 21:09:06]

Y'z ToolBar.lnk - C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 14:41:00]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoUserNameInStartMenu"=01000000

"ClearRecentDocsOnExit"=1 (0x1)

"NoLogoff"=0 (0x0)

"NoRecentDocsNetHood"=01000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk

backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk

backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]

ALCWZRD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]

C:\Program Files\CursorXP\CursorXP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMOL]

IMOLApp.exe /c

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

C:\HP\KBD\KBD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

C:\WINDOWS\SMINST\RECGUARD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakDUN]

C:\Program Files\TweakDUN\tweakdun.exe splash

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"iPodService"=3 (0x3)

"Fax"=3 (0x3)

 

R1 avgio;avgio;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys

R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys

R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys

R3 avgntflt;avgntflt;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys

R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS

R3 USB_RNDIS;ADI Remote NDIS Network Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys

S1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

S3 ltmodem5;LT Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

S3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys

S3 SE26bus;Sony Ericsson Device 038 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE26bus.sys

S3 SE26mdfl;Sony Ericsson Device 038 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys

S3 SE26mdm;Sony Ericsson Device 038 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE26mdm.sys

S3 SE26mgmt;Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys

S3 se26nd5;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS);C:\WINDOWS\system32\DRIVERS\se26nd5.sys

S3 SE26obex;Sony Ericsson Device 038 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE26obex.sys

S3 se26unic;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM);C:\WINDOWS\system32\DRIVERS\se26unic.sys

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3c6130e-e2ee-11dc-bb44-00604c89e097}]

AutoRun\command- G:\InstallTomTomHOME.exe

 

*Newly Created Service* - ANTIVIRSCHEDULER

*Newly Created Service* - ANTIVIRSERVICE

*Newly Created Service* - AVGIO

*Newly Created Service* - AVGNTFLT

*Newly Created Service* - AVIPBB

 

Contents of the 'Scheduled Tasks' folder

2007-11-27 08:40:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe

2007-10-08 07:40:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-27 15:38:54

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2008-03-27 15:39:31

C:\ComboFix-quarantined-files.txt ... 2008-03-27 15:39

 

--- E O F ---

 

Combofix (2/2) :

2008-03-26 09:39	  1580078	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\enmjvcdx.ini.vir
2008-03-26 12:46	  1580198	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\mbxmqlkl.ini.vir


Structure du dossier pour le volume Prog' R‚cif
Le num‚ro de s‚rie du volume est 94F9-F819
C:\QOOBOX
\---Quarantine
+---C
|   \---WINDOWS
|	   \---system32
|			   enmjvcdx.ini.vir
|			   mbxmqlkl.ini.vir
|			   
\---Registry_backups

 

 

Avira :

AntiVir PersonalEdition Classic

Report file date: jeudi 27 mars 2008 17:11

 

Scanning for 1168332 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: HP_Propriétaire

Computer name: PROGRÉCIF

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 10:36:45

ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 10:36:45

ANTIVIR3.VDF : 7.0.3.82 107520 Bytes 27/03/2008 10:36:45

AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 27/03/2008 10:36:45

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 27/03/2008 10:36:45

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Local Hard Disks

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: jeudi 27 mars 2008 17:11

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'soffice.bin' - '1' Module(s) have been scanned

Scan process 'soffice.exe' - '1' Module(s) have been scanned

Scan process 'YzShadow.exe' - '1' Module(s) have been scanned

Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned

Scan process 'rapimgr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'wcescomm.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'Shareaza.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned

Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned

Scan process 'ps2.EXE' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'a2service.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned

Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

40 processes with 40 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '36' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <Prog' Récif>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <HP_RECOVERY>

 

 

End of the scan: jeudi 27 mars 2008 18:05

Used time: 53:25 min

 

The scan has been done completely.

 

8686 Scanning directories

563485 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

563485 Files not concerned

28697 Archives were scanned

3 Warnings

0 Notes

 

HijackThis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:06:48, on 27/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

c:\program files\a-squared free\a2service.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\ps2.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Shareaza\Shareaza.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe

C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [mspd] C:\WINDOWS\system32\mspd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe

O8 - Extra context menu item: Chercher avec Copernic 2001 - C:\Program Files\Copernic 2001 Pro\Search Extension.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs

O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs

O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {211718FB-416D-44F4-B9BA-F07DCC36CC72} - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O17 - HKLM\System\CCS\Services\Tcpip\..\{03E10338-D64C-4205-A921-F86DC07FC2D5}: NameServer = 192.168.1.1

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

 

--

End of file - 8059 bytes

[angelique]

• desinstalle ComboFix comme precedemment

 

• relance HijackThis " do a system scan only " , coche les lignes ci dessous et clic onglet fixchecked:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

 

 

• supprime la sauvegarde d'HijackThis , le dossier en gras: C:\Program Files\HijackThis\backup

 

et ça sera ok. Tu as toujours le meme soucis??

[JLM33]

Je n'arrive pas à désinstaller ComboFix : message "Windows ne trouve pas ComboFix. Vérifiez que vous avez entré le nom correctement et essayez à nouveau."

Pourtant, il est bien sur mon bureau...

Puis-je le supprimer par clic-droit et faire ce que tu m'as dit ensuite ?

[angelique]

oui, supprime le du bureau ainsi que c:\qoobox et c:\ComboFix

[JLM33]

Hourra !

Les test effectués avec Avira et Ewido sont positifs.

Un grand MERCI à toi pour m'avoir apporté ton aide