Se connecter / S'enregistrer
Votre question

programme malvaillant (résolu)

Tags :
  • Programme
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Avril 2008 03:12:26

Bonjour,

En visitant un site, un programme malvaillant s'est installé sur mon ordinateur. En ayant winPatrol d'installer sur mon ordinateur, à titre d'exemple on me demande l'autorisation d'un nouveau BHO au nom de byXRLLIAq.dll ainsi que deux autres. Des pages s'ouvrent aussi sans cesse.
Je colle ci-joint mon rapport Hijackthis. S.V.P m'indiquer quoi supprimer.
Je vous remercie à l'avance pour votre aide.
Carole.

Logfile of HijackThis v1.99.1
Scan saved at 20:26:59, on 2008-04-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Jacques Derepentigny\Bureau\logiciels pour faire le ménage de l'ordinateur\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lemondedescroisieres.com/index.php?sid=e4f440762...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O16 - DPF: mapview - https://www.mobilus.ca/applet/mapview1028.cab
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamCont...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCA...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: pmsoarbf - {E26884D9-73FD-4663-807E-6D0BAC770280} - C:\WINDOWS\pmsoarbf.dll
O21 - SSODL: omlbpkaw - {6D0DD7E0-F815-4071-BE5D-45D08FDC67A2} - C:\WINDOWS\omlbpkaw.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Autres pages sur : programme malvaillant resolu

a b 8 Sécurité
16 Avril 2008 13:38:02

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    16 Avril 2008 14:31:31

    Bonjour Angeldark et merci pour ton aide!
    voici le rapport de combofix:

    ComboFix 08-04-15.4 - Jacques Derepentigny 2008-04-16 8:15:47.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.574 [GMT -4:00]
    Endroit: C:\Documents and Settings\Jacques Derepentigny\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Jacques Derepentigny\Bureau\Error Cleaner.url
    C:\Documents and Settings\Jacques Derepentigny\Bureau\Privacy Protector.url
    C:\Documents and Settings\Jacques Derepentigny\Bureau\Spyware&Malware Protection.url
    C:\Documents and Settings\Jacques Derepentigny\Favoris\Error Cleaner.url
    C:\Documents and Settings\Jacques Derepentigny\Favoris\Privacy Protector.url
    C:\Documents and Settings\Jacques Derepentigny\Favoris\Spyware&Malware Protection.url
    C:\WINDOWS\rs.txt
    C:\WINDOWS\system32\byXRlIAq.dll
    C:\WINDOWS\system32\ddcATlKA.dll
    C:\WINDOWS\system32\qAIlRXyb.ini
    C:\WINDOWS\system32\qAIlRXyb.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-15 20:03 . 2008-04-15 20:03 <REP> d-------- C:\Documents and Settings\Jacques Derepentigny\Application Data\TmpRecentIcons
    2008-04-15 18:19 . 2005-10-21 22:00 <REP> d--h----- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Voisinage r‚seau
    2008-04-15 18:19 . 2005-10-21 22:00 <REP> d--h----- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Voisinage d'impression
    2008-04-15 18:19 . 2006-09-28 09:31 <REP> d--h----- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\ModŠles
    2008-04-15 18:19 . 2005-10-21 22:00 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Mes documents
    2008-04-15 18:19 . 2005-10-21 22:00 <REP> dr------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Menu D‚marrer
    2008-04-15 18:19 . 2005-10-21 22:00 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Favoris
    2008-04-15 18:19 . 2005-10-21 22:00 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Bureau
    2008-04-15 18:19 . 2008-04-15 18:19 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A
    2008-04-15 18:07 . 2008-04-15 18:07 212,480 --a------ C:\WINDOWS\sysweb64a.dll
    2008-04-15 18:07 . 2008-04-15 18:07 52 --a------ C:\smp.bat
    2008-04-15 18:06 . 2008-04-15 14:07 258,048 --a------ C:\WINDOWS\lgmxvpatkmb.dll
    2008-04-15 18:06 . 2008-04-15 14:07 217,088 --a------ C:\WINDOWS\omlbpkaw.dll
    2008-04-15 18:06 . 2008-04-15 14:07 172,032 --a------ C:\WINDOWS\pmsoarbf.dll
    2008-04-15 18:06 . 2008-04-15 14:07 151,552 --a------ C:\WINDOWS\qtvglped.dll
    2008-04-15 18:06 . 2008-04-15 14:07 94,208 --a------ C:\WINDOWS\npqtsrak.exe
    2008-04-15 18:06 . 2008-04-15 14:07 81,920 --a------ C:\WINDOWS\rtqmekwg.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-16 12:22 --------- d-----w C:\Documents and Settings\Jacques Derepentigny\Application Data\POP Peeper
    2008-04-16 12:07 --------- d-----w C:\Program Files\POP Peeper
    2008-03-28 11:14 13,001,325 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-03-05 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-02-27 15:48 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 15:47 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-27 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-20 16:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-02-20 16:24 --------- d-----w C:\Documents and Settings\Jacques Derepentigny\Application Data\SUPERAntiSpyware.com
    2008-02-20 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-02-20 16:23 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-11-25 20:23 23,073,081 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_25_13_44_33_full.dmp.zip
    2007-11-25 18:45 1,617,920 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2007-11-25 18:44 1,617,920 ----a-w C:\WINDOWS\Internet Logs\xDB1A7.tmp
    2007-03-25 20:42 28,553,327 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_03_25_16_18_49_full.dmp.zip
    2006-05-23 22:05 0 ----a-w C:\Program Files\yttqj.exe
    2005-11-22 22:48 24,576 ----a-w C:\Documents and Settings\.viv\1132699728406playershim1161.dll
    2005-11-09 22:47 56 --sha-r C:\WINDOWS\system32\7D4F000E10.sys
    2005-11-09 22:47 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ------- Sigcheck -------

    2005-09-02 20:08 664576 031ca1310e4cb23e5a4f747d763d0b49 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
    2005-10-20 23:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
    2006-03-04 00:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
    2006-05-10 01:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
    2006-06-23 07:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
    2006-09-14 04:38 668672 b8b6f05885a6f42724e8d6bfede6bd3f C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
    2004-08-05 08:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
    2006-06-23 07:11 663040 4f343f414f05e81cf61b1001634fc6b7 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
    2006-09-14 04:40 697344 2aac838f60d5e6b8d18a56ce829ad9dc C:\WINDOWS\system32\wininet.dll
    2006-09-14 04:40 697344 2aac838f60d5e6b8d18a56ce829ad9dc C:\WINDOWS\system32\dllcache\wininet.dll

    2004-08-05 08:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
    2004-08-05 08:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52676F4A-D830-4513-BE81-3A0C28B32C2F}]
    2008-04-15 14:07 258048 --a------ C:\WINDOWS\lgmxvpatkmb.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-03-11 19:09 1429504]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" [2006-08-15 14:01 230976]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-02 21:06 949376]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "pmsoarbf"= {E26884D9-73FD-4663-807E-6D0BAC770280} - C:\WINDOWS\pmsoarbf.dll [2008-04-15 14:07 172032]
    "omlbpkaw"= {6D0DD7E0-F815-4071-BE5D-45D08FDC67A2} - C:\WINDOWS\omlbpkaw.dll [2008-04-15 14:07 217088]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcATlKA]
    ddcATlKA.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Akimania.com.lnk]
    backup=C:\WINDOWS\pss\Akimania.com.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant Internet.lnk]
    backup=C:\WINDOWS\pss\Assistant Internet.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
    backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Reality Fusion GameCam SE.lnk]
    backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SmartUI.lnk]
    backup=C:\WINDOWS\pss\SmartUI.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Jacques Derepentigny^Menu Démarrer^Programmes^Démarrage^SpamPal.lnk]
    backup=C:\WINDOWS\pss\SpamPal.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2005-05-03 21:43 69632 C:\WINDOWS\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    --a------ 2006-06-10 09:43 467968 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
    --a------ 2003-07-07 17:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    --a------ 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    --a------ 2004-06-05 23:41 118784 C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a------ 2004-06-05 23:45 155648 C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    --a------ 2002-08-12 11:07 36864 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
    --a------ 2003-05-04 11:27 258116 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    --a------ 2006-01-17 14:12 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    --a------ 2006-01-17 14:12 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    --a------ 2004-05-19 10:24 385024 C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    --a------ 2005-05-19 19:38 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    --a------ 2002-08-12 10:33 45108 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2003-12-08 17:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2005-05-04 20:28 14396416 C:\WINDOWS\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    --a------ 2006-12-11 21:41 25343016 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
    --a------ 2003-05-15 16:45 114688 C:\Program Files\Microsoft IntelliType Pro\type32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
    --------- 2005-05-23 09:57 90112 C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    S3 brfilt;Pilote de filtre Brother MFC;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 21:12]
    S3 brparimg;Pilote d'image parallèle multifonction Brother;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 21:12]
    S3 BrParWdm;Pilote parallèle WDM Brother;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-23 17:01]
    S3 BrSerWDM;Pilote série Brother;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 21:12]
    S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-08-26 13:37]

    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-16 08:23:36
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...


    C:\Documents and Settings\Jacques Derepentigny\Local Settings\Application Data\Microsoft\Messenger\carolec27@hotmail.com\SharingMetadata\Working\database_5AEC_5711_EC56_E6B3\$db_clean$ 0 bytes

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 2

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Eset\pr_imon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ESET\nod32krn.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-16 8:26:04 - machine was rebooted [Jacques Derepentigny]
    ComboFix-quarantined-files.txt 2008-04-16 12:26:01
    ComboFix2.txt 2007-01-15 19:59:50

    Pre-Run: 76,317,356,032 octets libres
    Post-Run: 76,346,159,104 octets libres
    .
    2008-04-12 00:55:35 --- E O F ---
    Contenus similaires
    a b 8 Sécurité
    16 Avril 2008 14:46:48

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\lgmxvpatkmb.dll
    C:\WINDOWS\omlbpkaw.dll
    C:\WINDOWS\pmsoarbf.dll
    C:\WINDOWS\qtvglped.dll
    C:\WINDOWS\npqtsrak.exe
    C:\WINDOWS\rtqmekwg.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52676F4A-D830-4513-BE81-3A0C28B32C2F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "pmsoarbf"=-
    "omlbpkaw"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcATlKA]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    16 Avril 2008 15:10:24

    petit problème! je copie l'intérieur du cadre, après sauvegarde et copie dans le bloc note sous CFScript.txt, combofix se charge mais ne s'exécute pas. Rien ne se passe.
    a b 8 Sécurité
    16 Avril 2008 17:13:13

    Tu peux être un peu plus clair ? :D 
    16 Avril 2008 17:39:22

    je fais exactement ce que tu m'a dit plus haut, mais lorsque je glisse le fichier CFScript.txt dans Combofix.exe, celui-ci ne se relance pas, alors impossible pour moi de te poster les rapports demandés.
    a b 8 Sécurité
    16 Avril 2008 20:07:31

    Tu peux supprimer ta version de Combofix pour recommencer ?
    16 Avril 2008 21:12:15

    J'ai fait comme demandé et ça marché, voici les deux rapports:

    ComboFix 08-04-15.8 - Jacques Derepentigny 2008-04-16 15:04:56.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.580 [GMT -4:00]
    Endroit: C:\Documents and Settings\Jacques Derepentigny\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Jacques Derepentigny\Bureau\CFScript.txt.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\lgmxvpatkmb.dll
    C:\WINDOWS\npqtsrak.exe
    C:\WINDOWS\omlbpkaw.dll
    C:\WINDOWS\pmsoarbf.dll
    C:\WINDOWS\qtvglped.dll
    C:\WINDOWS\rtqmekwg.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Jacques Derepentigny\Bureau\Error Cleaner.url
    C:\Documents and Settings\Jacques Derepentigny\Bureau\Privacy Protector.url
    C:\Documents and Settings\Jacques Derepentigny\Bureau\Spyware&Malware Protection.url
    C:\Documents and Settings\Jacques Derepentigny\Favoris\Error Cleaner.url
    C:\Documents and Settings\Jacques Derepentigny\Favoris\Privacy Protector.url
    C:\Documents and Settings\Jacques Derepentigny\Favoris\Spyware&Malware Protection.url
    C:\WINDOWS\lgmxvpatkmb.dll
    C:\WINDOWS\npqtsrak.exe
    C:\WINDOWS\omlbpkaw.dll
    C:\WINDOWS\pmsoarbf.dll
    C:\WINDOWS\qtvglped.dll
    C:\WINDOWS\rs.txt
    C:\WINDOWS\rtqmekwg.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-16 12:29 . 2008-04-16 12:50 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-04-15 20:03 . 2008-04-16 10:36 <REP> d-------- C:\Documents and Settings\Jacques Derepentigny\Application Data\TmpRecentIcons
    2008-04-15 18:19 . 2005-10-21 22:00 <REP> d--h----- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Voisinage réseau
    2008-04-15 18:19 . 2005-10-21 22:00 <REP> d--h----- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Voisinage d'impression
    2008-04-15 18:19 . 2006-09-28 09:31 <REP> d--h----- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Modèles
    2008-04-15 18:19 . 2005-10-21 22:00 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Mes documents
    2008-04-15 18:19 . 2005-10-21 22:00 <REP> dr------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Menu Démarrer
    2008-04-15 18:19 . 2005-10-21 22:00 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Favoris
    2008-04-15 18:19 . 2005-10-21 22:00 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A\Bureau
    2008-04-15 18:19 . 2008-04-15 18:19 <REP> d-------- C:\Documents and Settings\Administrateur.ETUDE-33C72795A
    2008-04-15 18:07 . 2008-04-15 18:07 212,480 --a------ C:\WINDOWS\sysweb64a.dll
    2008-04-15 18:07 . 2008-04-15 18:07 52 --a------ C:\smp.bat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-16 13:12 --------- d-----w C:\Program Files\Trend Micro
    2008-04-16 12:22 --------- d-----w C:\Documents and Settings\Jacques Derepentigny\Application Data\POP Peeper
    2008-04-16 12:07 --------- d-----w C:\Program Files\POP Peeper
    2008-03-28 11:14 13,001,325 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-03-05 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-02-27 15:48 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 15:47 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-27 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-20 16:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-02-20 16:24 --------- d-----w C:\Documents and Settings\Jacques Derepentigny\Application Data\SUPERAntiSpyware.com
    2008-02-20 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-02-20 16:23 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-11-25 20:23 23,073,081 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_25_13_44_33_full.dmp.zip
    2007-11-25 18:45 1,617,920 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2007-11-25 18:44 1,617,920 ----a-w C:\WINDOWS\Internet Logs\xDB1A7.tmp
    2007-03-25 20:42 28,553,327 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_03_25_16_18_49_full.dmp.zip
    2006-05-23 22:05 0 ----a-w C:\Program Files\yttqj.exe
    2005-11-22 22:48 24,576 ----a-w C:\Documents and Settings\.viv\1132699728406playershim1161.dll
    2005-11-09 22:47 56 --sha-r C:\WINDOWS\system32\7D4F000E10.sys
    2005-11-09 22:47 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ------- Sigcheck -------

    2005-09-02 20:08 664576 031ca1310e4cb23e5a4f747d763d0b49 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
    2005-10-20 23:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
    2006-03-04 00:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
    2006-05-10 01:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
    2006-06-23 07:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
    2006-09-14 04:38 668672 b8b6f05885a6f42724e8d6bfede6bd3f C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
    2004-08-05 08:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
    2006-06-23 07:11 663040 4f343f414f05e81cf61b1001634fc6b7 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
    2006-09-14 04:40 697344 2aac838f60d5e6b8d18a56ce829ad9dc C:\WINDOWS\system32\wininet.dll
    2006-09-14 04:40 697344 2aac838f60d5e6b8d18a56ce829ad9dc C:\WINDOWS\system32\dllcache\wininet.dll

    2004-08-05 08:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
    2004-08-05 08:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-04-16_ 8.25.47.81 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-16 12:23:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-16 18:59:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-03-11 19:09 1429504]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" [2006-08-15 14:01 230976]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-02 21:06 949376]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]

    C:\Documents and Settings\Jacques Derepentigny\Menu D‚marrer\Programmes\D‚marrage\
    Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-03-25 09:13:04 118784]
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Akimania.com.lnk]
    backup=C:\WINDOWS\pss\Akimania.com.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant Internet.lnk]
    backup=C:\WINDOWS\pss\Assistant Internet.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
    backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Reality Fusion GameCam SE.lnk]
    backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SmartUI.lnk]
    backup=C:\WINDOWS\pss\SmartUI.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Jacques Derepentigny^Menu Démarrer^Programmes^Démarrage^SpamPal.lnk]
    backup=C:\WINDOWS\pss\SpamPal.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2005-05-03 21:43 69632 C:\WINDOWS\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    --a------ 2006-06-10 09:43 467968 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
    --a------ 2003-07-07 17:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    --a------ 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    --a------ 2004-06-05 23:41 118784 C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a------ 2004-06-05 23:45 155648 C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    --a------ 2002-08-12 11:07 36864 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
    --a------ 2003-05-04 11:27 258116 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    --a------ 2006-01-17 14:12 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    --a------ 2006-01-17 14:12 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    --a------ 2004-05-19 10:24 385024 C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    --a------ 2005-05-19 19:38 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    --a------ 2002-08-12 10:33 45108 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2003-12-08 17:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2005-05-04 20:28 14396416 C:\WINDOWS\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    --a------ 2006-12-11 21:41 25343016 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
    --a------ 2003-05-15 16:45 114688 C:\Program Files\Microsoft IntelliType Pro\type32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
    --------- 2005-05-23 09:57 90112 C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    S3 brfilt;Pilote de filtre Brother MFC;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 21:12]
    S3 brparimg;Pilote d'image parallèle multifonction Brother;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 21:12]
    S3 BrParWdm;Pilote parallèle WDM Brother;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-23 17:01]
    S3 BrSerWDM;Pilote série Brother;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 21:12]
    S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-08-26 13:37]

    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-16 15:06:56
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 1

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Eset\pr_imon.dll
    .
    Temps d'accomplissement: 2008-04-16 15:07:53
    ComboFix-quarantined-files.txt 2008-04-16 19:07:50
    ComboFix2.txt 2008-04-16 12:26:06
    ComboFix3.txt 2007-01-15 19:59:50

    Pre-Run: 76,331,679,744 octets libres
    Post-Run: 76,320,022,528 octets libres
    .
    2008-04-12 00:55:35 --- E O F ---


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:10:57, on 2008-04-16
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\POP Peeper\POPPeeper.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lemondedescroisieres.com/index.php?sid=e4f440762...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O16 - DPF: mapview - https://www.mobilus.ca/applet/mapview1028.cab
    O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamCont...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCA...
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7022 bytes
    a b 8 Sécurité
    16 Avril 2008 22:05:00

    Encore des soucis ?
    16 Avril 2008 22:11:31

    Tout m'apparait bien fonctionner, je te remercie Angeldark, c'est vraiment un service de pro.
    a b 8 Sécurité
    16 Avril 2008 22:23:54

    Bon surf :) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :


    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS