Votre question

Infection Spyware.gen / tratHBO / Virtumonde... O'scours !!

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Mars 2008 23:32:49

Salut les couche-tard !
Au fil des forums, je me rends compte qu'Avast n'a plus trop la côte...
Je pense avoir été infecté par plusieurs troyens, selon A-squared et Spybot...
La procédure de désinfection étant spécifique à chaque "infesté", quelqu'un aurait-il le courage de me guider dans le processus ?
En vous remerciant par avance...

Autres pages sur : infection spyware gen trathbo virtumonde scours

28 Mars 2008 23:54:13

Salut,

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
29 Mars 2008 00:06:46

Merci ! Quel courage...
Voilà de la lecture !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:46, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Samsung\DisplayManager\dmhkcore.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\fm610fr\Foxmail.exe
C:\Documents and Settings\Rasta\Bureau\HJThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (file missing)
O2 - BHO: (no name) - {56218985-63A6-456F-A982-BE1316386CB7} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Starter] C:\WINDOWS\System32\Starter.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [a4288955] rundll32.exe "C:\WINDOWS\system32\qalxwoag.dll",b
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BMa71bbac9] Rundll32.exe "C:\WINDOWS\system32\qfutvkec.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Foxmail] "C:\Program Files\fm610fr\Foxmail.exe" -min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E6FEEC-4631-43C7-8144-1856FC64C151}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: (no name) - http://visuels.pressimmo-online.com/2d/f/f/c/ffcbb037-5...

--
End of file - 10718 bytes
Contenus similaires
29 Mars 2008 11:21:12

Re ;) 

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
29 Mars 2008 19:55:57

Désolé pour mon manque d'assiduité... Mais le problème reste entier, je trouverai le temps de suivre tes conseils avisés !!

Rapport de Combofix :

ComboFix 08-03-26.3 - Rasta 2008-03-29 19:44:18.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.432 [GMT 1:00]
Endroit: C:\Documents and Settings\Rasta\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gaowxlaq.ini
C:\WINDOWS\system32\qalxwoag.dll
C:\WINDOWS\system32\qfutvkec.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))))))))
.

2008-03-29 08:51 . 2008-03-29 08:51 <REP> d-------- C:\Program Files\Avira
2008-03-29 08:51 . 2008-03-29 08:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-25 20:34 . 2008-03-25 20:34 <REP> d-------- C:\Program Files\MSXML 6.0
2008-03-25 13:34 . 2008-03-25 13:34 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-03-25 13:34 . 2008-03-25 13:34 <REP> d-------- C:\Documents and Settings\Rasta\Application Data\Intel
2008-03-25 13:34 . 2008-03-25 13:34 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-03-25 13:34 . 2008-03-25 13:34 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-03-25 13:34 . 2008-03-25 13:34 <REP> d-------- C:\Documents and Settings\Invité\Application Data\Intel
2008-03-25 13:34 . 2008-03-25 13:34 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-03-25 13:34 . 2008-03-25 13:34 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-25 13:34 . 2008-03-25 13:34 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-03-25 13:34 . 2008-03-25 13:34 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-03-25 13:34 . 2008-03-25 13:34 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-03-25 13:33 . 2008-03-25 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-03-25 13:33 . 2007-08-27 10:12 2,777,088 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-03-25 13:33 . 2007-10-31 10:23 2,236,544 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-03-25 13:33 . 2007-08-27 10:12 745,472 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-03-25 13:31 . 2008-03-25 13:31 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-25 13:29 . 2008-03-25 13:29 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-03-25 13:29 . 2008-03-25 13:30 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-23 03:39 . 2008-03-27 20:56 <REP> d-------- C:\VundoFix Backups
2008-03-13 18:37 . 2008-03-13 18:37 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-11 21:53 . 2008-03-13 18:18 4,306 ---hs---- C:\WINDOWS\system32\mclvgetv.ini
2008-03-10 21:55 . 2008-03-11 20:39 4,126 ---hs---- C:\WINDOWS\system32\psltefkc.ini
2008-03-09 21:52 . 2008-03-10 21:52 3,886 ---hs---- C:\WINDOWS\system32\fyvouirk.ini
2008-03-07 14:15 . 2008-03-09 21:31 3,594 ---hs---- C:\WINDOWS\system32\lmfmasud.ini
2008-03-06 14:16 . 2008-03-06 21:18 3,234 ---hs---- C:\WINDOWS\system32\nrvcqhgt.ini
2008-03-06 00:58 . 2008-03-06 13:08 3,114 ---hs---- C:\WINDOWS\system32\unclfuhs.ini
2008-03-04 22:26 . 2008-03-06 00:55 2,934 ---hs---- C:\WINDOWS\system32\jyoxfpbo.ini
2008-03-04 21:26 . 2008-03-04 21:26 2,754 ---hs---- C:\WINDOWS\system32\twlnqewa.ini
2008-03-03 21:19 . 2008-03-04 21:19 2,694 ---hs---- C:\WINDOWS\system32\mmfvliic.ini
2008-03-02 21:23 . 2008-03-03 14:02 2,514 ---hs---- C:\WINDOWS\system32\qxckibsb.ini
2008-03-02 20:24 . 2008-03-02 20:24 2,274 ---hs---- C:\WINDOWS\system32\tiuaykja.ini
2008-03-01 20:22 . 2008-03-02 20:22 2,214 ---hs---- C:\WINDOWS\system32\ufavoscw.ini
2008-02-29 20:22 . 2008-03-01 13:00 2,154 ---hs---- C:\WINDOWS\system32\eypxmolb.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 18:46 19,488,800 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-29 18:43 --------- d-----w C:\Documents and Settings\Rasta\Application Data\uTorrent
2008-03-29 07:19 --------- d-----w C:\Documents and Settings\Rasta\Application Data\XnView
2008-03-28 12:24 --------- d-----w C:\Program Files\uTorrent
2008-03-27 20:48 --------- d-----w C:\Documents and Settings\Rasta\Application Data\OpenOffice.org2
2008-03-27 20:46 227,504 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-27 20:46 2,270,566 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-27 20:06 121,298 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_27_13_51_32_small.dmp.zip
2008-03-27 11:52 --------- d-----w C:\Program Files\a-squared Free
2008-03-25 21:01 --------- d-----w C:\Program Files\eMule
2008-03-24 21:24 1,651,200 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-03-23 02:54 114,687 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_22_15_16_53_small.dmp.zip
2008-03-22 12:35 112,477 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_22_09_55_52_small.dmp.zip
2008-03-17 14:21 1,629,696 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-16 19:59 253,440 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-16 19:59 1,625,088 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-04 07:14 120,770 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_03_21_47_17_small.dmp.zip
2008-03-01 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-27 08:47 20,971,574 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_26_22_31_44_full.dmp.zip
2008-02-26 19:13 91,712 ----a-w C:\WINDOWS\system32\uoykkpdk.dll
2008-02-26 07:31 1,583,616 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-26 07:31 1,104,896 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-25 19:14 90,688 ----a-w C:\WINDOWS\system32\bettomyj.dll
2008-02-25 07:09 112,818 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_24_16_47_24_small.dmp.zip
2008-02-25 07:09 112,739 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_24_11_31_58_small.dmp.zip
2008-02-25 07:09 110,168 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_24_19_49_25_small.dmp.zip
2008-02-24 01:46 --------- d-----w C:\Program Files\PhotoFiltre
2008-02-21 23:37 93,760 ----a-w C:\WINDOWS\system32\ufgasbla.dll
2008-02-19 20:45 1,562,112 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-19 19:50 1,566,208 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-19 17:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-19 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-19 06:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-18 23:01 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-16 11:23 --------- d-----w C:\Documents and Settings\Rasta\Application Data\dvdcss
2008-02-03 23:39 --------- d-----w C:\Documents and Settings\Rasta\Application Data\DeepBurner
2008-02-03 23:37 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-03 23:23 --------- d-----w C:\Program Files\CDex_170b2
2008-02-03 18:47 --------- d-----w C:\Program Files\Astonsoft
2008-01-28 18:51 --------- d-----w C:\Documents and Settings\Rasta\Application Data\CyberLink
2008-01-23 21:00 1,415,680 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-15 22:16 1,380,352 -c--a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-01-13 18:05 1,361,408 -c--a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-01-10 11:35 1,359,360 -c--a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-08 20:56 1,351,680 -c--a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-08 06:30 1,341,952 -c--a-w C:\WINDOWS\Internet Logs\xDB1.tmp
.

((((((((((((((((((((((((((((( snapshot@2008-03-27_21.49.42.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-29 07:54:39 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56218985-63A6-456F-A982-BE1316386CB7}]
C:\WINDOWS\system32\gebcc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Foxmail"="C:\Program Files\fm610fr\Foxmail.exe" [2007-09-03 10:54 4865360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Starter"="C:\WINDOWS\System32\Starter.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-15 01:30 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-15 01:27 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-15 01:31 118784]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 16:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 07:54 716800]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 20:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 20:11 692316]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 22:50 88204 C:\WINDOWS\AGRSMMSG.exe]
"farstone"="" []
"RestoreIT!"="C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-09-23 18:27 114688]
"MagicKeyboard"="C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 12:01 151552]
"BatteryManager"="C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-04-25 13:05 2764800]
"DMHotKey"="C:\Program Files\Samsung\DisplayManager\DMLoader.exe" [2005-11-23 10:18 356352]
"DisplayManager"="C:\Program Files\Samsung\DisplayManager\DisplayManager.exe" [2006-05-03 18:22 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 13:51 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 13:47 1101824]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-29 08:54 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

C:\Documents and Settings\Rasta\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-SG-P3]
--a------ 2002-12-20 08:52 184320 C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"\\RATAJEK\EPSON Stylus DX7000F Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\DOCUME~1\Rasta\LOCALS~1\Temp\E_S24.tmp" /EF "HKCU"
"Auto EPSON Stylus DX7000F Series sur RATAJEK"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\WINDOWS\TEMP\E_S21.tmp" /EF "HKCU"
"EPSON Stylus DX7000F Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\WINDOWS\TEMP\E_S94.tmp" /EF "HKCU"
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AVStation Premium 3.75"=C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\fm610fr\\FoxHot.exe"=
"C:\\Program Files\\fm610fr\\Foxmail.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=

R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-05-18 22:43]
R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2005-10-27 05:18]
R2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys [2004-05-18 22:43]
R2 SNM WLAN Service;SNM WLAN Service;"C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe" [2005-05-28 07:35]
R2 SRS_PostInstaller;SRS PostInstaller Service;"C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe" [2005-11-28 11:06]
R3 wowfilter;WOW XT Filter Driver;C:\WINDOWS\system32\drivers\wowfilter.sys [2005-11-28 11:06]
S3 SUEPD;SUE NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\SUE_PD.sys [2005-05-24 14:26]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 19:46:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-29 19:47:03
ComboFix-quarantined-files.txt 2008-03-29 18:47:00
ComboFix2.txt 2008-03-27 20:50:05
Pre-Run: 37,618,700,288 octets libres
Post-Run: 37,610,500,096 octets libres
.
2008-03-25 19:35:03 --- E O F ---
29 Mars 2008 20:17:10

Re,

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\mclvgetv.ini
C:\WINDOWS\system32\psltefkc.ini
C:\WINDOWS\system32\fyvouirk.ini
C:\WINDOWS\system32\lmfmasud.ini
C:\WINDOWS\system32\nrvcqhgt.ini
C:\WINDOWS\system32\unclfuhs.ini
C:\WINDOWS\system32\jyoxfpbo.ini
C:\WINDOWS\system32\twlnqewa.ini
C:\WINDOWS\system32\mmfvliic.ini
C:\WINDOWS\system32\qxckibsb.ini
C:\WINDOWS\system32\tiuaykja.ini
C:\WINDOWS\system32\ufavoscw.ini
C:\WINDOWS\system32\eypxmolb.ini
C:\WINDOWS\system32\ufgasbla.dll
C:\WINDOWS\system32\gebcc.dll

Folder::
C:\VundoFix Backups

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Starter"=-
"farstone"=-
"QuickTime Task"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"=-
"updateMgr"=-
"Foxmail"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56218985-63A6-456F-A982-BE1316386CB7}]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
30 Mars 2008 20:28:23

XmichouX, merci encore pour ton assistance. Voici les rapports demandés :

---------- de combofix:

ComboFix 08-03-26.3 - Rasta 2008-03-30 20:21:42.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.418 [GMT 2:00]
Endroit: C:\Documents and Settings\Rasta\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rasta\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\system32\eypxmolb.ini
C:\WINDOWS\system32\fyvouirk.ini
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\jyoxfpbo.ini
C:\WINDOWS\system32\lmfmasud.ini
C:\WINDOWS\system32\mclvgetv.ini
C:\WINDOWS\system32\mmfvliic.ini
C:\WINDOWS\system32\nrvcqhgt.ini
C:\WINDOWS\system32\psltefkc.ini
C:\WINDOWS\system32\qxckibsb.ini
C:\WINDOWS\system32\tiuaykja.ini
C:\WINDOWS\system32\twlnqewa.ini
C:\WINDOWS\system32\ufavoscw.ini
C:\WINDOWS\system32\ufgasbla.dll
C:\WINDOWS\system32\unclfuhs.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\WINDOWS\system32\eypxmolb.ini
C:\WINDOWS\system32\fyvouirk.ini
C:\WINDOWS\system32\jyoxfpbo.ini
C:\WINDOWS\system32\lmfmasud.ini
C:\WINDOWS\system32\mclvgetv.ini
C:\WINDOWS\system32\mmfvliic.ini
C:\WINDOWS\system32\nrvcqhgt.ini
C:\WINDOWS\system32\psltefkc.ini
C:\WINDOWS\system32\qxckibsb.ini
C:\WINDOWS\system32\tiuaykja.ini
C:\WINDOWS\system32\twlnqewa.ini
C:\WINDOWS\system32\ufavoscw.ini
C:\WINDOWS\system32\ufgasbla.dll
C:\WINDOWS\system32\unclfuhs.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))))))))
.

2008-03-29 09:51 . 2008-03-29 09:51 <REP> d-------- C:\Program Files\Avira
2008-03-29 09:51 . 2008-03-29 09:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-25 21:34 . 2008-03-25 21:34 <REP> d-------- C:\Program Files\MSXML 6.0
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\Documents and Settings\Rasta\Application Data\Intel
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\Documents and Settings\Invité\Application Data\Intel
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-03-25 14:34 . 2008-03-25 14:34 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-25 14:34 . 2008-03-25 14:34 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-03-25 14:34 . 2008-03-25 14:34 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-03-25 14:34 . 2008-03-25 14:34 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-03-25 14:33 . 2008-03-25 14:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-03-25 14:33 . 2007-08-27 11:12 2,777,088 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-03-25 14:33 . 2007-10-31 11:23 2,236,544 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-03-25 14:33 . 2007-08-27 11:12 745,472 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-03-25 14:31 . 2008-03-25 14:31 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-25 14:29 . 2008-03-25 14:29 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-03-25 14:29 . 2008-03-25 14:30 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-13 19:37 . 2008-03-13 19:37 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-28 21:21 . 2008-02-29 21:21 2,034 ---hs---- C:\WINDOWS\system32\kignbiap.ini
2008-02-27 21:21 . 2008-02-28 21:04 1,914 ---hs---- C:\WINDOWS\system32\sdqosebl.ini
2008-02-26 21:16 . 2008-02-27 21:16 1,794 ---hs---- C:\WINDOWS\system32\paalergo.ini
2008-02-26 21:13 . 2008-02-26 21:13 91,712 --a------ C:\WINDOWS\system32\uoykkpdk.dll
2008-02-25 21:14 . 2008-02-25 21:14 90,688 --a------ C:\WINDOWS\system32\bettomyj.dll
2008-02-25 21:12 . 2008-02-26 21:12 1,614 ---hs---- C:\WINDOWS\system32\nfleasbn.ini
2008-02-24 20:32 . 2008-02-25 21:11 1,314 ---hs---- C:\WINDOWS\system32\xbfmyvfp.ini
2008-02-24 20:30 . 2008-02-24 20:30 1,134 ---hs---- C:\WINDOWS\system32\kutmbqke.ini
2008-02-24 03:43 . 2008-02-24 03:46 <REP> d-------- C:\Program Files\PhotoFiltre
2008-02-23 20:29 . 2008-02-24 20:29 1,074 ---hs---- C:\WINDOWS\system32\oqtvpqnt.ini
2008-02-22 01:37 . 2008-02-23 20:28 954 ---hs---- C:\WINDOWS\system32\iqhrekig.ini
2008-02-21 01:37 . 2008-02-22 01:37 834 ---hs---- C:\WINDOWS\system32\twcxhxrv.ini
2008-02-21 00:40 . 2008-02-21 00:40 594 ---hs---- C:\WINDOWS\system32\qsurntpf.ini
2008-02-19 23:08 . 2008-02-21 00:34 534 ---hs---- C:\WINDOWS\system32\vmvrufjc.ini
2008-02-19 19:49 . 2008-03-01 13:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-19 01:04 . 2008-02-19 01:01 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-19 01:04 . 2008-02-19 01:04 3,445 --a------ C:\WINDOWS\unins000.dat
2008-02-13 23:09 . 2008-02-16 13:20 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-13 23:09 . 2008-02-19 19:49 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-05 01:12 . 2005-05-24 15:26 19,840 -ra------ C:\WINDOWS\system32\drivers\SUE_PD.sys
2008-02-04 01:37 . 2008-02-04 01:37 <REP> d-------- C:\Program Files\Free Audio Pack
2008-02-04 01:37 . 2000-11-29 03:07 307,200 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-02-04 01:37 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-02-04 01:37 . 1998-06-24 01:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-02-04 01:37 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-02-04 01:37 . 2000-05-22 16:58 115,920 --a------ C:\WINDOWS\system32\msinet.OCX
2008-02-04 01:37 . 1999-03-25 20:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-02-04 01:37 . 1998-07-12 20:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-02-04 01:37 . 1998-07-13 00:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2008-02-04 01:37 . 1998-07-13 00:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-02-04 01:23 . 2008-02-04 01:23 <REP> d-------- C:\Program Files\CDex_170b2
2008-02-03 20:47 . 2008-02-03 20:47 <REP> d-------- C:\Program Files\Astonsoft
2008-02-03 20:47 . 2008-02-04 01:39 <REP> d-------- C:\Documents and Settings\Rasta\Application Data\DeepBurner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 18:24 19,540,000 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-30 18:18 --------- d-----w C:\Documents and Settings\Rasta\Application Data\uTorrent
2008-03-29 07:19 --------- d-----w C:\Documents and Settings\Rasta\Application Data\XnView
2008-03-28 12:24 --------- d-----w C:\Program Files\uTorrent
2008-03-27 20:48 --------- d-----w C:\Documents and Settings\Rasta\Application Data\OpenOffice.org2
2008-03-27 20:46 227,504 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-27 20:46 2,270,566 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-27 20:06 121,298 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_27_13_51_32_small.dmp.zip
2008-03-27 11:52 --------- d-----w C:\Program Files\a-squared Free
2008-03-25 21:01 --------- d-----w C:\Program Files\eMule
2008-03-24 21:24 1,651,200 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-03-23 02:54 114,687 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_22_15_16_53_small.dmp.zip
2008-03-22 12:35 112,477 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_22_09_55_52_small.dmp.zip
2008-03-17 14:21 1,629,696 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-16 19:59 253,440 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-16 19:59 1,625,088 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-04 07:14 120,770 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_03_21_47_17_small.dmp.zip
2008-02-27 08:47 20,971,574 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_26_22_31_44_full.dmp.zip
2008-02-26 07:31 1,583,616 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-26 07:31 1,104,896 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-25 07:09 112,818 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_24_16_47_24_small.dmp.zip
2008-02-25 07:09 112,739 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_24_11_31_58_small.dmp.zip
2008-02-25 07:09 110,168 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_24_19_49_25_small.dmp.zip
2008-02-19 20:45 1,562,112 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-19 19:50 1,566,208 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-19 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-19 06:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-16 11:23 --------- d-----w C:\Documents and Settings\Rasta\Application Data\dvdcss
2008-01-28 18:51 --------- d-----w C:\Documents and Settings\Rasta\Application Data\CyberLink
2008-01-23 21:00 1,415,680 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-15 22:16 1,380,352 -c--a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-01-13 18:05 1,361,408 -c--a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-01-10 11:35 1,359,360 -c--a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-08 20:56 1,351,680 -c--a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-08 06:30 1,341,952 -c--a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-12-16 16:16 264,097 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1687.exe
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.

((((((((((((((((((((((((((((( snapshot@2008-03-27_21.49.42.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-29 07:54:39 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-15 02:30 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-15 02:27 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-15 02:31 118784]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 17:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 08:54 716800]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 21:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 21:11 692316]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 23:50 88204 C:\WINDOWS\AGRSMMSG.exe]
"RestoreIT!"="C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-09-23 19:27 114688]
"MagicKeyboard"="C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 13:01 151552]
"BatteryManager"="C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-04-25 14:05 2764800]
"DMHotKey"="C:\Program Files\Samsung\DisplayManager\DMLoader.exe" [2005-11-23 11:18 356352]
"DisplayManager"="C:\Program Files\Samsung\DisplayManager\DisplayManager.exe" [2006-05-03 19:22 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 22:54 919016]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 14:51 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 14:47 1101824]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-29 09:54 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

C:\Documents and Settings\Rasta\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-SG-P3]
--a------ 2002-12-20 09:52 184320 C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"\\RATAJEK\EPSON Stylus DX7000F Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\DOCUME~1\Rasta\LOCALS~1\Temp\E_S24.tmp" /EF "HKCU"
"Auto EPSON Stylus DX7000F Series sur RATAJEK"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\WINDOWS\TEMP\E_S21.tmp" /EF "HKCU"
"EPSON Stylus DX7000F Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\WINDOWS\TEMP\E_S94.tmp" /EF "HKCU"
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AVStation Premium 3.75"=C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\fm610fr\\FoxHot.exe"=
"C:\\Program Files\\fm610fr\\Foxmail.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=

R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-05-18 23:43]
R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2005-10-27 06:18]
R2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys [2004-05-18 23:43]
R2 SNM WLAN Service;SNM WLAN Service;"C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe" [2005-05-28 08:35]
R2 SRS_PostInstaller;SRS PostInstaller Service;"C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe" [2005-11-28 12:06]
R3 wowfilter;WOW XT Filter Driver;C:\WINDOWS\system32\drivers\wowfilter.sys [2005-11-28 12:06]
S3 SUEPD;SUE NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\SUE_PD.sys [2005-05-24 15:26]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 20:24:09
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-30 20:24:43
ComboFix-quarantined-files.txt 2008-03-30 18:24:38
ComboFix2.txt 2008-03-29 18:47:04
ComboFix3.txt 2008-03-27 20:50:05
Pre-Run: 37,559,984,128 octets libres
Post-Run: 37,547,208,704 octets libres
.
2008-03-25 19:35:03 --- E O F ---

---------- de HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:56, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Samsung\DisplayManager\dmhkcore.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\fm610fr\Foxmail.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Rasta\Bureau\HJThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E6FEEC-4631-43C7-8144-1856FC64C151}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: (no name) - http://visuels.pressimmo-online.com/2d/f/f/c/ffcbb037-5...

--
End of file - 10396 bytes

30 Mars 2008 23:02:41

On continue ;) 

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\kignbiap.ini
C:\WINDOWS\system32\sdqosebl.ini
C:\WINDOWS\system32\paalergo.ini
C:\WINDOWS\system32\uoykkpdk.dll
C:\WINDOWS\system32\bettomyj.dll
C:\WINDOWS\system32\nfleasbn.ini
C:\WINDOWS\system32\xbfmyvfp.ini
C:\WINDOWS\system32\kutmbqke.ini
C:\WINDOWS\system32\oqtvpqnt.ini
C:\WINDOWS\system32\iqhrekig.ini
C:\WINDOWS\system32\twcxhxrv.ini
C:\WINDOWS\system32\qsurntpf.ini
C:\WINDOWS\system32\vmvrufjc.ini

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"=-


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
2 Avril 2008 22:51:27

Bonsoir XmichouX...

Boulot très prenant, je ne trouve même pas le temps d'assainir mon "outil de travail" !! Par contre, sans trop savoir, j'ai évité de m'en servir, pour éviter une éventuelle propagation des fichiers infectés.
Voici les rapports demandés, après la dernière manip' indiquée...

---------- de Combofix :

ComboFix 08-03-26.3 - Rasta 2008-04-02 22:36:45.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.490 [GMT 2:00]
Endroit: C:\Documents and Settings\Rasta\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rasta\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\system32\bettomyj.dll
C:\WINDOWS\system32\iqhrekig.ini
C:\WINDOWS\system32\kignbiap.ini
C:\WINDOWS\system32\kutmbqke.ini
C:\WINDOWS\system32\nfleasbn.ini
C:\WINDOWS\system32\oqtvpqnt.ini
C:\WINDOWS\system32\paalergo.ini
C:\WINDOWS\system32\qsurntpf.ini
C:\WINDOWS\system32\sdqosebl.ini
C:\WINDOWS\system32\twcxhxrv.ini
C:\WINDOWS\system32\uoykkpdk.dll
C:\WINDOWS\system32\vmvrufjc.ini
C:\WINDOWS\system32\xbfmyvfp.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bettomyj.dll
C:\WINDOWS\system32\iqhrekig.ini
C:\WINDOWS\system32\kignbiap.ini
C:\WINDOWS\system32\kutmbqke.ini
C:\WINDOWS\system32\nfleasbn.ini
C:\WINDOWS\system32\oqtvpqnt.ini
C:\WINDOWS\system32\paalergo.ini
C:\WINDOWS\system32\qsurntpf.ini
C:\WINDOWS\system32\sdqosebl.ini
C:\WINDOWS\system32\twcxhxrv.ini
C:\WINDOWS\system32\uoykkpdk.dll
C:\WINDOWS\system32\vmvrufjc.ini
C:\WINDOWS\system32\xbfmyvfp.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.

2008-03-29 09:51 . 2008-03-29 09:51 <REP> d-------- C:\Program Files\Avira
2008-03-29 09:51 . 2008-03-29 09:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-25 21:34 . 2008-03-25 21:34 <REP> d-------- C:\Program Files\MSXML 6.0
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\Documents and Settings\Rasta\Application Data\Intel
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\Documents and Settings\Invité\Application Data\Intel
2008-03-25 14:34 . 2008-03-25 14:34 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-03-25 14:34 . 2008-03-25 14:34 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-25 14:34 . 2008-03-25 14:34 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-03-25 14:34 . 2008-03-25 14:34 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-03-25 14:34 . 2008-03-25 14:34 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-03-25 14:33 . 2008-03-25 14:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-03-25 14:33 . 2007-08-27 11:12 2,777,088 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-03-25 14:33 . 2007-10-31 11:23 2,236,544 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-03-25 14:33 . 2007-08-27 11:12 745,472 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-03-25 14:31 . 2008-03-25 14:31 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-25 14:29 . 2008-03-25 14:29 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-03-25 14:29 . 2008-03-25 14:30 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-13 19:37 . 2008-03-13 19:37 127 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 20:39 19,816,480 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-02 18:39 --------- d-----w C:\Documents and Settings\Rasta\Application Data\OpenOffice.org2
2008-04-02 16:10 235,592 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-31 10:59 110,593 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_29_00_18_49_small.dmp.zip
2008-03-31 10:59 109,165 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_29_02_27_54_small.dmp.zip
2008-03-30 18:35 --------- d-----w C:\Documents and Settings\Rasta\Application Data\XnView
2008-03-30 18:18 --------- d-----w C:\Documents and Settings\Rasta\Application Data\uTorrent
2008-03-28 12:24 --------- d-----w C:\Program Files\uTorrent
2008-03-27 20:46 2,270,566 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-27 20:06 121,298 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_27_13_51_32_small.dmp.zip
2008-03-27 11:52 --------- d-----w C:\Program Files\a-squared Free
2008-03-25 21:01 --------- d-----w C:\Program Files\eMule
2008-03-24 21:24 1,651,200 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-03-23 02:54 114,687 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_22_15_16_53_small.dmp.zip
2008-03-22 12:35 112,477 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_22_09_55_52_small.dmp.zip
2008-03-17 14:21 1,629,696 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-16 19:59 253,440 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-16 19:59 1,625,088 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-04 07:14 120,770 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_03_21_47_17_small.dmp.zip
2008-03-01 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-27 08:47 20,971,574 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_26_22_31_44_full.dmp.zip
2008-02-26 07:31 1,583,616 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-26 07:31 1,104,896 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-25 07:09 112,818 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_24_16_47_24_small.dmp.zip
2008-02-25 07:09 112,739 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_24_11_31_58_small.dmp.zip
2008-02-25 07:09 110,168 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_24_19_49_25_small.dmp.zip
2008-02-24 01:46 --------- d-----w C:\Program Files\PhotoFiltre
2008-02-19 20:45 1,562,112 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-19 19:50 1,566,208 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-19 17:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-19 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-19 06:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-18 23:01 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-16 11:23 --------- d-----w C:\Documents and Settings\Rasta\Application Data\dvdcss
2008-02-03 23:39 --------- d-----w C:\Documents and Settings\Rasta\Application Data\DeepBurner
2008-02-03 23:37 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-03 23:23 --------- d-----w C:\Program Files\CDex_170b2
2008-02-03 18:47 --------- d-----w C:\Program Files\Astonsoft
2008-01-23 21:00 1,415,680 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-15 22:16 1,380,352 -c--a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-01-13 18:05 1,361,408 -c--a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-01-10 11:35 1,359,360 -c--a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-08 20:56 1,351,680 -c--a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-08 06:30 1,341,952 -c--a-w C:\WINDOWS\Internet Logs\xDB1.tmp
.

((((((((((((((((((((((((((((( snapshot@2008-03-27_21.49.42.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-29 07:54:39 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2008-03-25 12:34:50 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-31 11:03:55 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-25 12:34:50 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-03-31 11:03:55 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-03-25 12:34:50 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-31 11:03:55 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-25 12:34:50 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-03-31 11:03:55 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-15 02:30 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-15 02:27 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-15 02:31 118784]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 17:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 08:54 716800]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 21:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 21:11 692316]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 23:50 88204 C:\WINDOWS\AGRSMMSG.exe]
"RestoreIT!"="C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-09-23 19:27 114688]
"MagicKeyboard"="C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 13:01 151552]
"BatteryManager"="C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-04-25 14:05 2764800]
"DMHotKey"="C:\Program Files\Samsung\DisplayManager\DMLoader.exe" [2005-11-23 11:18 356352]
"DisplayManager"="C:\Program Files\Samsung\DisplayManager\DisplayManager.exe" [2006-05-03 19:22 413696]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 22:54 919016]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 14:51 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 14:47 1101824]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-29 09:54 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

C:\Documents and Settings\Rasta\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-SG-P3]
--a------ 2002-12-20 09:52 184320 C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"\\RATAJEK\EPSON Stylus DX7000F Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\DOCUME~1\Rasta\LOCALS~1\Temp\E_S24.tmp" /EF "HKCU"
"Auto EPSON Stylus DX7000F Series sur RATAJEK"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\WINDOWS\TEMP\E_S21.tmp" /EF "HKCU"
"EPSON Stylus DX7000F Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\WINDOWS\TEMP\E_S94.tmp" /EF "HKCU"
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVStation Premium 3.75"=C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\fm610fr\\FoxHot.exe"=
"C:\\Program Files\\fm610fr\\Foxmail.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=

R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-05-18 23:43]
R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2005-10-27 06:18]
R2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys [2004-05-18 23:43]
R2 SNM WLAN Service;SNM WLAN Service;"C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe" [2005-05-28 08:35]
R2 SRS_PostInstaller;SRS PostInstaller Service;"C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe" [2005-11-28 12:06]
R3 wowfilter;WOW XT Filter Driver;C:\WINDOWS\system32\drivers\wowfilter.sys [2005-11-28 12:06]
S3 SUEPD;SUE NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\SUE_PD.sys [2005-05-24 15:26]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 22:39:13
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-02 22:39:54
ComboFix-quarantined-files.txt 2008-04-02 20:39:50
ComboFix2.txt 2008-03-30 18:24:44
ComboFix3.txt 2008-03-29 18:47:04
ComboFix4.txt 2008-03-27 20:50:05
Pre-Run: 37,308,764,160 octets libres
Post-Run: 37,290,848,256 octets libres
.
2008-03-25 19:35:03 --- E O F ---

---------- de HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:19, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Samsung\DisplayManager\dmhkcore.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Rasta\Bureau\HJThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E6FEEC-4631-43C7-8144-1856FC64C151}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: (no name) - http://visuels.pressimmo-online.com/2d/f/f/c/ffcbb037-5...

--
End of file - 9641 bytes


En te remerciant pour tout ce temps que tu prends pour nous dépanner... surtout si tu en as quelques uns comme moi !!
Au plaisir de te lire...
3 Avril 2008 18:25:13

Re,

C'est mieux ?

Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (file missing)
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O24 - Desktop Component 1: (no name) - http://visuels.pressimmo-online.co [...] 7-5d3a.jpg

Puis Fix Checked!

********

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
3 Avril 2008 20:21:47

Yo !
Lors de l'analyse par ce dernier programme, j'ai été gêné par l'antivirus qui me demandait à chaque fois qu'un fichier infecté était découvet ce que je voulais en faire. J'ai alors désactivé Antivir, relancé Clean, et voici le rapport comme demandé :

03/04/2008 a 20:14:39,17

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files


A très vite, je sens que ça devient bon... Saleté de cheval de troie !!
3 Avril 2008 21:30:59

Re;)

Reposte un HijackThis :) 
3 Avril 2008 23:44:53

;-) fidèle au poste, ça fait plaisir...
J'ai encore des alertes, Vundo il me semble.
Merci !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42:19, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Samsung\DisplayManager\dmhkcore.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\fm610fr\Foxmail.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rasta\Bureau\HJThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E6FEEC-4631-43C7-8144-1856FC64C151}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8959 bytes
4 Avril 2008 07:14:05

Re,

Bizarre, on va vérifier ça.

Supprime : C:\Qoobox.

Fais un scan complet AntiVir en mode sans échec et poste moi le rapport :) 
5 Avril 2008 07:55:13

Voili-voilou... Je suis confiant, on y arrivera !



AntiVir PersonalEdition Classic
Report file date: samedi 5 avril 2008 00:07

Scanning for 1181183 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Rasta
Computer name: Q35

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 07:54:39
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 07:54:39
ANTIVIR3.VDF : 7.0.3.121 189952 Bytes 04/04/2008 18:06:01
AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 04/04/2008 18:06:01
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 29/03/2008 07:54:39
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +GAME,

Start of the scan: samedi 5 avril 2008 00:07

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '37' files ).


Starting the file scan:

Begin scan in 'C:\' <Systeme>
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Travail>
D:\Mes documents\Softs\Ahead.Nero.Burning.ROM.v6.6.0.3.Ultra.Edition.incl.KeyMaker.zip
[0] Archive type: ZIP
--> cr-nero6.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Bot.3533 Backdoor server programs
[INFO] The file was deleted!
D:\Mes documents\Softs\Adobe Acrobat Professional 8.10 Inc Keygen[full version]\Keygen.exe
[DETECTION] Contains detection pattern of the dropper DR/Virtumonde.164864
[INFO] The file was deleted!


End of the scan: samedi 5 avril 2008 07:48
Used time: 7:41:43 min

The scan has been done completely.

4890 Scanning directories
233138 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
233136 Files not concerned
8974 Archives were scanned
11 Warnings
1 Notes

5 Avril 2008 08:47:27

Aïe aïe... des programmes illicites dans mon ordi ?... Je m'étais pourtant dit d'éviter ces programmes crackés... Ceci dit, le scan n'a pas l'air d'avoir détecté de virus actif (?), mon problème viendrait de chevaux de Troie (Virtumonde, Vundo), à ce que j'ai pu comprendre...
Je te laisse à ton analyse, et suis à ton écoute. Merci de garder le fil de notre discussion, c'est presque mieux qu'MSN !!
5 Avril 2008 08:53:37

Ah, j'y pense... Tu auras peut-être pu le voir au travers des divers rapports postés, je me sers donc d'Antivir (à la place d'Avast dont j'ai compris qu'il ne faisait plus l'affaire...), A-squarred, SpyBot et Zone Alarm. J'essaie de faire régulièrement des scans après avoir tout mis à jour...
Tes conseils sur d'éventuels programmes complémentaires sont les bienvenus!
Quant à ce qui m'ennuie en ce moment, tu en as trouvé la source ? Ce ou ces troyens, à part être détectés sans arrêt et provoquer des alertes, ne sont pas (trop) parasitants (pour l'instant : l'infection gagne en ampleur avec le temps ?). J'avais essayé des patches contre Virtumonde, sans succès, avant de trouver ce forum et tomber sur tes lumières...
Merci encore de ta fidélité.
5 Avril 2008 10:59:16

Re ;) 

Les origines de ton infection sont ces cracks !

Citation :
D:\Mes documents\Softs\Ahead.Nero.Burning.ROM.v6.6.0.3.Ultra.Edition.incl.KeyMaker.zip
[0] Archive type: ZIP
--> cr-nero6.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Bot.3533 Backdoor server programs
[INFO] The file was deleted!
D:\Mes documents\Softs\Adobe Acrobat Professional 8.10 Inc Keygen[full version]\Keygen.exe
[DETECTION] Contains detection pattern of the dropper DR/Virtumonde.164864


Supprime :
D:\Mes documents\Softs\Adobe Acrobat Professional 8.10 Inc Keygen[full version]

Toujours des dysfonctionnements ?
Reposte un HijackThis.
5 Avril 2008 16:34:27

Il ne s'agissait pourtant que de l'exécutable, sauvegardé dans ce dossier. J'avais installé ce log, dont le keygen ne marchait pas (... !). Je l'ai désinstallé par le panneau de config, mais quelques traces étaient encore présentes dans le dossier d'installation (Prog Files, Adobe, Acrobat...).
Je viens de faire le ménage, vidé la poubelle, avant de lancer HijackThis.
Comme je te le disais, ce troyen est (presque) invisible : il ne m'ouvre pas de pubs intempestives, j'ai juste de temps à autres des alertes d'Antivir.
Je te tiens au courant si ça continue, je reste connecté.
Merci encore.

Si tu trouves qqch d'anormal, je reste à l'écoute !!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:30, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\DisplayManager\dmhkcore.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\fm610fr\Foxmail.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rasta\Bureau\HJThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E6FEEC-4631-43C7-8144-1856FC64C151}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9326 bytes
5 Avril 2008 16:42:59

Re,

Citation :
J'avais installé ce log, dont le keygen ne marchait pas (... !).

En effet, ce n'est pas un vrai crack, il installe seulement l'infection Vundo :p 

Je ne vois plus d'infection dans tes logs.

Peux-tu faire un screen à la prochaine alerte ?

Tuto Screenshot
5 Avril 2008 22:19:05

Toujours là, car détecté dans le système par Antivir...



Du fil à retordre, hein ?
6 Avril 2008 10:18:12

C'est fait. Je te tiens au courant d'ici demain soir. On pourra alors considérer le problème résolu !!
Je reste connecté, et vais refaire un bon scan complet.
Merci encore !
8 Avril 2008 21:18:02

Histoire de te tenir au courant...
Plus rien n'a été décelé depuis. La dernière manip' aura eu raison de ce troyen tenace !
Merci encore pour ton dévouement, au plaisir de se faire conseiller ou dépanner !!
8 Avril 2008 21:53:10

Re,

Télécharge ToolsCleaner2( de A.Rothstein)

Installe le sur ton Bureau
Clique sur [Recherche] pour lancer le scan
Clique sur [Supprimer] pour nettoyer les outils utilisés
Clique sur [Quitter],
Poste ce rapport ~>C:\TCleaner.txt<~

Garde ccleaner, avg et antivir si nous les avons installé..
Désactive-réactive la restauration système
Rapporte ton infection sur Malware Complaints >Tuto<
Ton(tes) infection(s) : Vundo
Si tu ne la trouves pas dans la liste, poste dans Autres infections,

Mets ton ordi correctement à jour >ici<

Puis regarde ces dossiers :

Sécurité/Prévention
Conséquences de la multi-protection
Toolbars : Inutilité et ralentissements

Bonne journée/soirée :) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS