Virus IE8 - Google

voila :
Rapport GenProc 2.640 [1] - 21/10/2009 à 19:13:44
@ Windows XP Service Pack 2 - Mode normal
@ Internet Explorer (8.0.6001.18702) [Navigateur par défaut]

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.

# Etape 1/ Télécharge :

- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3 (Team IDN) sur ton Bureau.


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Pierre-Yves *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).


# Etape 2/

Lance Toolbar-S&D situé sur le Bureau. Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport TB.txt situé dans C:\ ;
- Un nouveau rapport HijackThis https://forums.cnetfrance.fr/tutoriels-securite-informatique/1549-hijackthis-comment-l-utiliser ;
- Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

~~ Arguments de la procédure ~~


# Détections [1] GenProc 2.640 21/10/2009 à 19:14:44
Toolbar:le 21/10/2009 à 19:16:00 "C:\Documents and Settings\Pierre-Yves\Application Data\Search Settings"

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Fin à 19:16:19 ~~

narco, voila le resultat:

Rapport TB:

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : Pierre-Yves ( Administrator )
BOOT : Fail-safe boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:24 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 21/10/2009|19:41 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\KaZaA\Db
Supprime! - C:\Program Files\KaZaA\My Shared Folder
Supprime! - C:\Program Files\Need2Find\bar
Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-03414D9F.pf
Supprime! - C:\DOCUME~1\PIERRE~1\APPLIC~1\Search Settings\kb128
Supprime! - C:\Program Files\KaZaA
Supprime! - C:\Program Files\Need2Find
Supprime! - C:\DOCUME~1\PIERRE~1\APPLIC~1\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Start Page"="https://www.google.fr/?gws_rd=ssl"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 21/10/2009|19:44 - Option : [2]

-----------\\ Fin du rapport a 19:44:48,70

Rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:22, on 21/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O1 - Hosts: 89.149.210.109 www.google.com
O1 - Hosts: 89.149.210.109 www.google.de
O1 - Hosts: 89.149.210.109 www.google.fr
O1 - Hosts: 89.149.210.109 www.google.co.uk
O1 - Hosts: 89.149.210.109 www.google.com.br
O1 - Hosts: 89.149.210.109 www.google.it
O1 - Hosts: 89.149.210.109 www.google.es
O1 - Hosts: 89.149.210.109 www.google.co.jp
O1 - Hosts: 89.149.210.109 www.google.com.mx
O1 - Hosts: 89.149.210.109 www.google.ca
O1 - Hosts: 89.149.210.109 www.google.com.au
O1 - Hosts: 89.149.210.109 www.google.nl
O1 - Hosts: 89.149.210.109 www.google.co.za
O1 - Hosts: 89.149.210.109 www.google.be
O1 - Hosts: 89.149.210.109 www.google.gr
O1 - Hosts: 89.149.210.109 www.google.at
O1 - Hosts: 89.149.210.109 www.google.se
O1 - Hosts: 89.149.210.109 www.google.ch
O1 - Hosts: 89.149.210.109 www.google.pt
O1 - Hosts: 89.149.210.109 www.google.dk
O1 - Hosts: 89.149.210.109 www.google.fi
O1 - Hosts: 89.149.210.109 www.google.ie
O1 - Hosts: 89.149.210.109 www.google.no
O1 - Hosts: 89.149.210.109 search.yahoo.com
O1 - Hosts: 89.149.210.109 us.search.yahoo.com
O1 - Hosts: 89.149.210.109 uk.search.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [\\ACER-73356C3771\EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P44 "\\ACER-73356C3771\EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [toscdspd] TOSCDSPD.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ARCGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

un peu long le scan..... par contre il semble qu'il n'ait rien trouvé :

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6210
# api_version=3.0.2
# EOSSerial=c3bf95adf5a27142bb5d2ab1b7bc7264
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-21 08:00:16
# local_time=2009-10-21 10:00:16 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1367 1367 0 0
# compatibility_mode=1024 16777175 100 0 1670837 1670837 0 0
# compatibility_mode=8192 67108863 100 0 1065 1065 0 0
# scanned=126773
# found=0
# cleaned=0
# scan_time=5390

rien de 9

qd je lance IE avec google comme page d'acceuil, il m'affiche un page blanche. Si je tape l'adresse de google.fr il ne veut pas l'ouvrir. Si je fait une recherche google via la barre d'outil et que je clic sur un des liens proposés il m'ouvre une page qui n'a rien à voir....

je sais plus quoi faire !!!

t'aurai pas une autre proposition s'il te plait. En plus ca tombe tres mal car je cherche en ce moment du boulot.....

je sais pas si tu sais ms ton logiciel est corrompu !! il affiche lui meme une fenetre disant qu'il contient un virus...... Que faire?

je sais pas si tu y es pour qlq chose mais apres deuxieme tentative j'ai pu lancer combofix avec succes. Le rapport suit : (j'en fait koi?)

ComboFix 09-10-20.03 - Pierre-Yves 22/10/2009 1:38.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.502.224 [GMT 2:00]
Lancé depuis: c:\documents and settings\Pierre-Yves\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\Installer\1ed33c.msi

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-21 au 2009-10-21 ))))))))))))))))))))))))))))))))))))
.

2009-10-21 11:00 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-21 09:06 . 2009-10-21 09:06 -------- d-----w- c:\documents and settings\LocalService\Bureau
2009-10-21 08:48 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-21 08:37 . 2009-10-21 08:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-20 23:01 . 2009-10-21 18:07 -------- d-----w- c:\program files\Trend Micro
2009-10-20 21:02 . 2009-10-20 21:02 -------- d-----w- c:\documents and settings\Pierre-Yves\Application Data\Malwarebytes
2009-10-20 21:02 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 21:02 . 2009-10-20 21:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-20 21:02 . 2009-10-20 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-20 21:02 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-20 20:52 . 2009-10-21 20:17 -------- d-----w- c:\program files\Spy Guardian Pro Trial
2009-10-20 11:56 . 2009-10-20 11:56 2198 ----a-w- C:\q3ixUFqb.bat
2009-10-19 08:23 . 2009-10-19 10:12 -------- d-----w- c:\documents and settings\Pierre-Yves\Local Settings\Application Data\WMTools Downloaded Files
2009-10-19 07:37 . 2004-08-03 21:10 51328 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-10-19 07:37 . 2004-08-03 21:10 51328 ----a-w- c:\windows\system32\drivers\msdv.sys
2009-10-19 07:35 . 2004-08-03 21:10 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2009-10-19 07:35 . 2004-08-03 21:10 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2009-10-19 07:35 . 2004-08-03 21:10 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2009-10-19 07:35 . 2004-08-03 21:10 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2009-10-14 17:03 . 2009-10-14 17:03 -------- d-----w- c:\program files\EPSON
2009-10-14 10:48 . 2009-10-14 10:49 -------- d-----w- c:\documents and settings\Pierre-Yves\Application Data\pdfforge
2009-10-14 10:27 . 2009-10-21 23:47 -------- d-----w- c:\program files\pdfforge Toolbar
2009-10-14 10:25 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-10-14 10:25 . 1998-07-13 00:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2009-10-14 10:25 . 1998-07-13 00:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-10-14 10:25 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-10-14 10:25 . 2009-10-14 10:36 -------- d-----w- c:\program files\PDFCreator
2009-10-13 08:27 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-13 08:27 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-12 15:26 . 2009-10-21 23:15 -------- d-----w- c:\documents and settings\Pierre-Yves\Tracing
2009-10-12 15:24 . 2009-10-12 15:24 -------- d-----w- c:\program files\Microsoft
2009-10-12 15:23 . 2009-10-12 15:23 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-12 15:22 . 2009-10-12 15:23 -------- d-----w- c:\program files\Windows Live
2009-10-12 15:20 . 2009-10-12 15:20 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-10-12 14:05 . 2009-10-12 14:05 -------- d-sh--w- c:\documents and settings\Pierre-Yves\IECompatCache
2009-10-12 14:03 . 2009-10-12 14:03 -------- d-sh--w- c:\documents and settings\Pierre-Yves\PrivacIE
2009-10-12 14:01 . 2009-10-12 14:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-12 14:00 . 2009-10-12 14:00 -------- d-sh--w- c:\documents and settings\Pierre-Yves\IETldCache
2009-10-12 13:22 . 2009-10-13 08:25 -------- d-----w- c:\windows\ie8updates
2009-10-12 13:19 . 2009-10-12 13:22 -------- dc-h--w- c:\windows\ie8
2009-10-12 13:19 . 2009-10-12 13:21 -------- d-----w- c:\windows\system32\fr-FR
2009-10-12 12:59 . 2009-10-12 12:59 -------- d-----w- c:\windows\ServicePackFiles
2009-10-12 12:09 . 2005-07-26 04:29 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-10-12 12:09 . 2009-03-06 14:00 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-12 12:09 . 2009-02-06 09:41 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-12 12:09 . 2009-02-09 10:03 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-12 12:09 . 2009-02-09 10:03 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-12 12:09 . 2009-02-09 10:03 686080 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-12 12:09 . 2009-02-09 09:53 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-12 12:09 . 2009-02-06 09:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-10-12 12:09 . 2009-02-09 10:03 740352 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-12 12:08 . 2009-06-21 22:06 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-12 10:49 . 2008-05-01 14:31 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-12 08:40 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-10-12 08:39 . 2008-12-16 12:49 351232 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-10-12 08:36 . 2008-04-21 21:27 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-12 08:25 . 2009-10-12 08:35 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-02 23:19 . 2009-10-02 23:19 -------- d-----w- c:\documents and settings\Pierre-Yves\Application Data\Media Player Classic
2009-10-02 23:18 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-02 23:18 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-02 23:18 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-02 23:18 . 2009-10-02 23:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-02 11:04 . 2009-10-21 10:25 -------- d-----w- C:\$AVG8.VAULT$
2009-10-02 10:23 . 2009-10-02 10:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-02 10:23 . 2009-10-02 10:23 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-02 10:23 . 2009-10-02 10:23 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-02 10:23 . 2009-10-02 10:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-02 10:23 . 2009-10-21 15:29 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-02 10:23 . 2009-10-19 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-02 10:23 . 2009-10-02 10:23 -------- d-----w- c:\program files\AVG
2009-10-02 10:23 . 2009-10-02 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-02 09:17 . 2009-10-02 09:17 -------- d-----w- c:\program files\CCleaner
2009-10-02 08:38 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-02 08:38 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 20:59 . 2008-04-13 17:54 -------- d-----w- c:\program files\Star Alliance Mileage Calculator
2009-10-21 08:36 . 2007-10-02 20:01 -------- d-----w- c:\program files\Lavasoft
2009-10-14 10:46 . 2007-06-07 19:19 -------- d-----w- c:\documents and settings\Pierre-Yves\Application Data\gtk-2.0
2009-10-12 15:26 . 2005-12-22 10:52 75392 ----a-w- c:\documents and settings\Pierre-Yves\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 14:04 . 2005-09-16 06:23 64930 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-12 14:04 . 2005-09-16 06:23 448428 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-11 16:34 . 2007-08-06 15:30 -------- d-----w- c:\documents and settings\Pierre-Yves\Application Data\Skype
2009-10-02 08:31 . 2006-07-31 09:00 -------- d-----w- c:\program files\Google
2009-08-06 17:24 . 2005-09-16 06:35 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2005-09-16 06:35 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2005-09-16 06:35 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2005-05-26 03:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2005-09-16 06:35 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2005-09-16 06:22 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2005-09-16 06:35 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2005-09-16 06:35 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:06 . 2005-09-16 06:23 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2005-09-16 06:23 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2005-09-16 06:23 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 68856]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-06 184320]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 671744]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 53248]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077328]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ssdiag"="c:\windows\ssdiag.exe" [2005-05-13 57401]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-08 24576]
"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-07 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-19 2025752]
"\\ACER-73356C3771\EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-12-22 88358]
"Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2005-06-06 24576]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2005-08-22 28672]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-08-12 266240]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\Pierre-Yves\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-17 59080]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-02 10:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/10/2009 10:48 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/10/2009 12:23 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/10/2009 12:23 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/10/2009 12:23 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/10/2009 12:23 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 13:17 1170768]
S2 ARCGIS License Manager;ARCGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [16/02/2006 19:49 467968]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [07/08/2007 17:46 185504]
S3 V0250Vfx;V0250Vfx;c:\windows\system32\drivers\V0250Vfx.sys [07/08/2007 17:46 6272]
.
Contenu du dossier 'Tâches planifiées'

2009-10-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 08:46]

2005-12-22 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-09-16 10:00]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-toscdspd - TOSCDSPD.EXE
Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 01:48
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-10-21 1:51
ComboFix-quarantined-files.txt 2009-10-21 23:51

Avant-CF: 25 588 207 616 octets libres
Après-CF: 25 568 923 648 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 24B2F2B248CAA9686270A609E5EC0713

merci d'avance