Sa l'fé pas : virus et hôtes indésirables...

3 ème étape :

Le rapport Hijackthis après redémarrage suite MBAM.

Quel est ton verdict ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:41, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Documents and Settings\Bénédicte\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {C6124AE6-C65E-4C2C-80C6-BA46C01A632E} - C:\WINDOWS\system32\eFwXnMFy.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\PCHButton.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: zpmayt.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Bonsoir,

Ci-joint le rapport Combofix :

ComboFix 08-12-16.03 - HP_Administrateur 2008-12-17 19:27:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1535.905 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\C-Fix.exe
Commutateurs utilisés :: c:\documents and settings\HP_Administrateur\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\perfect codec
c:\windows\system32\vfeicq.dll
c:\windows\system32\wyilqasw.ini
c:\windows\system32\yFMnXwFe.ini
c:\windows\system32\yFMnXwFe.ini2
c:\windows\system32\yiybhcmp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-17 au 2008-12-17 ))))))))))))))))))))))))))))))))))))
.

2008-12-16 00:11 . 2008-12-16 00:11 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 00:11 . 2008-12-16 00:11 <REP> d-------- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
2008-12-16 00:11 . 2008-12-16 00:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-16 00:11 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-16 00:11 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-15 23:50 . 2008-12-15 23:50 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-15 23:46 . 2008-12-15 23:46 <REP> d-------- c:\windows\ERUNT
2008-12-15 23:40 . 2008-12-16 00:04 <REP> d-------- C:\SDFix
2008-12-15 22:28 . 2008-12-15 22:28 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-15 06:19 . 2008-12-15 20:50 <REP> d-------- c:\program files\Navilog1
2008-12-14 21:49 . 2008-12-14 21:49 <REP> d-------- c:\windows\system32\bits
2008-12-14 21:49 . 2008-12-14 21:49 <REP> d-------- c:\windows\l2schemas
2008-12-14 21:46 . 2008-12-14 21:49 <REP> d-------- c:\windows\ServicePackFiles
2008-12-14 18:41 . 2008-12-14 18:41 <REP> d-------- c:\program files\Trend Micro
2008-12-14 01:23 . 2008-12-14 01:23 148,018 --a------ C:\mps32.exe
2008-12-02 18:45 . 2008-12-03 16:40 <REP> d-------- c:\program files\eMule
2008-11-29 16:58 . 2008-11-29 16:58 <REP> d-------- c:\program files\iPod
2008-11-29 16:58 . 2008-11-29 16:59 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 21:28 --------- d-----w c:\program files\Java
2008-11-29 17:43 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\Skype
2008-11-29 15:59 --------- d-----w c:\program files\iTunes
2008-11-29 15:58 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-29 15:53 --------- d-----w c:\program files\QuickTime
2008-11-29 15:36 --------- d-----w c:\program files\Safari
2008-11-05 04:44 --------- d-----w c:\program files\SmartTrak
2008-11-04 21:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 21:29 --------- d-----w c:\program files\Philips
2008-11-02 18:18 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\Apple Computer
2008-10-31 06:05 --------- d-----w c:\program files\Easy Internet signup
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2005-08-11 18:54 10,958,640 ----a-w c:\program files\GoogleEarth.exe
2005-06-27 13:06 44,332 ----a-w c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat
2005-05-29 13:19 70,992 ----a-w c:\documents and settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2005-02-11 11:43 90,112 ----a-w c:\documents and settings\Bénédicte\PRouter.dll
2005-02-11 11:41 94,208 ----a-w c:\documents and settings\Bénédicte\DATELANG.DLL
2005-02-11 11:40 61,440 ----a-w c:\documents and settings\Bénédicte\PDCMLang.dll
2005-02-11 11:40 61,440 ----a-w c:\documents and settings\Bénédicte\PDCMLang.dll
2005-02-11 11:40 32,768 ----a-w c:\documents and settings\Bénédicte\IEXPLang.dll
2005-02-11 11:40 32,768 ----a-w c:\documents and settings\Bénédicte\IEXPLang.dll
2005-02-11 11:40 24,576 ----a-w c:\documents and settings\Bénédicte\TABLLang.dll
2005-02-11 11:40 24,576 ----a-w c:\documents and settings\Bénédicte\TABLLang.dll
2005-01-26 13:28 69,745 ----a-w c:\documents and settings\Bénédicte\HotSyncWizard.exe
2005-01-26 13:28 69,745 ----a-w c:\documents and settings\Bénédicte\HotSyncWizard.exe
2005-01-26 13:27 401,408 ----a-w c:\documents and settings\Bénédicte\HSWizardRes.dll
2005-01-26 13:27 401,408 ----a-w c:\documents and settings\Bénédicte\HSWizardRes.dll
2005-01-25 07:48 204,800 ----a-w c:\documents and settings\Bénédicte\Photos.dll
2005-01-25 07:48 204,800 ----a-w c:\documents and settings\Bénédicte\Photos.dll
2005-01-07 14:36 32,768 ----a-w c:\documents and settings\Bénédicte\SyncDlgN20.dll
2005-01-07 14:36 32,768 ----a-w c:\documents and settings\Bénédicte\SyncDlgN20.dll
2005-01-05 08:51 65,536 ----a-w c:\documents and settings\Bénédicte\SgThemes.dll
2005-01-05 08:51 65,536 ----a-w c:\documents and settings\Bénédicte\SgThemes.dll
2005-01-05 08:51 307,280 ----a-w c:\documents and settings\Bénédicte\SgUI.dll
2005-01-05 08:51 307,280 ----a-w c:\documents and settings\Bénédicte\SgUI.dll
2005-01-05 08:51 270,336 ----a-w c:\documents and settings\Bénédicte\SgPalmShare.dll
2005-01-05 08:51 270,336 ----a-w c:\documents and settings\Bénédicte\SgPalmShare.dll
2004-12-24 05:51 28,672 ----a-w c:\documents and settings\Bénédicte\SgLangTables.dll
2004-12-24 05:51 28,672 ----a-w c:\documents and settings\Bénédicte\SgLangTables.dll
2004-12-24 05:39 77,824 ----a-w c:\documents and settings\Bénédicte\SgTasksCn.dll
2004-12-24 05:39 77,824 ----a-w c:\documents and settings\Bénédicte\SgTasksCn.dll
2004-12-20 05:39 196,608 ----a-w c:\documents and settings\Bénédicte\SgTables.dll
2004-12-20 05:39 196,608 ----a-w c:\documents and settings\Bénédicte\SgTables.dll
2004-11-22 14:27 794,624 ----a-w c:\documents and settings\Bénédicte\EzDll.dll
2004-11-22 14:27 794,624 ----a-w c:\documents and settings\Bénédicte\EzDll.dll
2004-11-11 14:28 348,160 ----a-w c:\documents and settings\Bénédicte\EXIF.DLL
2004-11-11 14:28 348,160 ----a-w c:\documents and settings\Bénédicte\EXIF.DLL
2004-10-29 10:28 36,864 ----a-w c:\documents and settings\Bénédicte\ocpLangTasksCn.dll
2004-10-29 10:28 36,864 ----a-w c:\documents and settings\Bénédicte\ocpLangTasksCn.dll
2004-10-29 10:28 36,864 ----a-w c:\documents and settings\Bénédicte\ocpLangNotesCn.dll
2004-10-29 10:28 36,864 ----a-w c:\documents and settings\Bénédicte\ocpLangNotesCn.dll
2004-10-29 10:28 36,864 ----a-w c:\documents and settings\Bénédicte\ocpLangCalendarCn.dll
2004-10-29 10:28 36,864 ----a-w c:\documents and settings\Bénédicte\ocpLangCalendarCn.dll
2004-10-29 10:26 36,864 ----a-w c:\documents and settings\Bénédicte\ocpLangContactsOL.dll
2004-10-29 10:25 86,016 ----a-w c:\documents and settings\Bénédicte\ocpNotifier.dll
2004-10-29 10:24 425,984 ----a-w c:\documents and settings\Bénédicte\ocpContactsOL.dll
2004-10-29 10:24 425,984 ----a-w c:\documents and settings\Bénédicte\ocpContactsOL.dll
2004-10-29 10:24 245,760 ----a-w c:\documents and settings\Bénédicte\ocpCalendarOL.dll
2004-10-29 10:24 245,760 ----a-w c:\documents and settings\Bénédicte\ocpCalendarOL.dll
2004-10-29 10:24 143,360 ----a-w c:\documents and settings\Bénédicte\ocpConduitUI.dll
2004-10-29 10:24 143,360 ----a-w c:\documents and settings\Bénédicte\ocpConduitUI.dll
2004-10-29 10:24 131,072 ----a-w c:\documents and settings\Bénédicte\ocpCalendarHH.dll
2004-10-29 10:24 131,072 ----a-w c:\documents and settings\Bénédicte\ocpCalendarHH.dll
2004-10-29 10:24 114,688 ----a-w c:\documents and settings\Bénédicte\ocpCalendarCn.dll
2004-10-29 10:24 114,688 ----a-w c:\documents and settings\Bénédicte\ocpCalendarCn.dll
2004-10-29 10:23 94,208 ----a-w c:\documents and settings\Bénédicte\ocpHHDbWrapper.dll
2004-10-29 10:23 94,208 ----a-w c:\documents and settings\Bénédicte\ocpHHDbWrapper.dll
2004-10-29 10:23 24,576 ----a-w c:\documents and settings\Bénédicte\ocpProgressBar.dll
2004-10-29 10:23 24,576 ----a-w c:\documents and settings\Bénédicte\ocpProgressBar.dll
2004-10-29 10:23 184,320 ----a-w c:\documents and settings\Bénédicte\ocpSyncClient.dll
2004-10-29 10:23 184,320 ----a-w c:\documents and settings\Bénédicte\ocpSyncClient.dll
2004-10-29 10:23 172,032 ----a-w c:\documents and settings\Bénédicte\ocpContactsHH.dll
2004-10-29 10:23 172,032 ----a-w c:\documents and settings\Bénédicte\ocpContactsHH.dll
2004-10-29 10:23 114,688 ----a-w c:\documents and settings\Bénédicte\ocpContactsCn.dll
2004-10-29 10:23 114,688 ----a-w c:\documents and settings\Bénédicte\ocpContactsCn.dll
2004-06-09 12:15 307,200 ----a-w c:\documents and settings\Bénédicte\ComStandard.dll
2004-06-09 12:15 307,200 ----a-w c:\documents and settings\Bénédicte\ComStandard.dll
2004-06-09 12:15 147,456 ----a-w c:\documents and settings\Bénédicte\ComDirect.dll
2004-06-09 12:15 147,456 ----a-w c:\documents and settings\Bénédicte\ComDirect.dll
2004-06-09 12:15 131,072 ----a-w c:\documents and settings\Bénédicte\DmConduit.dll
2004-06-09 12:15 131,072 ----a-w c:\documents and settings\Bénédicte\DmConduit.dll
2004-06-09 12:15 131,072 ----a-w c:\documents and settings\Bénédicte\ComConduit.dll
2004-06-09 12:15 131,072 ----a-w c:\documents and settings\Bénédicte\ComConduit.dll
2004-06-09 12:09 5,120 ----a-w c:\documents and settings\Bénédicte\CMGRLANG.dll
2004-06-09 12:09 5,120 ----a-w c:\documents and settings\Bénédicte\CMGRLANG.dll
2004-06-09 11:49 65,536 ----a-w c:\documents and settings\Bénédicte\PSITzLib.dll
2004-06-09 11:49 65,536 ----a-w c:\documents and settings\Bénédicte\PSITzLib.dll
2004-06-09 11:29 81,920 ----a-w c:\documents and settings\Bénédicte\InterOp.PDStandardLib.Dll
2004-06-09 11:29 81,920 ----a-w c:\documents and settings\Bénédicte\InterOp.PDStandardLib.Dll
2004-06-09 11:29 45,056 ----a-w c:\documents and settings\Bénédicte\InterOp.PSDConduitLib.Dll
2004-06-09 11:29 45,056 ----a-w c:\documents and settings\Bénédicte\InterOp.PSDConduitLib.Dll
2004-06-09 11:29 45,056 ----a-w c:\documents and settings\Bénédicte\InterOp.PDDirectLib.Dll
2004-06-09 11:29 45,056 ----a-w c:\documents and settings\Bénédicte\InterOp.PDDirectLib.Dll
2004-06-09 11:29 32,768 ----a-w c:\documents and settings\Bénédicte\InterOp.DMCONDUITLib.Dll
2004-06-09 11:29 32,768 ----a-w c:\documents and settings\Bénédicte\InterOp.DMCONDUITLib.Dll
2004-06-09 11:28 90,181 ----a-w c:\documents and settings\Bénédicte\Subs30.dll
2004-06-09 11:28 90,181 ----a-w c:\documents and settings\Bénédicte\Subs30.dll
2004-06-09 11:28 315,392 ----a-w c:\documents and settings\Bénédicte\Pdcmn22.dll
2004-06-09 11:28 315,392 ----a-w c:\documents and settings\Bénédicte\Pdcmn22.dll
2004-06-09 11:28 299,008 ----a-w c:\documents and settings\Bénédicte\pdcmn21.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-16 1831936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 405583]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-30 68856]
"Acme.PCHButton"="c:\progra~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\PCHButton.exe" [2004-01-01 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-20 249856]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 344064]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-19 94208]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"CTHelper"="CTHELPER.EXE" [2003-11-14 c:\windows\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"StartMS"="c:\program files\Creative\Shared Files\Media Sniffer\StartMS.EXE" [2003-03-26 57344]
"CMSRegOW.exe"="c:\program files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 57344]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 c:\windows\MIDIDEF.EXE]

c:\documents and settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
PowerReg Scheduler.exe [2005-03-06 233472]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-10-02 1183744]
HotSync Manager.lnk - c:\documents and settings\B‚n‚dicte\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 241664]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-06-06 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zpmayt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=
"c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\SIERRA\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\SIERRA\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-25 111184]
R1 GhPciScan;GhostPciScanner;\??\c:\program files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-25 20560]
R3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2006-09-08 161792]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\DRIVERS\PCTELSAP.SYS [2004-01-01 350282]
S3 uir1100a;UIR1100A;c:\windows\system32\DRIVERS\uir1100a.sys [2006-10-02 31048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99c0859f-e883-11d9-9039-00112fa68014}]
\Shell\AutoRun\command - K:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{C6124AE6-C65E-4C2C-80C6-BA46C01A632E} - c:\windows\system32\eFwXnMFy.dll
HKCU-Run-CanalPlayer - c:\program files\Lecteur CANALPLAY\CanalPlayer.exe
HKLM-Run-VTTimer - VTTimer.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.neufportail.fr/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Tout télécharger avec NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Télécharger avec NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
Trusted Zone: *.canalplay.com
Trusted Zone: *.canalplusactive.com
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\cenetflt.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 20:20:49
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\progra~1\Symantec\NORTON~1\GHOSTS~2.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\ati2evxx.exe
c:\windows\ehome\ehmsas.exe
c:\documents and settings\Bénédicte\Hotsync.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Heure de fin: 2008-12-17 20:24:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-17 19:24:50

Avant-CF: 152 643 629 056 octets libres
Après-CF: 152,891,858,944 octets libres

298 --- E O F --- 2008-12-16 02:01:48

Bonsoir,

je reviens plus en détail sur ces instructions, et ai besoin d'un petit complément d'info :
1- j'utilise la barre Google, pas les autres ; comment fait-on pour les désinstaller ?
2- Avast : tu précises de supprimer d'abord les éléments en quarantaine ; coment fait-on (voit aucune commande dans ce sens en cliquant sur les icônes Avast dans la barre de tâche)
3- Hijacksthis : que veux-tu dire exactement par "coche ces lignes" ?

Désolé de ces questions naïves, mais ce points ne m'apparaissent pas clairs.

Prends ton temps, et fais tout dans l'ordre.
Attention à ne pas faire de restauration du système avant d'avoir supprimé les anciens points de restauration infectés ! Et ne reste pas non plus trop longtemps comme ça, il y a pas mal de failles de sécurité sur ton ordinateur...

La plupart des programmes de désinfections ne peuvent pas se mettre à jour, donc même si ton ordinateur est à nouveau infecté, tu ne pourras pas les réutiliser puisqu'ils ne seront plus à jour. Et comme ils peuvent être dangereux s'ils sont mal utilisés, autant les supprimer maintenant ;)