Se connecter / S'enregistrer
Votre question

malware redirection google (RESOLU)

Tags :
  • google
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Janvier 2008 09:40:18

Bonjour à tous,

J'ai un souci depuis peu, quand je fais une recherche avec Google et que je clique sur un lien, je suis redirigé le plus souvent vers des sites douteux...
Sur le rapport de fixewareout, je vois bien qu'il y a qqchose qui cloche (notamment ,yp66odyiz"="C:\\WINDOWS\\system32\\yp66odyiz.exe") mais je ne sais absolument pas comment procéder ensuite...
Pouvez-vous m'aider ?

Merci beaucoup

Fred.

ps: je joins le rapport.



System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"ShowLOMControl"=dword:00000001
"NexusServer"="\"C:\\Program Files\\Fichiers communs\\Canopus Shared\\ProCoder 2\\Kernel\\PNXSERVR.exe\" -SelfLaunch"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"WD Button Manager"="WDBtnMgr.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"yp66odyiz"="C:\\WINDOWS\\system32\\yp66odyiz.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\" /d=60"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"µTorrent"="\"C:\\Program Files\\uTorrent\\utorrent.exe\""
"yp66odyiz"="C:\\WINDOWS\\system32\\yp66odyiz.exe"
"eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Autres pages sur : malware redirection google resolu

13 Janvier 2008 00:51:48

Merci beaucoup Angeldark.

Voici donc le rapport:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:50:02, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\p2csvc.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Fichiers communs\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.219\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {38FB1156-70AC-4258-AF4B-FFC0B450B81C} - c:\windows\system32\cmutilk.dll
O2 - BHO: (no name) - {E8E8C2FE-D1AD-4E0D-B494-62B2EBD206ED} - C:\WINDOWS\system32\dpnlobbyr.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Fichiers communs\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [yp66odyiz] C:\WINDOWS\system32\yp66odyiz.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [yp66odyiz] C:\WINDOWS\system32\yp66odyiz.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: e-Backup 1.42 Scheduler.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: P2 Card Manager.lnk = C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O20 - Winlogon Notify: fieaqpbw - C:\WINDOWS\SYSTEM32\cmutilk.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: p2csvc - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\p2csvc.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10216 bytes
Contenus similaires
a b 8 Sécurité
13 Janvier 2008 11:45:38

Re,

Télécharge [#FF0000]DelDomains.inf[/#F] (de Mike Burgess) sur ton Bureau.
**Si tu utilises FireFox : fais un clic droit sur le lien et choisis "Enregistrer la cible du lien sous..."**
  • Fais un clique droit sur le fichier, puis choisis "Installer" du menu contextuel.
  • Le script s'installe rapidement et aucune confirmation ne sera affichée à l'écran, ceci est normal.

    &

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    13 Janvier 2008 17:49:31

    Ok voici le scan.
    Petit souci après le reboot, on m'a demandé un mot de passe pour ouvrir la session... j'en ai jamais eu. Obligé de redémarrer, plus de pb ensuite.

    Merci encore!



    ComboFix 08-01-09.2 - Admin 2008-01-13 20:24:23.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1486 [GMT 1:00]
    Running from: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\media
    C:\WINDOWS\system32\media\AvidRender.wav
    C:\WINDOWS\system32\cmutilk.dll . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SEDWDXVX
    -------\sedwdxvx


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-13 20:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-12 11:01 . 2008-01-13 15:15 <REP> d-------- C:\Program Files\a-squared Anti-Malware
    2008-01-12 00:54 . 2008-01-12 00:54 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Grisoft
    2008-01-12 00:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-12 00:09 . 2008-01-12 00:09 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
    2008-01-12 00:04 . 2008-01-12 00:04 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-12 00:04 . 2008-01-12 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-12 00:04 . 2008-01-12 00:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVG7
    2008-01-12 00:04 . 2008-01-12 00:14 <REP> d-------- C:\Documents and Settings\Admin\Application Data\AVG7
    2008-01-11 20:20 . 2007-11-16 11:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-01-11 20:20 . 2007-11-16 11:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-01-11 20:20 . 2007-11-16 10:53 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-01-11 20:20 . 2007-11-16 11:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-01-11 20:20 . 2007-11-16 11:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-01-11 20:20 . 2007-11-16 10:57 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-01-11 20:20 . 2008-01-12 00:04 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-01-11 19:28 . 2008-01-11 19:28 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-11 19:28 . 2008-01-11 19:28 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-11 19:28 . 2008-01-11 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-11 18:54 . 2008-01-11 18:54 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
    2008-01-11 18:54 . 2008-01-11 18:54 741,632 --a------ C:\WINDOWS\system32\idmkahmt.dat
    2008-01-11 18:54 . 2008-01-11 18:54 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
    2008-01-11 18:54 . 2008-01-11 18:54 120,576 --a------ C:\WINDOWS\system32\eorrkkxy.dat
    2008-01-11 18:54 . 2008-01-11 18:54 42,240 --a------ C:\WINDOWS\system32\wfzcvxhd.dat
    2008-01-11 18:54 . 2008-01-12 18:58 36,608 --a------ C:\WINDOWS\system32\mhcmqlby.dat
    2008-01-11 18:54 . 2008-01-11 18:54 35,072 --a------ C:\WINDOWS\system32\jvgjgzbr.dat
    2008-01-11 17:54 . 2008-01-11 18:50 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft
    2008-01-11 16:12 . 19,584 C:\WINDOWS\system32\drivers\vlqasnuj.dat
    2008-01-11 16:05 . 2008-01-13 20:26 83,968 --a------ C:\WINDOWS\system32\cmutilk.dll
    2008-01-11 16:04 . 2004-08-19 17:08 83,968 --a------ C:\WINDOWS\system32\dpnlobbyr.dll
    2008-01-10 00:00 . 2008-01-10 00:16 64,309 --a------ C:\PokerStars.log.0
    2008-01-08 11:06 . 2008-01-08 11:06 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Canon
    2008-01-08 11:05 . 2005-07-26 13:44 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-01-08 10:53 . 2008-01-08 10:53 <REP> d-------- C:\Program Files\Canon
    2008-01-08 10:53 . 2008-01-08 10:53 <REP> d-------- C:\Documents and Settings\Admin\WINDOWS
    2008-01-08 10:53 . 2002-05-14 11:57 305,664 --a------ C:\WINDOWS\IsUninst.exe
    2008-01-08 10:52 . 2002-04-12 20:23 339,968 --a------ C:\WINDOWS\system32\N124UFW.dll
    2008-01-08 10:52 . 2001-04-11 02:10 327,740 --a------ C:\WINDOWS\system32\UCS32P.DLL
    2008-01-08 10:52 . 2002-04-26 18:37 32,768 --a------ C:\WINDOWS\system32\CNQU70.DLL
    2008-01-04 10:59 . 2005-07-26 13:44 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-01-04 10:59 . 2005-07-26 13:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-01-04 10:59 . 2005-07-26 13:43 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-04 10:59 . 2005-07-26 13:43 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-01-03 13:37 . 2008-01-03 15:16 295 --a------ C:\WINDOWS\MindMan.INI
    2008-01-03 09:17 . 2005-07-26 13:43 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
    2008-01-03 09:17 . 2005-07-26 13:43 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
    2008-01-03 09:17 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
    2008-01-03 09:17 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
    2008-01-03 09:17 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
    2008-01-03 09:17 . 2005-07-26 13:43 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
    2007-12-25 23:10 . 2007-12-25 23:10 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2007-12-25 23:09 . 2007-12-25 23:09 <REP> d-------- C:\Program Files\Real
    2007-12-25 23:09 . 2007-12-25 23:10 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2007-12-21 00:37 . 2008-01-13 12:02 <REP> d-------- C:\Program Files\eMule
    2007-12-17 13:03 . 2001-11-30 16:49 1,335,648 --a------ C:\WINDOWS\system32\Sbe6_32.dll
    2007-12-17 13:03 . 2001-06-20 19:21 1,056,768 --a------ C:\WINDOWS\system32\RoboEx32.dll
    2007-12-17 13:03 . 2001-11-30 16:49 558,656 --a------ C:\WINDOWS\system32\Sb6ent.ocx
    2007-12-17 13:03 . 2001-11-30 16:49 329,423 --a------ C:\WINDOWS\system32\Sbe6_000.hlp
    2007-12-17 13:03 . 2001-11-30 16:49 102,400 --a------ C:\WINDOWS\system32\Sbe6@fra.dll
    2007-12-17 13:03 . 2001-06-20 19:21 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
    2007-12-17 13:03 . 2001-11-30 16:49 6,537 --a------ C:\WINDOWS\system32\Sbe6_000.cnt
    2007-12-17 08:35 . 2007-12-17 08:35 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer
    2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-13 19:26 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent
    2008-01-13 02:12 --------- d-----w C:\Program Files\PokerStars
    2008-01-09 14:33 --------- d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM
    2007-12-30 21:12 --------- d-----w C:\Documents and Settings\Admin\Application Data\TribalWeb
    2007-12-11 08:20 --------- d-----w C:\Program Files\hp deskjet 845c series
    2007-12-11 08:18 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-12-09 13:12 --------- d-----w C:\Program Files\FileZilla
    2007-12-06 22:14 --------- d-----w C:\Program Files\QuickTime
    2007-12-06 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-06 14:23 --------- d-----w C:\Program Files\PowerPoint Viewer
    2007-12-05 18:37 --------- d-----w C:\Program Files\Panasonic P2
    2007-12-04 17:53 28,912 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-30 19:57 --------- d-----w C:\Program Files\TribalWeb.net
    2007-11-29 18:07 --------- d-----w C:\Program Files\Winamp
    2007-11-29 17:47 --------- d-----w C:\Program Files\uTorrent
    2007-11-26 09:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-26 09:03 --------- d-----w C:\Program Files\Avid
    2007-11-26 09:02 --------- d-----w C:\Program Files\SafeNet Sentinel
    2007-11-26 09:01 --------- d-----w C:\Program Files\Fichiers communs\Avid
    2007-11-26 08:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-11-26 08:40 --------- d-----w C:\Program Files\RegCleaner
    2007-11-26 08:39 --------- d-----w C:\Program Files\QuickTime(2)
    2007-11-26 08:39 --------- d-----w C:\Program Files\Avid(3)
    2007-11-26 08:39 --------- d-----w C:\Program Files\Apple Software Update
    2007-11-26 08:36 --------- d-----w C:\Program Files\Avid(2)
    2007-11-19 07:03 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
    2007-11-19 07:01 --------- d-----w C:\Program Files\Fichiers communs\SafeNet Sentinel
    2007-11-19 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2007-11-19 06:38 --------- d-----w C:\Program Files\Mindjet
    2007-11-17 21:36 --------- d-----w C:\Documents and Settings\Admin\Application Data\vlc
    2007-11-17 21:34 --------- d-----w C:\Program Files\VideoLAN
    2007-11-16 11:47 --------- d-----w C:\Program Files\Western Digital Technologies
    2007-11-16 11:47 --------- d-----w C:\Program Files\My Book
    2007-11-16 11:46 339,968 ----a-w C:\WINDOWS\system32\WDBtnMgr.exe
    2007-11-16 11:22 --------- d-----w C:\Documents and Settings\Admin\Application Data\Canopus
    2007-11-16 11:19 --------- d-----w C:\Program Files\VERITAS Software
    2007-11-16 11:19 --------- d-----w C:\Documents and Settings\Admin\Application Data\VERITAS
    2007-11-16 11:16 --------- d-----w C:\Program Files\Windows Media Components
    2007-11-16 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
    2007-11-16 11:14 --------- d-----w C:\Program Files\Ulead Systems
    2007-11-16 11:14 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
    2007-11-16 11:14 --------- d-----w C:\Program Files\Fichiers communs\SONY Digital Images
    2007-11-16 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2007-11-16 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Canopus
    2007-11-16 11:05 --------- d-----w C:\Program Files\DivX
    2007-11-16 11:04 --------- d-----w C:\Program Files\Fichiers communs\Canopus Shared
    2007-11-16 11:04 --------- d-----w C:\Program Files\Canopus
    2007-11-16 11:01 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-11-16 10:59 --------- d-----w C:\Program Files\nfoViewer
    2007-11-16 10:50 --------- d-----w C:\Program Files\Kerio
    2007-11-16 10:49 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-11-16 10:49 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-11-16 10:46 --------- d-----w C:\Program Files\Inachis
    2007-11-16 10:20 --------- d-----w C:\Program Files\Dell
    2007-11-16 10:16 --------- d-----w C:\Program Files\Intel
    2007-11-16 10:14 --------- d-----w C:\Documents and Settings\Admin\Application Data\Logitech
    2007-11-16 10:13 --------- d-----w C:\Program Files\SetPoint
    2007-11-16 10:13 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2007-11-16 10:11 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2007-11-16 10:11 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
    2007-11-16 10:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
    2007-11-16 10:11 --------- d-----w C:\Documents and Settings\Admin\Application Data\Intel
    2007-11-16 10:10 --------- d-----w C:\Program Files\Broadcom
    2007-11-16 10:08 --------- d-----w C:\Program Files\Synaptics
    2007-11-16 10:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-11-16 10:05 --------- d-----w C:\Program Files\CONEXANT
    2007-11-16 10:03 --------- d-----w C:\Program Files\SigmaTel
    2007-11-16 09:57 --------- d-----w C:\Program Files\microsoft frontpage
    2007-11-16 09:56 --------- d-----w C:\Program Files\Services en ligne
    2007-11-16 09:55 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38FB1156-70AC-4258-AF4B-FFC0B450B81C}]
    2008-01-13 20:26 83968 --a------ c:\windows\system32\cmutilk.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8E8C2FE-D1AD-4E0D-B494-62B2EBD206ED}]
    2004-08-19 17:08 83968 --a------ C:\WINDOWS\system32\dpnlobbyr.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-02-15 21:17 177152]
    "yp66odyiz"="C:\WINDOWS\system32\yp66odyiz.exe" [ ]
    "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-14 11:40 5304320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 12:17 282624 C:\WINDOWS\stsystra.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 20:38 7118848]
    "nwiz"="nwiz.exe" [2005-12-14 20:38 1519616 C:\WINDOWS\system32\nwiz.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-06 10:45 839680]
    "ShowLOMControl"="1 (0x1)" []
    "NexusServer"="C:\Program Files\Fichiers communs\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" [2004-04-28 01:41 188416]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
    "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 00:01 155648]
    "WD Button Manager"="WDBtnMgr.exe" [2007-11-16 12:46 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50 33792]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 17:10 110592 C:\WINDOWS\system32\bthprops.cpl]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 13:28 196608]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-25 23:10 185896]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 16:38 28160 C:\WINDOWS\KHALMNPR.Exe]
    "yp66odyiz"="C:\WINDOWS\system32\yp66odyiz.exe" [ ]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-12 10:34 579072]
    "AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-01-12 10:34 406528]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-12 11:07 1816208]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-12 10:34 219136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 12:24 341]
    "nlsf"="cmd.exe" [2004-08-19 17:09 400896 C:\WINDOWS\system32\cmd.exe]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 16:52 44544]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)

    R0 wghwufgi;wghwufgi;C:\WINDOWS\system32\drivers\vlqasnuj.dat []
    R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 12:28]
    R2 p2csvc;p2csvc;C:\WINDOWS\system32\p2csvc.exe [2007-03-08 14:05]
    S3 p2usb;Panasonic P2 Series USB Device;C:\WINDOWS\system32\DRIVERS\p2usb.sys [2007-05-15 17:20]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-09 10:46:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-13 20:37:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-13 20:40:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-13 19:40:29
    a b 8 Sécurité
    13 Janvier 2008 19:18:00

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Driver::
    wghwufgi

    Rootkit::
    c:\windows\system32\cmutilk.dll
    C:\WINDOWS\system32\dpnlobbyr.dll

    File::
    C:\WINDOWS\system32\idmkahmt.dat
    C:\WINDOWS\system32\eorrkkxy.dat
    C:\WINDOWS\system32\wfzcvxhd.dat
    C:\WINDOWS\system32\mhcmqlby.dat
    C:\WINDOWS\system32\jvgjgzbr.dat
    C:\WINDOWS\system32\drivers\vlqasnuj.dat
    C:\WINDOWS\system32\yp66odyiz.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38FB1156-70AC-4258-AF4B-FFC0B450B81C}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8E8C2FE-D1AD-4E0D-B494-62B2EBD206ED}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "yp66odyiz"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "yp66odyiz"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    14 Janvier 2008 04:13:36

    Ok, voici le rapport combofix:


    ComboFix 08-01-09.2 - Admin 2008-01-14 6:59:53.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1546 [GMT 1:00]
    Running from: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Admin\Bureau\CFScript.txt..txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\drivers\vlqasnuj.dat
    C:\WINDOWS\system32\eorrkkxy.dat
    C:\WINDOWS\system32\idmkahmt.dat
    C:\WINDOWS\system32\jvgjgzbr.dat
    C:\WINDOWS\system32\mhcmqlby.dat
    C:\WINDOWS\system32\wfzcvxhd.dat
    C:\WINDOWS\system32\yp66odyiz.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\cmutilk.dll
    C:\WINDOWS\system32\dpnlobbyr.dll
    C:\WINDOWS\system32\drivers\vlqasnuj.dat
    C:\WINDOWS\system32\eorrkkxy.dat
    C:\WINDOWS\system32\idmkahmt.dat
    C:\WINDOWS\system32\jvgjgzbr.dat
    C:\WINDOWS\system32\mhcmqlby.dat
    C:\WINDOWS\system32\wfzcvxhd.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SEDWDXVX
    -------\LEGACY_WGHWUFGI
    -------\sedwdxvx
    -------\wghwufgi


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-13 20:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-12 11:01 . 2008-01-13 15:15 <REP> d-------- C:\Program Files\a-squared Anti-Malware
    2008-01-12 00:54 . 2008-01-12 00:54 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Grisoft
    2008-01-12 00:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-12 00:09 . 2008-01-12 00:09 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
    2008-01-12 00:04 . 2008-01-12 00:04 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-12 00:04 . 2008-01-12 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-12 00:04 . 2008-01-12 00:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVG7
    2008-01-12 00:04 . 2008-01-12 00:14 <REP> d-------- C:\Documents and Settings\Admin\Application Data\AVG7
    2008-01-11 20:20 . 2007-11-16 11:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-01-11 20:20 . 2007-11-16 11:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-01-11 20:20 . 2007-11-16 10:53 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-01-11 20:20 . 2007-11-16 11:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-01-11 20:20 . 2007-11-16 11:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-01-11 20:20 . 2007-11-16 10:57 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-01-11 20:20 . 2008-01-12 00:04 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-01-11 19:28 . 2008-01-11 19:28 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-11 19:28 . 2008-01-11 19:28 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-11 19:28 . 2008-01-11 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-11 18:54 . 2008-01-11 18:54 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
    2008-01-11 18:54 . 2008-01-11 18:54 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
    2008-01-11 17:54 . 2008-01-11 18:50 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft
    2008-01-10 00:00 . 2008-01-10 00:16 64,309 --a------ C:\PokerStars.log.0
    2008-01-08 11:06 . 2008-01-08 11:06 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Canon
    2008-01-08 11:05 . 2005-07-26 13:44 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-01-08 10:53 . 2008-01-08 10:53 <REP> d-------- C:\Program Files\Canon
    2008-01-08 10:53 . 2008-01-08 10:53 <REP> d-------- C:\Documents and Settings\Admin\WINDOWS
    2008-01-08 10:53 . 2002-05-14 11:57 305,664 --a------ C:\WINDOWS\IsUninst.exe
    2008-01-08 10:52 . 2002-04-12 20:23 339,968 --a------ C:\WINDOWS\system32\N124UFW.dll
    2008-01-08 10:52 . 2001-04-11 02:10 327,740 --a------ C:\WINDOWS\system32\UCS32P.DLL
    2008-01-08 10:52 . 2002-04-26 18:37 32,768 --a------ C:\WINDOWS\system32\CNQU70.DLL
    2008-01-04 10:59 . 2005-07-26 13:44 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-01-04 10:59 . 2005-07-26 13:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-01-04 10:59 . 2005-07-26 13:43 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-04 10:59 . 2005-07-26 13:43 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-01-03 13:37 . 2008-01-03 15:16 295 --a------ C:\WINDOWS\MindMan.INI
    2008-01-03 09:17 . 2005-07-26 13:43 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
    2008-01-03 09:17 . 2005-07-26 13:43 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
    2008-01-03 09:17 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
    2008-01-03 09:17 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
    2008-01-03 09:17 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
    2008-01-03 09:17 . 2005-07-26 13:43 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
    2007-12-25 23:10 . 2007-12-25 23:10 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2007-12-25 23:09 . 2007-12-25 23:09 <REP> d-------- C:\Program Files\Real
    2007-12-25 23:09 . 2007-12-25 23:10 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2007-12-21 00:37 . 2008-01-14 06:51 <REP> d-------- C:\Program Files\eMule
    2007-12-17 13:03 . 2001-11-30 16:49 1,335,648 --a------ C:\WINDOWS\system32\Sbe6_32.dll
    2007-12-17 13:03 . 2001-06-20 19:21 1,056,768 --a------ C:\WINDOWS\system32\RoboEx32.dll
    2007-12-17 13:03 . 2001-11-30 16:49 558,656 --a------ C:\WINDOWS\system32\Sb6ent.ocx
    2007-12-17 13:03 . 2001-11-30 16:49 329,423 --a------ C:\WINDOWS\system32\Sbe6_000.hlp
    2007-12-17 13:03 . 2001-11-30 16:49 102,400 --a------ C:\WINDOWS\system32\Sbe6@fra.dll
    2007-12-17 13:03 . 2001-06-20 19:21 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
    2007-12-17 13:03 . 2001-11-30 16:49 6,537 --a------ C:\WINDOWS\system32\Sbe6_000.cnt
    2007-12-17 08:35 . 2007-12-17 08:35 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer
    2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-14 06:01 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent
    2008-01-13 23:00 --------- d-----w C:\Program Files\PokerStars
    2008-01-09 14:33 --------- d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM
    2007-12-30 21:12 --------- d-----w C:\Documents and Settings\Admin\Application Data\TribalWeb
    2007-12-11 08:20 --------- d-----w C:\Program Files\hp deskjet 845c series
    2007-12-11 08:18 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-12-09 13:12 --------- d-----w C:\Program Files\FileZilla
    2007-12-06 22:14 --------- d-----w C:\Program Files\QuickTime
    2007-12-06 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-06 14:23 --------- d-----w C:\Program Files\PowerPoint Viewer
    2007-12-05 18:37 --------- d-----w C:\Program Files\Panasonic P2
    2007-12-04 17:53 28,912 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-30 19:57 --------- d-----w C:\Program Files\TribalWeb.net
    2007-11-29 18:07 --------- d-----w C:\Program Files\Winamp
    2007-11-29 17:47 --------- d-----w C:\Program Files\uTorrent
    2007-11-26 09:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-26 09:03 --------- d-----w C:\Program Files\Avid
    2007-11-26 09:02 --------- d-----w C:\Program Files\SafeNet Sentinel
    2007-11-26 09:01 --------- d-----w C:\Program Files\Fichiers communs\Avid
    2007-11-26 08:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-11-26 08:40 --------- d-----w C:\Program Files\RegCleaner
    2007-11-26 08:39 --------- d-----w C:\Program Files\QuickTime(2)
    2007-11-26 08:39 --------- d-----w C:\Program Files\Avid(3)
    2007-11-26 08:39 --------- d-----w C:\Program Files\Apple Software Update
    2007-11-26 08:36 --------- d-----w C:\Program Files\Avid(2)
    2007-11-19 07:03 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
    2007-11-19 07:01 --------- d-----w C:\Program Files\Fichiers communs\SafeNet Sentinel
    2007-11-19 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2007-11-19 06:38 --------- d-----w C:\Program Files\Mindjet
    2007-11-17 21:36 --------- d-----w C:\Documents and Settings\Admin\Application Data\vlc
    2007-11-17 21:34 --------- d-----w C:\Program Files\VideoLAN
    2007-11-16 11:47 --------- d-----w C:\Program Files\Western Digital Technologies
    2007-11-16 11:47 --------- d-----w C:\Program Files\My Book
    2007-11-16 11:46 339,968 ----a-w C:\WINDOWS\system32\WDBtnMgr.exe
    2007-11-16 11:22 --------- d-----w C:\Documents and Settings\Admin\Application Data\Canopus
    2007-11-16 11:19 --------- d-----w C:\Program Files\VERITAS Software
    2007-11-16 11:19 --------- d-----w C:\Documents and Settings\Admin\Application Data\VERITAS
    2007-11-16 11:16 --------- d-----w C:\Program Files\Windows Media Components
    2007-11-16 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
    2007-11-16 11:14 --------- d-----w C:\Program Files\Ulead Systems
    2007-11-16 11:14 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
    2007-11-16 11:14 --------- d-----w C:\Program Files\Fichiers communs\SONY Digital Images
    2007-11-16 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2007-11-16 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Canopus
    2007-11-16 11:05 --------- d-----w C:\Program Files\DivX
    2007-11-16 11:04 --------- d-----w C:\Program Files\Fichiers communs\Canopus Shared
    2007-11-16 11:04 --------- d-----w C:\Program Files\Canopus
    2007-11-16 11:01 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-11-16 10:59 --------- d-----w C:\Program Files\nfoViewer
    2007-11-16 10:50 --------- d-----w C:\Program Files\Kerio
    2007-11-16 10:49 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-11-16 10:49 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-11-16 10:46 --------- d-----w C:\Program Files\Inachis
    2007-11-16 10:20 --------- d-----w C:\Program Files\Dell
    2007-11-16 10:16 --------- d-----w C:\Program Files\Intel
    2007-11-16 10:14 --------- d-----w C:\Documents and Settings\Admin\Application Data\Logitech
    2007-11-16 10:13 --------- d-----w C:\Program Files\SetPoint
    2007-11-16 10:13 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2007-11-16 10:11 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2007-11-16 10:11 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
    2007-11-16 10:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
    2007-11-16 10:11 --------- d-----w C:\Documents and Settings\Admin\Application Data\Intel
    2007-11-16 10:10 --------- d-----w C:\Program Files\Broadcom
    2007-11-16 10:08 --------- d-----w C:\Program Files\Synaptics
    2007-11-16 10:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-11-16 10:05 --------- d-----w C:\Program Files\CONEXANT
    2007-11-16 10:03 --------- d-----w C:\Program Files\SigmaTel
    2007-11-16 09:57 --------- d-----w C:\Program Files\microsoft frontpage
    2007-11-16 09:56 --------- d-----w C:\Program Files\Services en ligne
    2007-11-16 09:55 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-13_20.40.01.43 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-13 19:24:07 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-14 05:59:36 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-13 19:24:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-14 05:59:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-13 19:24:08 3,342,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
    + 2008-01-14 05:59:36 3,354,624 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
    - 2008-01-13 19:24:08 65,536 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-14 05:59:37 65,536 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-13 19:24:08 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-14 05:59:37 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-13 19:24:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-14 05:59:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-02-15 21:17 177152]
    "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-14 11:40 5304320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 12:17 282624 C:\WINDOWS\stsystra.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 20:38 7118848]
    "nwiz"="nwiz.exe" [2005-12-14 20:38 1519616 C:\WINDOWS\system32\nwiz.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-06 10:45 839680]
    "ShowLOMControl"="1 (0x1)" []
    "NexusServer"="C:\Program Files\Fichiers communs\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" [2004-04-28 01:41 188416]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
    "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 00:01 155648]
    "WD Button Manager"="WDBtnMgr.exe" [2007-11-16 12:46 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50 33792]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 17:10 110592 C:\WINDOWS\system32\bthprops.cpl]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 13:28 196608]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-25 23:10 185896]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 16:38 28160 C:\WINDOWS\KHALMNPR.Exe]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-12 10:34 579072]
    "AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-01-12 10:34 406528]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-12 11:07 1816208]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-12 10:34 219136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 12:24 341]
    "nlsf"="cmd.exe" [2004-08-19 17:09 400896 C:\WINDOWS\system32\cmd.exe]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 16:52 44544]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)

    R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 12:28]
    R2 p2csvc;p2csvc;C:\WINDOWS\system32\p2csvc.exe [2007-03-08 14:05]
    S3 p2usb;Panasonic P2 Series USB Device;C:\WINDOWS\system32\DRIVERS\p2usb.sys [2007-05-15 17:20]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-09 10:46:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-14 07:03:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-14 7:06:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-14 06:06:21
    ComboFix2.txt 2008-01-13 19:40:34





    Voilà maintenant le rapport Hijackthis:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:11:05, on 14/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\AvidSDMService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\p2csvc.exe
    C:\Program Files\Kerio\Personal Firewall\persfw.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Fichiers communs\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe
    C:\Program Files\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [ShowLOMControl]
    O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Fichiers communs\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Global Startup: e-Backup 1.42 Scheduler.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: P2 Card Manager.lnk = C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe
    O4 - Global Startup: SetPoint.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
    O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: p2csvc - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\p2csvc.exe
    O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 8556 bytes


    Merci à toi.
    a b 8 Sécurité
    14 Janvier 2008 17:51:17

    C'est mieux ?
    14 Janvier 2008 17:59:10

    plus de probleme apparent, super !
    Plus rien de suspect ?
    Un grand grand merci à toi en tout cas !!!
    a b 8 Sécurité
    14 Janvier 2008 18:11:38

    C'est ok je pense :) 

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS