Du passé faisons table rase [Résolu]

[Jérémy31]

Bonjour à tous,

Mon pc est infecté!! J'ai antivir + spyware doctor. Depuis quelques semaines, le scan antivir plantait et hier, spyware doctor a détecté des rootkits.

Plutôt que de chercher midi à 14h entre Hijackthis et CCleaner et vue la menace furtive des rootkits, je préfère totalement formater mon disque dur, effacer et réinstaller Windows et sauver ce qui peut être sauvé, bref, faire table rase pour être sûr que la menace soit effacée (enfin si les malwares n'ont pas atteint le noyau du système d'exploitation, j'ai lu des choses très effrayantes là-dessus).

Je ne suis pas très bon en informatique et je voulais savoir, quels sont les procédures, pas à pas pour totalement réintialiser mon système? J'ai un pc portable HP sous Windows Vista.

En vous remerciant de votre réponse!

[reg35]

salut
ccleaner n'est pas un antivirus!!!
cependant, tu peut toujours tenter de passer un coup de malwaresbytes anti malwares et pourkoi pas enssuite passer un coup de hyjackthis en nous postant le rapport jeneré.

imagines toi entrain de formater ton disque dur pour reinstaler ton windows et paf il plante en plein formatage a cause d'un virus ou malware...resultat ton hdd est mort...finalement au lieu d'avancer, tu prend le risque de reculer en empirant les choses!!!

[Jérémy31]

Ah bon? Mais je me suis un peu renseigné sur le sujet et on me dit que le seul espoir est de restaurer totalement la machine pour avoir la paix! Je ne pensais pas qu'un tel scénario pouvait être problable...

Sans ça j'ai essayé de les supprimer avec Spyware doctor, antivir et Avg antirootkit free et les fichiers reviennent toujours!!!!!

Voici le bilan d'Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:30, on 02/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32 askeng.exe
C:Program FilesSpyware DoctorpctsTray.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesIDTWDMsttray.exe
C:Program FilesHewlett-PackardMediaDVDDVDAgent.exe
C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe
C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesHewlett-PackardMediaTVTVAgent.exe
C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe
C:Program FilesDigitalPersonaBinDpAgent.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe
C:Program FilesJavajre6injusched.exe
C:Program FilesHPHP Software UpdatehpwuSchd2.exe
C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesAdobeAcrobat 9.0Acrobatacrotray.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:UsersJérémyAppDataRoamingMicrosoftNotification de cadeaux MSNlsnfier.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program FilesHewlett-PackardSharedhpqToaster.exe
C:Windowssystem32conime.exe
C:UsersJérémyDownloadsHiJackThis.exe
C:WindowsSystem32mobsync.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:Program FilesOrangeHSSSearchURLHookSearchPageURL.dll (file missing)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAOL Toolbar 5.0aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6injp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfree.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAOL Toolbar 5.0aoltb.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfree.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [SysTrayApp] %ProgramFiles%IDTWDMsttray.exe
O4 - HKLM..Run: [DVDAgent] "C:Program FilesHewlett-PackardMediaDVDDVDAgent.exe"
O4 - HKLM..Run: [TSMAgent] "C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe"
O4 - HKLM..Run: [CLMLServer for HP TouchSmart] "C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe"
O4 - HKLM..Run: [TVAgent] "C:Program FilesHewlett-PackardMediaTVTVAgent.exe"
O4 - HKLM..Run: [UCam_Menu] "C:Program FilesHewlett-PackardMediaWebcamMUITransferMUIStartMenu.exe" "C:Program FilesHewlett-PackardMediaWebcam" update "SoftwareHewlett-PackardMediaWebcam"
O4 - HKLM..Run: [SmartMenu] %ProgramFiles%Hewlett-PackardHP MediaSmartSmartMenu.exe
O4 - HKLM..Run: [UpdateLBPShortCut] "C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program FilesCyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"
O4 - HKLM..Run: [UpdatePSTShortCut] "C:Program FilesCyberLinkDVD SuiteMUITransferMUIStartMenu.exe" "C:Program FilesCyberLinkDVD Suite" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter"
O4 - HKLM..Run: [DpAgent] C:Program FilesDigitalPersonaBindpagent.exe
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [QlbCtrl.exe] C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [UpdateP2GoShortCut] "C:Program FilesCyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program FilesCyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"
O4 - HKLM..Run: [UpdatePDIRShortCut] "C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "C:Program FilesCyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6injusched.exe"
O4 - HKLM..Run: [HP Health Check Scheduler] c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [HP Software Update] C:Program FilesHpHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [WirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 - HKLM..Run: [SystrayORAHSS] "C:Program FilesOrangeHSSSystraySystrayApp.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [ISTray] "C:Program FilesSpyware DoctorpctsTray.exe"
O4 - HKLM..Run: [AdobeCS4ServiceManager] "C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" -launchedbylogin
O4 - HKLM..Run: [Adobe Acrobat Speed Launcher] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe"
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [Adobe_ID0ENQBO] C:PROGRA~1COMMON~1AdobeADOBEV~2ServerinVERSIO~2.EXE
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir Desktopavgnt.exe" /min
O4 - HKCU..Run: [LightScribe Control Panel] C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
O4 - HKCU..Run: [HPAdvisor] C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe autorun=AUTORUN
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [Steam] "C:Program FilesSteamSteam.exe" -silent
O4 - HKCU..Run: [AlcoholAutomount] "C:Program FilesAlcohol SoftAlcohol 120axcmd.exe" /automount
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - C:ProgramDataAOLieToolbar esourcesfr-FRlocalsearch.html
O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLMSystemCCSServicesTcpip..{CA084F4B-1BFB-49A8-9D8F-E6DCD338A5CF}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS4ServerinVersionCueCS4.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbaestsrv.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopavmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopsched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopavguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:Program FilesAviraAntiVir DesktopAVWEBGRD.EXE
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
O23 - Service: @C:Program FilesDigitalPersonaBinDpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:Program FilesDigitalPersonaBinDpHostW.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program FilesHP GamesMy HP Game ConsoleGameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:Windowssystem32Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:Windowssystem32GameMon.des.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:Program FilesSMINSTBLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared filesRichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware DoctorpctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware DoctorpctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbSTacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:Program FilesCommon FilesSteamSteamService.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:Program FilesHewlett-PackardMediaTVKernelTVTVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:Program FilesHewlett-PackardMediaTVKernelTVTVSched.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:Windowssystem32vfsFPService.exe

--
End of file - 14920 bytes

[danakil]

... on me dit que le seul espoir est de restaurer totalement la machine pour avoir la paix!

Le pire des RootKits est celui qui affirme de telles bétises ...
Tu as bien fait de passer par ici afin que l'on décontamine ton PC.

En attendant le retour de reg35 fais ceci :
- TéléchargeToolbar-S&D De Angeldark, Sham_Rock & XmichouX sur ton Bureau et pas ailleurs.

Aide en images

> Clic droit sur l'icône ToolBarSD.exe > Exécuter en tant qu'Administrateur ... afin de lancer l'installation.
> Une fois installé, un raccourci sera ajouté sur le Bureau. Clic droit dessus > Exécuter en tant qu'Adaministrateur ... pour démarrer l'outil.
> Dans la fenêtre qui s'ouvre, sélectionne pour le choix de la langue "F".
> Valide
> Sélectionne l'option 1 (recherche) et valide

*** Patiente jusqu'à la fin de la recherche.

> Sauvegarde le rapport qui s'ouvre à la fin du scan sur ton bureau.
> Poste le rapport.

[Jérémy31]

Bonjour à tous et merci pour vos réponses. Je tiens à préciser que j'ai désinstaller Antivir pour mettre AVG et le scan bloque aussi à un moment donné, ce qui prouve qu'il y a bien quelque chose qui coince...

J'ai installé Toolbar-S&D et voici ce qu'il a trouvé:


-----------\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Edition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz )
BIOS : Default System BIOS
USER : Jérémy ( Administrator )
BOOT : Normal boot
C: (Local Disk) - NTFS - Total:222 Go (Free:88 Go)
D: (Local Disk) - NTFS - Total:232 Go (Free:232 Go)
E: (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
F: (CD or DVD)
G: (Local Disk) - NTFS - Total:298 Go (Free:197 Go)
H: (CD or DVD)
J: (CD or DVD)

"C:ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 04/09/2009|22:02 )

[ UAC => 1 ]

-----------\ Recherche de Fichiers / Dossiers ...

C:Program FilesDAEMON Tools Toolbar
C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
C:Program FilesDAEMON Tools ToolbarResources
C:Program FilesDAEMON Tools Toolbaruninst.exe
C:Program FilesDAEMON Tools Toolbar\_DTLite.xml
C:Program FilesDAEMON Tools ToolbarResourcesabout.ico
C:Program FilesDAEMON Tools ToolbarResourcesAboutWindow.ico
C:Program FilesDAEMON Tools ToolbarResourcesAddRadioStation.ico
C:Program FilesDAEMON Tools ToolbarResourcesas.ico
C:Program FilesDAEMON Tools ToolbarResourcesas.png
C:Program FilesDAEMON Tools ToolbarResourcesastro.ico
C:Program FilesDAEMON Tools ToolbarResourcesaz.ico
C:Program FilesDAEMON Tools ToolbarResources1.bmp
C:Program FilesDAEMON Tools ToolbarResources1.png
C:Program FilesDAEMON Tools ToolbarResourcesBurnImage.ico
C:Program FilesDAEMON Tools ToolbarResourcesuy.ico
C:Program FilesDAEMON Tools ToolbarResourcescond000.gif
C:Program FilesDAEMON Tools ToolbarResourcescond001.gif
C:Program FilesDAEMON Tools ToolbarResourcescond003.gif
C:Program FilesDAEMON Tools ToolbarResourcescond004.gif
C:Program FilesDAEMON Tools ToolbarResourcescond005.gif
C:Program FilesDAEMON Tools ToolbarResourcescond006.gif
C:Program FilesDAEMON Tools ToolbarResourcescond007.gif
C:Program FilesDAEMON Tools ToolbarResourcescond008.gif
C:Program FilesDAEMON Tools ToolbarResourcescond009.gif
C:Program FilesDAEMON Tools ToolbarResourcescond010.gif
C:Program FilesDAEMON Tools ToolbarResourcescond011.gif
C:Program FilesDAEMON Tools ToolbarResourcescond019.gif
C:Program FilesDAEMON Tools ToolbarResourcescond020.gif
C:Program FilesDAEMON Tools ToolbarResourcescond021.gif
C:Program FilesDAEMON Tools ToolbarResourcescond022.gif
C:Program FilesDAEMON Tools ToolbarResourcescond023.gif
C:Program FilesDAEMON Tools ToolbarResourcescond024.gif
C:Program FilesDAEMON Tools ToolbarResourcescond025.gif
C:Program FilesDAEMON Tools ToolbarResourcescond026.gif
C:Program FilesDAEMON Tools ToolbarResourcescond037.gif
C:Program FilesDAEMON Tools ToolbarResourcescond038.gif
C:Program FilesDAEMON Tools ToolbarResourcescond039.gif
C:Program FilesDAEMON Tools ToolbarResourcescond040.gif
C:Program FilesDAEMON Tools ToolbarResourcescond041.gif
C:Program FilesDAEMON Tools ToolbarResourcescond046.gif
C:Program FilesDAEMON Tools ToolbarResourcescond048.gif
C:Program FilesDAEMON Tools ToolbarResourcescond050.gif
C:Program FilesDAEMON Tools ToolbarResourcescond051.gif
C:Program FilesDAEMON Tools ToolbarResourcescond052.gif
C:Program FilesDAEMON Tools ToolbarResourcescond053.gif
C:Program FilesDAEMON Tools ToolbarResourcescond054.gif
C:Program FilesDAEMON Tools ToolbarResourcescond055.gif
C:Program FilesDAEMON Tools ToolbarResourcescond056.gif
C:Program FilesDAEMON Tools ToolbarResourcescond057.gif
C:Program FilesDAEMON Tools ToolbarResourcescond058.gif
C:Program FilesDAEMON Tools ToolbarResourcescond059.gif
C:Program FilesDAEMON Tools ToolbarResourcescond060.gif
C:Program FilesDAEMON Tools ToolbarResourcescond061.gif
C:Program FilesDAEMON Tools ToolbarResourcescond062.gif
C:Program FilesDAEMON Tools ToolbarResourcescond063.gif
C:Program FilesDAEMON Tools ToolbarResourcescond064.gif
C:Program FilesDAEMON Tools ToolbarResourcescond065.gif
C:Program FilesDAEMON Tools ToolbarResourcescond066.gif
C:Program FilesDAEMON Tools ToolbarResourcescond067.gif
C:Program FilesDAEMON Tools ToolbarResourcescond068.gif
C:Program FilesDAEMON Tools ToolbarResourcescond069.gif
C:Program FilesDAEMON Tools ToolbarResourcescond075.gif
C:Program FilesDAEMON Tools ToolbarResourcescond076.gif
C:Program FilesDAEMON Tools ToolbarResourcescond077.gif
C:Program FilesDAEMON Tools ToolbarResourcescond078.gif
C:Program FilesDAEMON Tools ToolbarResourcescond079.gif
C:Program FilesDAEMON Tools ToolbarResourcescond080.gif
C:Program FilesDAEMON Tools ToolbarResourcescond084.gif
C:Program FilesDAEMON Tools ToolbarResourcescond085.gif
C:Program FilesDAEMON Tools ToolbarResourcescond086.gif
C:Program FilesDAEMON Tools ToolbarResourcescond087.gif
C:Program FilesDAEMON Tools ToolbarResourcescond088.gif
C:Program FilesDAEMON Tools ToolbarResourcescond089.gif
C:Program FilesDAEMON Tools ToolbarResourcescond090.gif
C:Program FilesDAEMON Tools ToolbarResourcescond091.gif
C:Program FilesDAEMON Tools ToolbarResourcescond092.gif
C:Program FilesDAEMON Tools ToolbarResourcescond093.gif
C:Program FilesDAEMON Tools ToolbarResourcescond094.gif
C:Program FilesDAEMON Tools ToolbarResourcescond095.gif
C:Program FilesDAEMON Tools ToolbarResourcescond108.gif
C:Program FilesDAEMON Tools ToolbarResourcescond109.gif
C:Program FilesDAEMON Tools ToolbarResourcescond110.gif
C:Program FilesDAEMON Tools ToolbarResourcescond111.gif
C:Program FilesDAEMON Tools ToolbarResourcescond112.gif
C:Program FilesDAEMON Tools ToolbarResourcescond113.gif
C:Program FilesDAEMON Tools ToolbarResourcescond120.gif
C:Program FilesDAEMON Tools ToolbarResourcescond121.gif
C:Program FilesDAEMON Tools ToolbarResourcescond122.gif
C:Program FilesDAEMON Tools ToolbarResourcescond126.gif
C:Program FilesDAEMON Tools ToolbarResourcescond127.gif
C:Program FilesDAEMON Tools ToolbarResourcescond128.gif
C:Program FilesDAEMON Tools ToolbarResourcescond129.gif
C:Program FilesDAEMON Tools ToolbarResourcescond130.gif
C:Program FilesDAEMON Tools ToolbarResourcescond131.gif
C:Program FilesDAEMON Tools ToolbarResourcescond132.gif
C:Program FilesDAEMON Tools ToolbarResourcescond133.gif
C:Program FilesDAEMON Tools ToolbarResourcescond134.gif
C:Program FilesDAEMON Tools ToolbarResourcescond135.gif
C:Program FilesDAEMON Tools ToolbarResourcescond136.gif
C:Program FilesDAEMON Tools ToolbarResourcescond137.gif
C:Program FilesDAEMON Tools ToolbarResourcescond138.gif
C:Program FilesDAEMON Tools ToolbarResourcescond140.gif
C:Program FilesDAEMON Tools ToolbarResourcescond141.gif
C:Program FilesDAEMON Tools ToolbarResourcescond142.gif
C:Program FilesDAEMON Tools ToolbarResourcescond143.gif
C:Program FilesDAEMON Tools ToolbarResourcescond148.gif
C:Program FilesDAEMON Tools ToolbarResourcescond149.gif
C:Program FilesDAEMON Tools ToolbarResourcescond152.gif
C:Program FilesDAEMON Tools ToolbarResourcescond154.gif
C:Program FilesDAEMON Tools ToolbarResourcescond155.gif
C:Program FilesDAEMON Tools ToolbarResourcescond156.gif
C:Program FilesDAEMON Tools ToolbarResourcescond157.gif
C:Program FilesDAEMON Tools ToolbarResourcesConfig.ico
C:Program FilesDAEMON Tools ToolbarResourcesd.ico
C:Program FilesDAEMON Tools ToolbarResourcesd2.ico
C:Program FilesDAEMON Tools ToolbarResourcesdaemon.ico
C:Program FilesDAEMON Tools ToolbarResourcesdot_disabled.bmp
C:Program FilesDAEMON Tools ToolbarResourcesdot_enabled.bmp
C:Program FilesDAEMON Tools ToolbarResourcesdot_on_over.bmp
C:Program FilesDAEMON Tools ToolbarResourcesds.ico
C:Program FilesDAEMON Tools ToolbarResourcesdsearch.ico
C:Program FilesDAEMON Tools ToolbarResourcesdt.ico
C:Program FilesDAEMON Tools ToolbarResourcesDTPro.ico
C:Program FilesDAEMON Tools ToolbarResourcesdtt16.ico
C:Program FilesDAEMON Tools ToolbarResourcesdtt32.ico
C:Program FilesDAEMON Tools ToolbarResourcesDwnl.ico
C:Program FilesDAEMON Tools ToolbarResourcesemulation.ico
C:Program FilesDAEMON Tools ToolbarResourcesfavicon.ico
C:Program FilesDAEMON Tools ToolbarResourcesfeatures.ico
C:Program FilesDAEMON Tools ToolbarResourcesGameCentrix.ico
C:Program FilesDAEMON Tools ToolbarResourcesGameS.ico
C:Program FilesDAEMON Tools ToolbarResourcesGameSA.ico
C:Program FilesDAEMON Tools ToolbarResourcesgd.ico
C:Program FilesDAEMON Tools ToolbarResourcesgenre.xml
C:Program FilesDAEMON Tools ToolbarResourcesglobe.ico
C:Program FilesDAEMON Tools ToolbarResourcesGrabImage.ico
C:Program FilesDAEMON Tools ToolbarResourceshb.bmp
C:Program FilesDAEMON Tools ToolbarResourceshb.ico
C:Program FilesDAEMON Tools ToolbarResourceshelp.ico
C:Program FilesDAEMON Tools ToolbarResourceshide.ico
C:Program FilesDAEMON Tools ToolbarResourcesImageS.ico
C:Program FilesDAEMON Tools ToolbarResourcesImageSA.ico
C:Program FilesDAEMON Tools ToolbarResourcesip.ico
C:Program FilesDAEMON Tools ToolbarResourceslang.xml
C:Program FilesDAEMON Tools ToolbarResourceslingvo.ico
C:Program FilesDAEMON Tools ToolbarResourcesm.ico
C:Program FilesDAEMON Tools ToolbarResourcesmail.bmp
C:Program FilesDAEMON Tools ToolbarResourcesmailc.bmp
C:Program FilesDAEMON Tools ToolbarResourcesmailc_disable.bmp
C:Program FilesDAEMON Tools ToolbarResourcesmailc_down.bmp
C:Program FilesDAEMON Tools ToolbarResourcesmailc_m.bmp
C:Program FilesDAEMON Tools ToolbarResourcesmailc_under.bmp
C:Program FilesDAEMON Tools ToolbarResourcesmail_disable.bmp
C:Program FilesDAEMON Tools ToolbarResourcesmail_down.bmp
C:Program FilesDAEMON Tools ToolbarResourcesmail_m.bmp
C:Program FilesDAEMON Tools ToolbarResourcesmail_under.bmp
C:Program FilesDAEMON Tools ToolbarResourcesMenuRadioConfig.ico
C:Program FilesDAEMON Tools ToolbarResourcesMenuRadioStation.ico
C:Program FilesDAEMON Tools ToolbarResourcesMenuRSCur.ico
C:Program FilesDAEMON Tools ToolbarResourcesMenuTr.ico
C:Program FilesDAEMON Tools ToolbarResources
ext.bmp
C:Program FilesDAEMON Tools ToolbarResources
ext_down.bmp
C:Program FilesDAEMON Tools ToolbarResources
ext_m.bmp
C:Program FilesDAEMON Tools ToolbarResources
ext_under.bmp
C:Program FilesDAEMON Tools ToolbarResources
one.bmp
C:Program FilesDAEMON Tools ToolbarResources
one_m.bmp
C:Program FilesDAEMON Tools ToolbarResources
oW.gif
C:Program FilesDAEMON Tools ToolbarResourcesop.ico
C:Program FilesDAEMON Tools ToolbarResourcesplay.bmp
C:Program FilesDAEMON Tools ToolbarResourcesplay.ico
C:Program FilesDAEMON Tools ToolbarResourcesplay_down.bmp
C:Program FilesDAEMON Tools ToolbarResourcesplay_m.bmp
C:Program FilesDAEMON Tools ToolbarResourcesplay_under.bmp
C:Program FilesDAEMON Tools ToolbarResourcespragma.ico
C:Program FilesDAEMON Tools ToolbarResourcesprev.bmp
C:Program FilesDAEMON Tools ToolbarResourcesprev_down.bmp
C:Program FilesDAEMON Tools ToolbarResourcesprev_m.bmp
C:Program FilesDAEMON Tools ToolbarResourcesprev_under.bmp
C:Program FilesDAEMON Tools ToolbarResourcesprod.ico
C:Program FilesDAEMON Tools ToolbarResourcesRadio.ico
C:Program FilesDAEMON Tools ToolbarResourcesRadioBg.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioBg.ico
C:Program FilesDAEMON Tools ToolbarResourcesRadioBgMask.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioDisp.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioDisp_m.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioDown.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioDown.ico
C:Program FilesDAEMON Tools ToolbarResourcesRadioDown_down.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioDown_m.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioDown_under.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioE.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioG.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioL.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioLDotMask.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioLeft.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioLeftMask.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioLM.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioM.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioN.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioR.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioR.ico
C:Program FilesDAEMON Tools ToolbarResourcesRadioRM.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioRU.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioVolume.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioVolume_down.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioVolume_m.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioVolume_under.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRadioW.bmp
C:Program FilesDAEMON Tools ToolbarResources bcheck.ico
C:Program FilesDAEMON Tools ToolbarResources btxt.ico
C:Program FilesDAEMON Tools ToolbarResources efresh.bmp
C:Program FilesDAEMON Tools ToolbarResources efresh_down.bmp
C:Program FilesDAEMON Tools ToolbarResources efresh_m.bmp
C:Program FilesDAEMON Tools ToolbarResources efresh_under.bmp
C:Program FilesDAEMON Tools ToolbarResourcesRss.ico
C:Program FilesDAEMON Tools ToolbarResourcesRss1.ico
C:Program FilesDAEMON Tools ToolbarResourcesRssA.ico
C:Program FilesDAEMON Tools ToolbarResourcesRssA1.ico
C:Program FilesDAEMON Tools ToolbarResources ssClose.ico
C:Program FilesDAEMON Tools ToolbarResources ssL.bmp
C:Program FilesDAEMON Tools ToolbarResources ssOpen.ico
C:Program FilesDAEMON Tools ToolbarResourcesRssRefresh.ico
C:Program FilesDAEMON Tools ToolbarResourcess2.ico
C:Program FilesDAEMON Tools ToolbarResourcesshow.ico
C:Program FilesDAEMON Tools ToolbarResourcessize.bmp
C:Program FilesDAEMON Tools ToolbarResourcessize_m.bmp
C:Program FilesDAEMON Tools ToolbarResourcesskins.ico
C:Program FilesDAEMON Tools ToolbarResourcesspt.ico
C:Program FilesDAEMON Tools ToolbarResourcesstop.bmp
C:Program FilesDAEMON Tools ToolbarResourcesstop.ico
C:Program FilesDAEMON Tools ToolbarResourcesstop_down.bmp
C:Program FilesDAEMON Tools ToolbarResourcesstop_m.bmp
C:Program FilesDAEMON Tools ToolbarResourcesstop_under.bmp
C:Program FilesDAEMON Tools ToolbarResourcesstyle.ico
C:Program FilesDAEMON Tools ToolbarResourcesSupportRequest.ico
C:Program FilesDAEMON Tools ToolbarResources ime.ico
C:Program FilesDAEMON Tools ToolbarResourcesTitleIcon.ico
C:Program FilesDAEMON Tools ToolbarResources oolbar.xml
C:Program FilesDAEMON Tools ToolbarResources rans.ico
C:Program FilesDAEMON Tools ToolbarResourcesTrash.bmp
C:Program FilesDAEMON Tools ToolbarResourcesTrash_disable.bmp
C:Program FilesDAEMON Tools ToolbarResourcesTrash_down.bmp
C:Program FilesDAEMON Tools ToolbarResourcesTrash_m.bmp
C:Program FilesDAEMON Tools ToolbarResourcesTrash_under.bmp
C:Program FilesDAEMON Tools ToolbarResourcesu.ico
C:Program FilesDAEMON Tools ToolbarResourcesvol.bmp
C:Program FilesDAEMON Tools ToolbarResourcesvol.ico
C:Program FilesDAEMON Tools ToolbarResourcesvol_back.bmp
C:Program FilesDAEMON Tools ToolbarResourcesvol_dott.bmp
C:Program FilesDAEMON Tools ToolbarResourcesvol_dott_m.bmp
C:Program FilesDAEMON Tools ToolbarResourcesvol_down.bmp
C:Program FilesDAEMON Tools ToolbarResourcesvol_m.bmp
C:Program FilesDAEMON Tools ToolbarResourcesvol_mute.bmp
C:Program FilesDAEMON Tools ToolbarResourcesvol_mute_check.bmp
C:Program FilesDAEMON Tools ToolbarResourcesvol_under.bmp
C:Program FilesDAEMON Tools ToolbarResourceswb.bmp
C:Program FilesDAEMON Tools ToolbarResourceswBtClose.bmp
C:Program FilesDAEMON Tools ToolbarResourceswBtClose_down.bmp
C:Program FilesDAEMON Tools ToolbarResourceswBtClose_m.bmp
C:Program FilesDAEMON Tools ToolbarResourceswBtClose_under.bmp
C:Program FilesDAEMON Tools ToolbarResourceswBtText.bmp
C:Program FilesDAEMON Tools ToolbarResourceswBtText_down.bmp
C:Program FilesDAEMON Tools ToolbarResourceswBtText_m.bmp
C:Program FilesDAEMON Tools ToolbarResourceswBtText_under.bmp
C:Program FilesDAEMON Tools ToolbarResourcesWeather_m42.bmp
C:Program FilesDAEMON Tools ToolbarResourcesWeather_m43.bmp
C:Program FilesDAEMON Tools ToolbarResourcesWebS.ico
C:Program FilesDAEMON Tools ToolbarResourcesWebSa.ico
C:Program FilesDAEMON Tools ToolbarResourceswi.ico
C:Program FilesDAEMON Tools ToolbarResourceswi0.ico
C:Program FilesDAEMON Tools ToolbarResourceswi1.ico
C:Program FilesDAEMON Tools ToolbarResourceswi10.ico
C:Program FilesDAEMON Tools ToolbarResourceswi11.ico
C:Program FilesDAEMON Tools ToolbarResourceswi12.ico
C:Program FilesDAEMON Tools ToolbarResourceswi13.ico
C:Program FilesDAEMON Tools ToolbarResourceswi14.ico
C:Program FilesDAEMON Tools ToolbarResourceswi2.ico
C:Program FilesDAEMON Tools ToolbarResourceswi3.ico
C:Program FilesDAEMON Tools ToolbarResourceswi4.ico
C:Program FilesDAEMON Tools ToolbarResourceswi5.ico
C:Program FilesDAEMON Tools ToolbarResourceswi6.ico
C:Program FilesDAEMON Tools ToolbarResourceswi7.ico
C:Program FilesDAEMON Tools ToolbarResourceswi8.ico
C:Program FilesDAEMON Tools ToolbarResourceswi9.ico

-----------\ [..Internet ExplorerMain]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Local Page"="C:\Windows\system32\blank.htm"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerMain]
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\Windows\System32\blank.htm"


--------------------\ Recherche d'autres infections

--------------------\ Cracks & Keygens ..

C:UsersJRMY~1DownloadsNo,2Adobe CS4 Master Collection - ShadeymanCS4 KeyGen.exe
C:UsersJRMY~1DownloadsNo,2Nero 8.3.6.0 Ultra Edition + SerialsNero 8 Ultra-ActivationNERO8HDKeygen.exe
C:UsersJRMY~1DownloadsNo,2Spyware Doctor v6.1.0.447 [2009] + Serial [h33t] - CaZoRSpyware Doctor v6.1.0.447 [2009] + Serial [h33t] - CaZoRCrack
C:UsersJRMY~1DownloadsNo,2Spyware Doctor v6.1.0.447 [2009] + Serial [h33t] - CaZoRSpyware Doctor v6.1.0.447 [2009] + Serial [h33t] - CaZoRCrackUpdate.exe
C:UsersJRMY~1Downloads[PC] Half Life 2 Episode Two [RIP] [dopeman]HL2E2Half Life 2 Episode Twoep2sound
pcantlion_guardantlion_guard_shellcrack1.wav
C:UsersJRMY~1Downloads[PC] Half Life 2 Episode Two [RIP] [dopeman]HL2E2Half Life 2 Episode Twoep2sound
pcantlion_guardantlion_guard_shellcrack2.wav


[ UAC => 1 ]


1 - "C:ToolBar SDTB_1.txt" - 04/09/2009|22:04 - Option : [1]

-----------\ Fin du rapport a 22:04:41,82

[danakil]

Salut !

- Relance ToolBar S&D par le raccourci sur ton Bureau > < Clic droit dessus --> Exécuter en tant qu'Administrateur

> Sélectionne l'option 2 (Suppression) et valide.
> Laisse se dérouler le scan ... jusqu'au rapport.
> Copie et colle ici celui-ci en réponse.

- Poste également un nouveau rapport HijackThis > Do a system scan and save a logfile



Edit :

Je tiens à préciser que j'ai désinstaller Antivir pour mettre AVG

On en reparlera en fin de désinfection sur le choix d'un AV !

[Jérémy31]

Voici! (Par contre, je ne cois pas pourquoi Daemon serait une menace, comment cela se fait?)


-----------\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Edition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz )
BIOS : Default System BIOS
USER : Jérémy ( Administrator )
BOOT : Normal boot
C: (Local Disk) - NTFS - Total:222 Go (Free:87 Go)
D: (Local Disk) - NTFS - Total:232 Go (Free:232 Go)
E: (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
F: (CD or DVD)
G: (Local Disk) - NTFS - Total:298 Go (Free:197 Go)
H: (CD or DVD)
J: (CD or DVD)

"C:ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 05/09/2009| 1:07 )

[ UAC => 1 ]

-----------\ SUPPRESSION

Supprime! - C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
Supprime! - C:Program FilesDAEMON Tools ToolbarResources
Supprime! - C:Program FilesDAEMON Tools Toolbaruninst.exe
Supprime! - C:Program FilesDAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:Program FilesDAEMON Tools Toolbar

-----------\ Recherche de Fichiers / Dossiers ...


-----------\ [..Internet ExplorerMain]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Local Page"="C:\Windows\system32\blank.htm"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerMain]
"Start Page"="http://www.msn.com/"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\Windows\System32\blank.htm"


--------------------\ Recherche d'autres infections

--------------------\ Cracks & Keygens ..

C:UsersJRMY~1DownloadsNo,2Adobe CS4 Master Collection - ShadeymanCS4 KeyGen.exe
C:UsersJRMY~1DownloadsNo,2Nero 8.3.6.0 Ultra Edition + SerialsNero 8 Ultra-ActivationNERO8HDKeygen.exe
C:UsersJRMY~1DownloadsNo,2Spyware Doctor v6.1.0.447 [2009] + Serial [h33t] - CaZoRSpyware Doctor v6.1.0.447 [2009] + Serial [h33t] - CaZoRCrack
C:UsersJRMY~1DownloadsNo,2Spyware Doctor v6.1.0.447 [2009] + Serial [h33t] - CaZoRSpyware Doctor v6.1.0.447 [2009] + Serial [h33t] - CaZoRCrackUpdate.exe
C:UsersJRMY~1Downloads[PC] Half Life 2 Episode Two [RIP] [dopeman]HL2E2Half Life 2 Episode Twoep2sound
pcantlion_guardantlion_guard_shellcrack1.wav
C:UsersJRMY~1Downloads[PC] Half Life 2 Episode Two [RIP] [dopeman]HL2E2Half Life 2 Episode Twoep2sound
pcantlion_guardantlion_guard_shellcrack2.wav


[ UAC => 1 ]


1 - "C:ToolBar SDTB_1.txt" - 04/09/2009|22:04 - Option : [1]
2 - "C:ToolBar SDTB_2.txt" - 05/09/2009| 1:11 - Option : [2]

-----------\ Fin du rapport a 1:12:00,09

[Jérémy31]

Rapport Hijackthis tout frais:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:14:57, on 05/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:WindowsSystem32smss.exe
C:Windowssystem32csrss.exe
C:Windowssystem32wininit.exe
C:Windowssystem32csrss.exe
C:Windowssystem32services.exe
C:Windowssystem32lsass.exe
C:Windowssystem32lsm.exe
C:Windowssystem32winlogon.exe
C:Windowssystem32svchost.exe
C:Windowssystem32svchost.exe
C:WindowsSystem32svchost.exe
C:Windowssystem32Ati2evxx.exe
C:WindowsSystem32svchost.exe
C:WindowsSystem32svchost.exe
C:Windowssystem32svchost.exe
C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbSTacSV.exe
C:Windowssystem32svchost.exe
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe
C:Windowssystem32Ati2evxx.exe
C:Windowssystem32Hpservice.exe
C:Windowssystem32vfsFPService.exe
C:Windowssystem32svchost.exe
C:WindowsSystem32spoolsv.exe
C:Program FilesDigitalPersonaBinDpHostW.exe
C:Windowssystem32Dwm.exe
C:Windowssystem32 askeng.exe
C:WindowsExplorer.EXE
C:Windowssystem32svchost.exe
C:Windowssystem32 askeng.exe
C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbaestsrv.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Windowssystem32svchost.exe
C:Program FilesSMINSTBLService.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesIDTWDMsttray.exe
C:Program FilesHewlett-PackardMediaDVDDVDAgent.exe
C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe
C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe
C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:Program FilesSpyware DoctorpctsTray.exe
C:Windowssystem32svchost.exe
C:Program FilesHewlett-PackardMediaTVKernelTVTVCapSvc.exe
C:Program FilesHewlett-PackardMediaTVKernelTVTVSched.exe
C:WindowsSystem32svchost.exe
C:Windowssystem32SearchIndexer.exe
C:Program FilesDigitalPersonaBinDpAgent.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe
C:Program FilesJavajre6injusched.exe
C:Program FilesHPHP Software UpdatehpwuSchd2.exe
C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesAdobeAcrobat 9.0Acrobatacrotray.exe
C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesSteamSteam.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:UsersJérémyAppDataRoamingMicrosoftNotification de cadeaux MSNlsnfier.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
C:Program FilesHewlett-PackardSharedhpqToaster.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Windowssystem32conime.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesCommon FilesSteamSteamService.exe
c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
C:Program FilesWindows LiveContactswlcomm.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesAVGAVG8avgtray.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:Program FilesAVGAVG8avgscanx.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:Windowssystem32SearchProtocolHost.exe
C:Program FilesAVGAVG8avgrsx.exe
C:Windowssystem32 askeng.exe
C:Windowssystem32 askeng.exe
C:Windowssystem32SearchFilterHost.exe
C:HiJackThis.exe
C:Windowssystem32wbemwmiprvse.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:Program FilesOrangeHSSSearchURLHookSearchPageURL.dll (file missing)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfree.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAOL Toolbar 5.0aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6injp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfree.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAOL Toolbar 5.0aoltb.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfree.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [SysTrayApp] %ProgramFiles%IDTWDMsttray.exe
O4 - HKLM..Run: [DVDAgent] "C:Program FilesHewlett-PackardMediaDVDDVDAgent.exe"
O4 - HKLM..Run: [TSMAgent] "C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe"
O4 - HKLM..Run: [CLMLServer for HP TouchSmart] "C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe"
O4 - HKLM..Run: [TVAgent] "C:Program FilesHewlett-PackardMediaTVTVAgent.exe"
O4 - HKLM..Run: [UCam_Menu] "C:Program FilesHewlett-PackardMediaWebcamMUITransferMUIStartMenu.exe" "C:Program FilesHewlett-PackardMediaWebcam" update "SoftwareHewlett-PackardMediaWebcam"
O4 - HKLM..Run: [SmartMenu] %ProgramFiles%Hewlett-PackardHP MediaSmartSmartMenu.exe
O4 - HKLM..Run: [UpdateLBPShortCut] "C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program FilesCyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"
O4 - HKLM..Run: [UpdatePSTShortCut] "C:Program FilesCyberLinkDVD SuiteMUITransferMUIStartMenu.exe" "C:Program FilesCyberLinkDVD Suite" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter"
O4 - HKLM..Run: [DpAgent] C:Program FilesDigitalPersonaBindpagent.exe
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [QlbCtrl.exe] C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [UpdateP2GoShortCut] "C:Program FilesCyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program FilesCyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"
O4 - HKLM..Run: [UpdatePDIRShortCut] "C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "C:Program FilesCyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6injusched.exe"
O4 - HKLM..Run: [HP Health Check Scheduler] c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [HP Software Update] C:Program FilesHpHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [WirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 - HKLM..Run: [SystrayORAHSS] "C:Program FilesOrangeHSSSystraySystrayApp.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [ISTray] "C:Program FilesSpyware DoctorpctsTray.exe"
O4 - HKLM..Run: [AdobeCS4ServiceManager] "C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" -launchedbylogin
O4 - HKLM..Run: [Adobe Acrobat Speed Launcher] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe"
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [Adobe_ID0ENQBO] C:PROGRA~1COMMON~1AdobeADOBEV~2ServerinVERSIO~2.EXE
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKCU..Run: [LightScribe Control Panel] C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
O4 - HKCU..Run: [HPAdvisor] C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe autorun=AUTORUN
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [Steam] "C:Program FilesSteamSteam.exe" -silent
O4 - HKCU..Run: [AlcoholAutomount] "C:Program FilesAlcohol SoftAlcohol 120axcmd.exe" /automount
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'SERVICE RESEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - C:ProgramDataAOLieToolbar esourcesfr-FRlocalsearch.html
O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLMSystemCCSServicesTcpip..{CA084F4B-1BFB-49A8-9D8F-E6DCD338A5CF}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS4ServerinVersionCueCS4.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbaestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
O23 - Service: @C:Program FilesDigitalPersonaBinDpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:Program FilesDigitalPersonaBinDpHostW.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program FilesHP GamesMy HP Game ConsoleGameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:Windowssystem32Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:Windowssystem32GameMon.des.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:Program FilesSMINSTBLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared filesRichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware DoctorpctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware DoctorpctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbSTacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:Program FilesCommon FilesSteamSteamService.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:Program FilesHewlett-PackardMediaTVKernelTVTVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:Program FilesHewlett-PackardMediaTVKernelTVTVSched.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:Windowssystem32vfsFPService.exe

--
End of file - 17697 bytes

[H3bus]

Voici! (Par contre, je ne cois pas pourquoi Daemon serait une menace, comment cela se fait?)

Parceque la menace n'est pas Daemon Tools lui même, mais bien sa Tollbar. Les toolbars sont pour la plupart des nids à virus...

Pour poursuivre, je te conseille de suivre le dossier "Nettoyage du PC", tu pourras le trouver dans la partie "Dossiers" du site.

Ensuite, les lignes Hijackthis à fixer :

Toutes les lignes commençant par O4 (tout les trucs qui font que ton PC mets une heure à démarrer)

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

Bref, désinstalles toutes les Toolbars et les soft qui ne servent pas, ensuite dossier de nettoyage, puis re-scan Hijackthis afin qu'on y voir plus clair...

[danakil]

Salut à tous !

A fin de faciliter la tâche de Jérémy31 dans la recherche de documents, il va procéder comme ceci :

1/ Lance Ccleaner et sélectionne l'onglet Outils > bouton Programmes de Désinstallations
> Recherche dans le menu déroulé le dossier --> Steam
> Sélectionne le par un clic dessus et clique enfin sur le bouton Lancer la désinstallation
>> Si le PC te demande un redémarrage --> Accepte.

2/ Relance HijackThis > Do a system scan only et coche ces lignes :

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [HP Software Update] C:Program FilesHpHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe

> Clique sur le bouton FixChecked > valide par OUI et referme toutes les fenêtres.

3/ Télécharge MalWarebytes' Anti-Malwares de Marcin Kleczynski sur ton Bureau.

>Installation<
- Clic droit sur mbam-setup.exe > Exécuter en tant qu'Administrateur.
- Sélectionne la langue et accepte la licence > Suivant ...
- Sélectionne l'installation de l'icône sur le Bureau
- Dans la dernière fenêtre en fin d'installation > Coche "la mise à jour" et le "lancement du logiciel".

>Le scan<
- Effectue un examen complet du PC en sélectionnant tous les lecteurs.
- En fin de scan une fenêtre t'affichera tous les éléments nuisibles ... > Clic sur le bouton Supprimer la sélection.
- Tu obtiendras enfin un rapport.

Copie et colle ici en réponse le rapport de nettoyage de MalWarebytes'
Précise également le comportement de ton PC et si tu n'as pu réaliser certaines étapes.

[Jérémy31]

Bonjour à tous!

J'ai suivi tous tes conseils Danakil, vu qu'ils englobaient ceux de H3bus. Désinstallation de Steam sous CCleaner, Hijackthis, scan sous MalwareBytes...

Seulement, à partir de la 35ème minute, le scan a totalement planté sur un fichier de Programmes Files. J'ai essayé de faire une prise d'écran pour vous le montrer mais Windows Explorer s'est mis a totalement planter aussi, à tel point que j'ai été obligé de débrancher le pc à la barbare pour le faire redémarrer.

Je me suis aussi retrouvé avec une toolbar Yahoo sous Mozilla alors que je n'ai rien demandé et le clic droit sous Mozilla ne marche plus.


Je tiens aussi à préciser que mercredi de cette semaine, j'ai refourgué ce PC chez le dépanneur informatique. Comme vous le voyez le problème n'a absolument pas été résolu, le mec s'étant contenté d'installer MalwareBytes et RSIT. Il a juste supprimé un rootkit TDS mais visiblement il y a autre chose...

[danakil]

Re,

On va opérer autrement !

Télécharge GenProc.exe de Narco4 & Jean-Chrétien1 sur ton Bureau.
> Clic droit sur GenProc.exe > Exécuter en tant qu'Administrateur >> Suis les instructions et poste moi son rapport.

[Jérémy31]

Narco4 de ce forum? Bravo pour ce que vous faites en tout cas et encore merci pour votre aide précieuse!

Voici le rapport de GenProc.exe:

Rapport GenProc 2.623 [1] - 05/09/2009 à 20:51:28
@ Windows Vista Service Pack 1 - Mode normal
@ Mozilla Firefox (3.5.2) [Navigateur par défaut]

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.

# Etape 1/ Télécharge :

- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.


Redémarre en mode sans échec comme indiqué ici http://www.pcloisirs.eu/mode_sans_echec.htm ; Choisis ta session courante *** Jérémy *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).


# Etape 2/

Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport Combofix.txt situé dans C: ;
- Un nouveau rapport HijackThis http://genproc.com/GenProc-HijackThis ;
- Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

~~ Arguments de la procédure ~~


# Détections [1] GenProc 2.623 05/09/2009 à 20:51:52
TDSS:le 05/09/2009 à 20:52:50 PFROP kbiwkm*

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Fin à 20:53:43 ~~

[danakil]

Applique la procédure donnée par le rapport GenProc.
Poste moi les rapports!

[Jérémy31]

Voici! Je n'ai pas eu de problèmes particuliers mis à part que Combofix a automatiquement redémarré le pc en mode normal et j'ai cru comprendre que le nettoyage de CCleaner devait se faire en sans-échec. J'ai galéré pour redémarrer en sans-échec (j'ai du le redémarrer au moins 6 fois!^^). Le rapport de Combofix:

ComboFix 09-09-04.02 - Jérémy 05/09/2009 21:11.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Edition Familiale Premium 6.0.6001.1.1252.33.1036.18.3068.2454 [GMT 2:00]
Running from: c:usersJérémyDesktopComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:$recycle.binS-1-5-21-1283881387-3170061788-4188127329-500
c:$recycle.binS-1-5-21-3104540662-266364775-151224713-1143
c:$recycle.binS-1-5-21-3541030145-2230641323-1226403519-500
c:windowsInstaller1ce58.msi
c:windowsInstaller1ce5c.msi
c:windowsInstaller1ce60.msi
c:windowsInstaller1ce64.msi
c:windowsInstaller1ce68.msi
c:windowsInstaller25d569.msi
G:Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_kbiwkmfntkfcsb
-------Service_kbiwkmfntkfcsb


((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-05 19:19 . 2009-09-05 19:19 -------- d-----w- c:usersDefaultAppDataLocal emp
2009-09-05 18:51 . 2009-09-05 18:51 -------- d-----w- C:GenProc
2009-09-05 12:25 . 2009-09-05 12:25 -------- d-----w- C:ackups
2009-09-05 12:13 . 2009-09-05 12:14 -------- d-----w- c:program filesCCleaner
2009-09-04 22:50 . 2009-09-04 22:50 401720 ----a-w- C:HiJackThis.exe
2009-09-04 20:01 . 2009-09-04 23:12 -------- d-----w- C:ToolBar SD
2009-09-04 19:04 . 2009-09-04 19:04 11952 ----a-w- c:windowssystem32avgrsstx.dll
2009-09-04 19:04 . 2009-09-04 19:04 108552 ----a-w- c:windowssystem32driversavgtdix.sys
2009-09-04 19:04 . 2009-09-04 19:04 335240 ----a-w- c:windowssystem32driversavgldx86.sys
2009-09-04 19:04 . 2009-09-04 19:04 27784 ----a-w- c:windowssystem32driversavgmfx86.sys
2009-09-04 19:04 . 2009-09-05 12:03 -------- d-----w- c:windowssystem32driversAvg
2009-09-04 19:03 . 2009-09-04 19:04 -------- d-----w- c:programdataAVG Security Toolbar
2009-09-04 19:03 . 2009-09-04 19:03 -------- d-----w- c:program filesAVG
2009-09-04 19:03 . 2009-09-04 19:03 -------- d-----w- c:programdataavg8
2009-09-04 17:13 . 2009-09-04 17:53 55656 ----a-w- c:windowssystem32driversavgntflt.sys
2009-09-03 14:16 . 2009-09-03 14:17 -------- d-----w- C: sit
2009-09-03 13:37 . 2009-08-28 12:39 28672 ----a-w- c:windowssystem32Apphlpdm.dll
2009-09-03 13:37 . 2009-08-28 10:15 4240384 ----a-w- c:windowssystem32GameUXLegacyGDFs.dll
2009-09-03 13:34 . 2009-08-03 11:36 38160 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-03 13:34 . 2009-09-03 13:34 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2009-09-03 13:34 . 2009-09-03 13:34 -------- d-----w- c:programdataMalwarebytes
2009-09-03 13:34 . 2009-08-03 11:36 19096 ----a-w- c:windowssystem32driversmbam.sys
2009-08-31 20:00 . 2009-08-31 20:00 -------- d-----w- c:programdataWindowsSearch
2009-08-31 17:43 . 2009-08-31 18:20 -------- d-----w- c:programdataKaspersky Lab
2009-08-27 21:31 . 2009-06-15 15:24 175104 ----a-w- c:windowssystem32wdigest.dll
2009-08-27 21:31 . 2009-06-15 15:24 270848 ----a-w- c:windowssystem32schannel.dll
2009-08-27 21:31 . 2009-06-15 15:23 1256448 ----a-w- c:windowssystem32lsasrv.dll
2009-08-27 21:31 . 2009-06-15 15:22 213504 ----a-w- c:windowssystem32msv1_0.dll
2009-08-27 21:31 . 2009-06-15 15:21 499712 ----a-w- c:windowssystem32kerberos.dll
2009-08-27 21:31 . 2009-06-15 18:20 439896 ----a-w- c:windowssystem32driversksecdd.sys
2009-08-27 21:31 . 2009-06-15 15:24 72704 ----a-w- c:windowssystem32secur32.dll
2009-08-27 21:31 . 2009-06-15 12:57 9728 ----a-w- c:windowssystem32lsass.exe
2009-08-27 21:07 . 2009-08-27 21:07 -------- d-----w- c:programdataALM
2009-08-27 20:45 . 2008-04-07 03:38 22872 ----a-r- c:windowssystem32AdobePDFUI.dll
2009-08-27 20:35 . 2009-08-27 20:35 -------- d-----w- c:program filesAdobe Media Player
2009-08-27 20:33 . 2009-08-27 20:33 -------- d-----w- c:program filesCommon FilesAdobe AIR
2009-08-27 07:07 . 2009-06-22 10:22 2048 ----a-w- c:windowssystem32 zres.dll
2009-08-16 17:33 . 2009-09-04 18:55 -------- d-----w- c:programdataAvira
2009-08-16 16:25 . 2008-12-11 06:38 159600 ----a-w- c:windowssystem32driverspctgntdi.sys
2009-08-16 16:24 . 2009-09-01 16:21 206256 ----a-w- c:windowssystem32driversPCTCore.sys
2009-08-16 16:24 . 2008-12-18 09:16 73840 ----a-w- c:windowssystem32driversPCTAppEvent.sys
2009-08-16 16:24 . 2009-08-16 16:25 -------- d-----w- c:program filesCommon FilesPC Tools
2009-08-16 16:24 . 2008-12-10 09:36 64392 ----a-w- c:windowssystem32driverspctplsg.sys
2009-08-16 16:24 . 2009-09-01 19:32 -------- d-----w- c:program filesSpyware Doctor
2009-08-16 16:24 . 2009-08-16 16:24 -------- d-----w- c:programdataPC Tools
2009-08-16 13:38 . 2009-08-16 13:38 -------- d--h--w- c:windowsmsdownld.tmp
2009-08-14 20:58 . 2009-08-14 20:58 -------- d-----w- c:program filesAudacity
2009-08-13 16:57 . 2009-07-17 14:35 71680 ----a-w- c:windowssystem32atl.dll
2009-08-13 16:57 . 2009-06-10 12:12 160256 ----a-w- c:windowssystem32wkssvc.dll
2009-08-13 16:57 . 2009-06-04 12:34 2066432 ----a-w- c:windowssystem32mstscax.dll
2009-08-13 16:57 . 2009-06-10 12:07 91136 ----a-w- c:windowssystem32avifil32.dll
2009-08-13 16:57 . 2009-07-14 13:00 313344 ----a-w- c:windowssystem32wmpdxm.dll
2009-08-13 16:57 . 2009-07-14 12:58 7680 ----a-w- c:windowssystem32spwmp.dll
2009-08-13 16:57 . 2009-07-14 12:59 4096 ----a-w- c:windowssystem32dxmasf.dll
2009-08-13 16:57 . 2009-07-14 10:59 8147456 ----a-w- c:windowssystem32wmploc.DLL
2009-08-10 07:17 . 2008-06-20 01:14 97800 ----a-w- c:windowssystem32infocardapi.dll
2009-08-10 07:17 . 2008-06-20 01:14 105016 ----a-w- c:windowssystem32PresentationCFFRasterizerNative_v0300.dll
2009-08-10 07:17 . 2008-06-20 01:14 43544 ----a-w- c:windowssystem32PresentationHostProxy.dll
2009-08-10 07:17 . 2008-06-20 01:14 11264 ----a-w- c:windowssystem32icardres.dll
2009-08-10 07:17 . 2008-06-20 01:14 622080 ----a-w- c:windowssystem32icardagt.exe
2009-08-10 07:17 . 2008-06-20 01:14 781344 ----a-w- c:windowssystem32PresentationNative_v0300.dll
2009-08-10 07:17 . 2008-06-20 01:14 326160 ----a-w- c:windowssystem32PresentationHost.exe
2009-08-10 07:09 . 2008-07-27 18:03 96760 ----a-w- c:windowssystem32dfshim.dll
2009-08-10 07:09 . 2008-07-27 18:03 282112 ----a-w- c:windowssystem32mscoree.dll
2009-08-10 07:09 . 2008-07-27 18:03 41984 ----a-w- c:windowssystem32
etfxperf.dll
2009-08-10 07:09 . 2008-07-27 18:03 158720 ----a-w- c:windowssystem32mscorier.dll
2009-08-10 07:09 . 2008-07-27 18:03 83968 ----a-w- c:windowssystem32mscories.dll
2009-08-08 16:03 . 2009-08-09 16:32 1944 ----a-w- c:windowseReg.dat
2009-08-08 15:47 . 2009-08-08 15:48 -------- d-----w- c:program filesMaxis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 12:16 . 2009-07-25 17:33 -------- d-----w- c:program filesSteam
2009-09-05 12:01 . 2009-07-25 17:36 -------- d-----w- c:program filesCommon FilesSteam
2009-09-04 09:42 . 2009-01-21 05:18 669566 ----a-w- c:windowssystem32perfh00C.dat
2009-09-04 09:42 . 2009-01-21 05:18 123556 ----a-w- c:windowssystem32perfc00C.dat
2009-09-03 14:15 . 2009-01-20 22:23 -------- d-----w- c:program filesCommon FilesAdobe
2009-09-01 16:21 . 2009-09-01 16:21 7396 ----a-w- c:windowssystem32driverspctcore.cat
2009-08-27 21:42 . 2009-07-29 08:49 -------- d-----w- c:programdataFLEXnet
2009-08-27 21:02 . 2009-07-25 15:52 -------- d-----w- c:program filesCommon FilesPX Storage Engine
2009-08-16 20:29 . 2009-01-20 22:37 -------- d-----w- c:program filesSMINST
2009-08-16 17:40 . 2009-07-25 16:01 -------- d-----w- c:program filesSpybot - Search & Destroy
2009-08-16 17:29 . 2009-01-20 21:25 -------- d-----w- c:programdataNorton
2009-08-16 16:41 . 2009-07-25 16:01 -------- d-----w- c:programdataSpybot - Search & Destroy
2009-08-14 07:55 . 2009-01-20 22:17 -------- d-----w- c:programdataMicrosoft Help
2009-08-14 07:54 . 2006-11-02 11:18 -------- d-----w- c:program filesWindows Mail
2009-08-09 16:17 . 2009-01-20 21:22 -------- d--h--w- c:program filesInstallShield Installation Information
2009-08-08 15:47 . 2009-01-20 21:22 -------- d-----w- c:program filesCommon FilesInstallShield
2009-08-03 20:58 . 2009-08-03 20:58 -------- d-----w- c:program filesCommon FilesControl Panels
2009-08-03 19:41 . 2009-08-03 19:41 -------- d-----w- c:program filesBonjour
2009-08-03 19:36 . 2009-08-03 19:36 -------- d-----w- c:program filesCommon FilesMacrovision Shared
2009-07-31 19:13 . 2009-07-31 19:13 -------- d-----w- c:program filesCommon FilesINCA Shared
2009-07-31 18:05 . 2009-07-31 18:05 -------- d-----w- c:program filesSubagames
2009-07-31 17:47 . 2009-07-31 17:47 -------- d-----w- c:programdataPMB Files
2009-07-31 17:46 . 2009-07-31 17:46 -------- d-----w- c:program filesPando Networks
2009-07-31 15:05 . 2009-07-25 13:44 -------- d-----w- c:program filesOrangeHSS
2009-07-29 21:12 . 2009-07-29 21:13 410984 ----a-w- c:windowssystem32deploytk.dll
2009-07-29 21:12 . 2009-01-20 22:33 -------- d-----w- c:program filesJava
2009-07-29 09:01 . 2009-07-29 09:01 0 ---ha-w- c:windowssystem32driversMsft_User_WpdFs_01_00_00.Wdf
2009-07-28 17:13 . 2009-01-20 22:06 -------- d-----w- c:program filesMicrosoft Works
2009-07-28 17:13 . 2006-11-02 12:37 -------- d-----w- c:program filesMSBuild
2009-07-28 17:11 . 2009-07-28 17:11 -------- d-----w- c:program filesMicrosoft.NET
2009-07-28 17:10 . 2009-07-28 17:10 -------- d-----w- c:program filesMicrosoft Visual Studio 8
2009-07-28 17:03 . 2009-07-28 17:03 -------- d-----w- c:programdataDAEMON Tools Lite
2009-07-28 17:03 . 2009-07-28 17:03 -------- d-----w- c:program filesDAEMON Tools Lite
2009-07-26 21:35 . 2009-07-26 21:35 -------- d-----w- c:program filesQuickTime
2009-07-26 21:35 . 2009-07-26 21:35 -------- d-----w- c:programdataApple Computer
2009-07-26 21:33 . 2009-07-26 21:33 -------- d-----w- c:program filesApple Software Update
2009-07-26 21:33 . 2009-07-26 21:33 -------- d-----w- c:programdataApple
2009-07-26 20:33 . 2009-07-26 20:33 -------- d-----w- c:program filesConduit
2009-07-26 20:33 . 2009-07-26 20:33 -------- d-----w- c:program filesAlcohol Soft
2009-07-26 20:29 . 2009-07-26 20:29 721904 ----a-w- c:windowssystem32driverssptd.sys
2009-07-26 20:23 . 2009-07-26 20:23 -------- d-----w- c:program files7-Zip
2009-07-26 17:46 . 2009-07-26 17:46 -------- d-----w- c:program filesBitTorrent
2009-07-25 16:25 . 2009-07-25 16:25 -------- d-----w- c:program filesMSXML 4.0
2009-07-25 16:08 . 2009-07-25 16:08 -------- d-----w- c:programdataeMule
2009-07-25 16:01 . 2009-01-20 21:25 -------- d-----w- c:programdataSymantec
2009-07-25 16:00 . 2009-07-25 16:00 -------- d-----w- c:program fileseMule
2009-07-25 15:59 . 2009-07-25 15:59 -------- d-----w- c:program filesMicrosoft
2009-07-25 15:59 . 2009-07-25 15:58 -------- d-----w- c:program filesWindows Live
2009-07-25 15:59 . 2009-07-25 15:59 -------- d-----w- c:program filesWindows Live SkyDrive
2009-07-25 15:55 . 2009-07-25 15:55 -------- d-----w- c:program filesCommon FilesWindows Live
2009-07-25 15:52 . 2009-07-25 15:52 -------- d-----w- c:program filesWinamp
2009-07-25 13:42 . 2009-07-25 13:42 -------- d-----w- c:program filesInventel
2009-07-25 13:29 . 2006-11-02 12:37 -------- d-----w- c:program filesWindows Sidebar
2009-07-25 13:27 . 2009-07-25 13:27 0 --sha-r- c:windowssystem32drivers103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCNF91552W5_E510505-051_4A_I3624_SQuanta_V18.27_F.12_T090323_WV3-1_L40C_M3069_J250_7Intel_867A_92.40_#090408_N10EC8168;80864237_(NL860EA#ABF)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-07-25 13:26 . 2009-07-25 13:26 -------- d-sh--we c:programdataModèles
2009-07-25 13:26 . 2009-07-25 13:26 -------- d-sh--we c:programdataMenu Démarrer
2009-07-25 13:26 . 2009-07-25 13:26 -------- d-sh--we c:programdataFavoris
2009-07-25 13:26 . 2009-07-25 13:26 -------- d-sh--we c:programdataBureau
2009-07-25 13:26 . 2009-07-25 13:26 -------- d-sh--we c:program filesFichiers communs
2009-07-21 21:52 . 2009-08-16 13:36 915456 ----a-w- c:windowssystem32wininet.dll
2009-07-21 21:47 . 2009-08-16 13:36 109056 ----a-w- c:windowssystem32iesysprep.dll
2009-07-21 21:47 . 2009-08-16 13:36 71680 ----a-w- c:windowssystem32iesetup.dll
2009-07-21 20:13 . 2009-08-16 13:36 133632 ----a-w- c:windowssystem32ieUnatt.exe
2009-06-15 15:24 . 2009-07-25 15:56 156672 ----a-w- c:windowssystem32 2embed.dll
2009-06-15 15:20 . 2009-07-25 15:56 72704 ----a-w- c:windowssystem32fontsub.dll
2009-06-15 15:20 . 2009-07-25 15:56 10240 ----a-w- c:windowssystem32dciman32.dll
2009-06-15 12:52 . 2009-07-25 15:56 289792 ----a-w- c:windowssystem32atmfd.dll
2009-01-21 05:37 . 2009-01-21 05:21 8192 --sha-w- c:windowsUsersDefaultNTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:program filesAVGAVG8ToolbarIEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOTclsid{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:55 1090816 ----a-w- c:program filesAVGAVG8ToolbarIEToolbar.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:program filesAVGAVG8ToolbarIEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOTclsid{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:program filesAVGAVG8ToolbarIEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOTclsid{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"LightScribe Control Panel"="c:program filesCommon FilesLightScribeLightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:program filesHewlett-PackardHP AdvisorHPAdvisor.exe" [2008-11-18 966656]
"msnmsgr"="c:program filesWindows LiveMessengermsnmsgr.exe" [2009-02-06 3885408]
"AlcoholAutomount"="c:program filesAlcohol SoftAlcohol 120axcmd.exe" [2009-04-24 203928]
"DAEMON Tools Lite"="c:program filesDAEMON Tools Litedaemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"StartCCC"="c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2008-08-29 61440]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-07-24 1348904]
"SysTrayApp"="c:program filesIDTWDMsttray.exe" [2008-10-26 450659]
"DVDAgent"="c:program filesHewlett-PackardMediaDVDDVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:program filesHewlett-PackardTouchSmartMediaTSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:program filesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe" [2008-12-25 189736]
"TVAgent"="c:program filesHewlett-PackardMediaTVTVAgent.exe" [2009-01-21 210216]
"UCam_Menu"="c:program filesHewlett-PackardMediaWebcamMUITransferMUIStartMenu.exe" [2008-11-14 218408]
"SmartMenu"="c:program filesHewlett-PackardHP MediaSmartSmartMenu.exe" [2008-11-18 914224]
"UpdateLBPShortCut"="c:program filesCyberLinkLabelPrintMUITransferMUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:program filesCyberLinkDVD SuiteMUITransferMUIStartMenu.exe" [2008-11-26 210216]
"DpAgent"="c:program filesDigitalPersonaBindpagent.exe" [2008-12-10 842816]
"Windows Defender"="c:program filesWindows DefenderMSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:program filesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:program filesCyberLinkPower2GoMUITransferMUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:program filesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:program filesJavajre6injusched.exe" [2009-07-29 148888]
"HP Health Check Scheduler"="c:program filesHewlett-PackardHP Health CheckHPHC_Scheduler.exe" [2008-10-09 75008]
"WirelessAssistant"="c:program filesHewlett-PackardHP Wireless AssistantHPWAMain.exe" [2008-12-08 432432]
"GrooveMonitor"="c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe" [2008-10-25 31072]
"ISTray"="c:program filesSpyware DoctorpctsTray.exe" [2009-07-22 1181064]
"AdobeCS4ServiceManager"="c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:program filesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:program filesAdobeAcrobat 9.0AcrobatAcrotray.exe" [2008-06-11 640376]
"AVG8_TRAY"="c:progra~1AVGAVG8avgtray.exe" [2009-09-04 2007832]

c:usersJ,r,myAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
OneNote 2007 Screen Clipper and Launcher.lnk - c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=c:windowsSystem32avgrsstx.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@="Service"

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
"{08BDAF68-55F3-4121-BB29-2F13B873373D}"= c:program filesCyberLinkPowerDirectorPDR.EXE:CyberLink PowerDirector
"{DE2CEE9D-9321-4227-AAB0-58E1E6257646}"= c:program filesHewlett-PackardMediaDVDHPTouchSmartMusic.exe:HP TouchSmart Music
"{CB367A9B-C87A-41EC-A1C2-A6D15B3FEF0F}"= c:program filesHewlett-PackardMediaDVDHPTouchSmartPhoto.exe:HP TouchSmart Photo
"{C562C992-9450-4E18-883D-3435881D2F4D}"= c:program filesHewlett-PackardMediaDVDHPTouchSmartVideo.exe:HP TouchSmart Video
"{1A81E2A1-8738-42D1-AB92-2B0F9C74C540}"= c:program filesHewlett-PackardMediaDVDTSMAgent.exe:HP TouchSmart Media Resident Program
"{9270F252-1697-491D-BD37-130886841509}"= c:program filesHewlett-PackardMediaDVDKernelCLMLCLMLSvc.exe:CyberLink Media Service
"{04626E5E-B82C-44CA-AA03-1DA32AB9D577}"= c:program filesHewlett-PackardMediaDVDHPDVDSmart.exe:HP MediaSmart DVD
"{540748A3-18FE-46D9-AB4A-76BAAD087475}"= c:program filesHewlett-PackardTouchSmartMediaHPTouchSmartMusic.exe:HP TouchSmart Music
"{7B1CD12D-F50B-4538-AEE6-F8549983C645}"= c:program filesHewlett-PackardTouchSmartMediaHPTouchSmartPhoto.exe:HP TouchSmart Photo
"{049DFB47-3690-41A4-A5FA-181A9E50C3F7}"= c:program filesHewlett-PackardTouchSmartMediaHPTouchSmartVideo.exe:HP TouchSmart Video
"{8EC4A3F0-4EE5-42EF-9ABE-323D912F8986}"= c:program filesHewlett-PackardTouchSmartMediaTSMAgent.exe:HP TouchSmart Media Resident Program
"{EE7C03C2-9517-4F21-BA17-C05E0CF20322}"= c:program filesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe:CyberLink Media Service
"{62675AB8-F84C-412E-9BFC-AE81AA570F19}"= c:program filesHewlett-PackardMediaTVQP.exe:Quick Play
"{E69F0C33-831E-485C-BD5B-DC562B975AFE}"= c:program filesHewlett-PackardMediaTVQPService.exe:Quick Play Resident Program
"{1B047EC0-6BA1-4181-8C68-DCFB9ACB65A4}"= UDP:c:program filesBitTorrentittorrent.exe:BitTorrent
"{855DC5F9-136F-491E-AA6E-4D499735E78C}"= TCP:c:program filesBitTorrentittorrent.exe:BitTorrent
"{03E43EFA-714F-4829-9BEE-018EF54456AD}"= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
"{5FCE599A-B22E-4798-B82B-5F66BD6F3A8F}"= UDP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
"{BF9978B8-5AC2-4298-8C08-C8C061E2FBB5}"= TCP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
"{A3EA9076-9EC1-4A4A-9E4A-A399E626AA0F}"= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{8C48552D-0A68-48CB-8BC5-DBD03CA395C8}"= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{2F9C2E6E-34BE-46DD-AF83-7AE67F91E152}"= UDP:c:program filesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{44CB829A-67DF-4FC0-AF3A-E1C02394ABC8}"= TCP:c:program filesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{1B59B033-E7CD-4E07-BA33-ACCA84B076FC}"= UDP:c:program filesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{876AE505-1769-47FC-851B-EC2D636DDE38}"= TCP:c:program filesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{716BBB31-C1F1-4178-8485-6892B3E93218}"= c:program filesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"TCP Query User{AEADD17E-4BFE-45B3-A6CB-88716A093B42}c:\users\jérémy\downloads\half-life all\hl.exe"= UDP:c:usersjérémydownloadshalf-life allhl.exe:hl.exe
"UDP Query User{F1ECFBF8-8052-498F-970A-7E0E99E94A8C}c:\users\jérémy\downloads\half-life all\hl.exe"= TCP:c:usersjérémydownloadshalf-life allhl.exe:hl.exe
"TCP Query User{3C486731-B138-4ED0-BD7A-62F73D859621}c:\program files\steam\steamapps\joelrobuchon\half-life 2 deathmatch\hl2.exe"= UDP:c:program filessteamsteamappsjoelrobuchonhalf-life 2 deathmatchhl2.exe:hl2
"UDP Query User{044BBA2B-7CAA-49CC-8EB3-802B7558CD72}c:\program files\steam\steamapps\joelrobuchon\half-life 2 deathmatch\hl2.exe"= TCP:c:program filessteamsteamappsjoelrobuchonhalf-life 2 deathmatchhl2.exe:hl2
"{3409A97C-B435-4854-BF88-7AFAC649CAC4}"= UDP:5353:Adobe CSI CS4
"{AC70215B-24C2-4817-898B-F1F2147C95E7}"= UDP:c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe:Adobe CSI CS4
"{F3ED4FD9-CE7E-45EB-99A2-5B4D78796FBF}"= TCP:c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe:Adobe CSI CS4
"{4C419408-1573-443C-899C-333388CDD83E}"= UDP:3703:Adobe Version Cue CS4 Server
"{5B1EC251-4464-41DB-A50B-325925701CA9}"= UDP:3704:Adobe Version Cue CS4 Server
"{23BB9FA5-ADD7-4219-AD84-4E94CFF7C1F6}"= UDP:51000:Adobe Version Cue CS4 Server
"{9626E65C-4772-4523-91C6-9FAED7FF6FBF}"= UDP:51001:Adobe Version Cue CS4 Server
"{096FF436-F08D-44C6-A2DC-66772D004FFB}"= UDP:c:program filesCommon FilesAdobeAdobe Version Cue CS4ServerinVersionCueCS4.exe:Adobe Version Cue CS4 Server
"{BF4684B2-EDDF-4631-B4EA-72A5788FFED8}"= TCP:c:program filesCommon FilesAdobeAdobe Version Cue CS4ServerinVersionCueCS4.exe:Adobe Version Cue CS4 Server
"{60D59089-E2AF-4693-8AAE-3B5431D38365}"= c:program filesAVGAVG8avgupd.exe:avgupd.exe
"{E9354154-DBA7-4091-9963-1E9EE4EC766D}"= c:program filesAVGAVG8avgnsx.exe:avgnsx.exe

R0 PCTCore;PCTools KDS;c:windowsSystem32driversPCTCore.sys [16/08/2009 18:24 206256]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowsSystem32driversavgldx86.sys [04/09/2009 21:04 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowsSystem32driversavgtdix.sys [04/09/2009 21:04 108552]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/08 04:18];c:program filesHewlett-PackardMediaDVD00.fcl [28/11/2008 18:04 87536]
R2 AESTFilters;Andrea ST Filters Service;c:windowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbAEstSrv.exe [08/04/2009 03:46 77824]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1AVGAVG8avgwdsvc.exe [04/09/2009 21:03 297752]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:windowssystem32svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R2 hpsrv;HP Service;c:windowsSystem32hpservice.exe [18/03/2008 16:24 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:program filesSMINSTBLService.exe [21/01/2009 00:37 365952]
R2 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [16/08/2009 18:24 348752]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:program filesHewlett-PackardMediaTVKernelTVTVCapSvc.exe [26/11/2008 17:13 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:program filesHewlett-PackardMediaTVKernelTVTVSched.exe [26/11/2008 17:13 116096]
R2 vfsFPService;Validity Fingerprint Service;c:windowsSystem32vfsFPService.exe [18/11/2008 06:09 599344]
R3 enecir;ENE CIR Receiver;c:windowsSystem32driversenecir.sys [04/09/2008 19:47 54784]
R3 JMCR;JMCR;c:windowsSystem32driversjmcr.sys [23/10/2008 11:42 107360]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:windowsSystem32driversNETw5v32.sys [08/04/2009 03:48 3664384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:program filesCommon FilesAdobeAdobe Version Cue CS4ServerinVersionCueCS4.exe [15/08/2008 05:46 284016]
S3 Com4QLBEx;Com4QLBEx;c:program filesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe [20/01/2009 23:38 222512]
S3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des -service --> c:windowssystem32GameMon.des -service [?]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:windowsSystem32driversPCAMp50.sys [25/07/2009 17:47 28224]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:windowsSystem32 undll32.exe" "c:windowsSystem32iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:program filesCommon FilesLightScribeLSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
HKLM-Run-SystrayORAHSS - c:program filesOrangeHSSSystraySystrayApp.exe


.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:programdataAOLieToolbar esourcesfr-FRlocalsearch.html
IE: Ajouter la cible du lien à un fichier PDF existant - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:progra~1MICROS~3Office12EXCEL.EXE/3000
TCP: {CA084F4B-1BFB-49A8-9D8F-E6DCD338A5CF} = 192.168.1.1
FF - ProfilePath - c:usersJérémyAppDataRoamingMozillaFirefoxProfilesh6vwfesu.default
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://fr.yhs.search.yahoo.com/avg/sear ... -web_fr&p=
FF - plugin: c:program filesMozilla Firefoxplugins
pPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 21:22
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINESYSTEMControlSet001Services
pggsvc]
"ImagePath"="c:windowssystem32GameMon.des -service"

[HKEY_LOCAL_MACHINESYSTEMControlSet001Services{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="??c:program filesHewlett-PackardMediaDVD00.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(716)
c:windowssystem32DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(2540)
c:program filesSpyware Doctorpctgmhk.dll
c:program filesMicrosoft OfficeOffice12GrooveUtil.DLL
c:program filesCommon FilesAdobeAdobe Drive CS4AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:windowsSystem32Ati2evxx.exe
c:windowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbstacsv.exe
c:windowsSystem32audiodg.exe
c:windowsSystem32Ati2evxx.exe
c:program filesDigitalPersonaBinDpHostW.exe
c:program filesBonjourmDNSResponder.exe
c:program filesCommon FilesLightScribeLSSrvc.exe
c:program filesCyberLinkShared filesRichVideo.exe
c:program filesSpyware DoctorpctsSvc.exe
c:progra~1AVGAVG8avgrsx.exe
c:progra~1AVGAVG8avgnsx.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:program filesHewlett-PackardHP Health CheckHPHC_Service.exe
.
**************************************************************************
.
Completion time: 2009-09-05 21:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-05 19:30

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 102 097 776 640 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
372 --- E O F --- 2009-09-04 01:00

Le rapport Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:05, on 05/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:WindowsSystem32smss.exe
C:Windowssystem32csrss.exe
C:Windowssystem32wininit.exe
C:Windowssystem32csrss.exe
C:Windowssystem32services.exe
C:Windowssystem32lsass.exe
C:Windowssystem32lsm.exe
C:Windowssystem32winlogon.exe
C:Windowssystem32svchost.exe
C:Windowssystem32svchost.exe
C:WindowsSystem32svchost.exe
C:Windowssystem32Ati2evxx.exe
C:WindowsSystem32svchost.exe
C:WindowsSystem32svchost.exe
C:Windowssystem32svchost.exe
C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbSTacSV.exe
C:Windowssystem32svchost.exe
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe
C:Windowssystem32Hpservice.exe
C:Windowssystem32Ati2evxx.exe
C:Windowssystem32vfsFPService.exe
C:Windowssystem32svchost.exe
C:WindowsSystem32spoolsv.exe
C:Program FilesDigitalPersonaBinDpHostW.exe
C:Windowssystem32Dwm.exe
C:Windowssystem32 askeng.exe
C:WindowsExplorer.EXE
C:Windowssystem32svchost.exe
C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbaestsrv.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Windowssystem32svchost.exe
C:Program FilesSMINSTBLService.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:Windowssystem32 askeng.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesIDTWDMsttray.exe
C:Program FilesHewlett-PackardMediaDVDDVDAgent.exe
C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe
C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:Program FilesDigitalPersonaBinDpAgent.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe
C:Program FilesJavajre6injusched.exe
C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:Program FilesSpyware DoctorpctsTray.exe
C:Windowssystem32svchost.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesHewlett-PackardMediaTVKernelTVTVCapSvc.exe
C:Program FilesAdobeAcrobat 9.0Acrobatacrotray.exe
C:Program FilesHewlett-PackardMediaTVKernelTVTVSched.exe
C:WindowsSystem32svchost.exe
C:Windowssystem32SearchIndexer.exe
C:Program FilesAVGAVG8avgtray.exe
C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe
C:Program FilesHewlett-PackardSharedhpqToaster.exe
C:Windowssystem32conime.exe
c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesWindows LiveContactswlcomm.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:HiJackThis.exe
C:Windowssystem32wbemwmiprvse.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
R3 - URLSearchHook: (no name) - *{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAOL Toolbar 5.0aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6injp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAOL Toolbar 5.0aoltb.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [SysTrayApp] %ProgramFiles%IDTWDMsttray.exe
O4 - HKLM..Run: [DVDAgent] "C:Program FilesHewlett-PackardMediaDVDDVDAgent.exe"
O4 - HKLM..Run: [TSMAgent] "C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe"
O4 - HKLM..Run: [CLMLServer for HP TouchSmart] "C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe"
O4 - HKLM..Run: [TVAgent] "C:Program FilesHewlett-PackardMediaTVTVAgent.exe"
O4 - HKLM..Run: [UCam_Menu] "C:Program FilesHewlett-PackardMediaWebcamMUITransferMUIStartMenu.exe" "C:Program FilesHewlett-PackardMediaWebcam" update "SoftwareHewlett-PackardMediaWebcam"
O4 - HKLM..Run: [SmartMenu] %ProgramFiles%Hewlett-PackardHP MediaSmartSmartMenu.exe
O4 - HKLM..Run: [UpdateLBPShortCut] "C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program FilesCyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"
O4 - HKLM..Run: [UpdatePSTShortCut] "C:Program FilesCyberLinkDVD SuiteMUITransferMUIStartMenu.exe" "C:Program FilesCyberLinkDVD Suite" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter"
O4 - HKLM..Run: [DpAgent] C:Program FilesDigitalPersonaBindpagent.exe
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [QlbCtrl.exe] C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [UpdateP2GoShortCut] "C:Program FilesCyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program FilesCyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"
O4 - HKLM..Run: [UpdatePDIRShortCut] "C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "C:Program FilesCyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6injusched.exe"
O4 - HKLM..Run: [HP Health Check Scheduler] c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [WirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [ISTray] "C:Program FilesSpyware DoctorpctsTray.exe"
O4 - HKLM..Run: [AdobeCS4ServiceManager] "C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" -launchedbylogin
O4 - HKLM..Run: [Adobe Acrobat Speed Launcher] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe"
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [Adobe_ID0ENQBO] C:PROGRA~1COMMON~1AdobeADOBEV~2ServerinVERSIO~2.EXE
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKCU..Run: [LightScribe Control Panel] C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
O4 - HKCU..Run: [HPAdvisor] C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe autorun=AUTORUN
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [AlcoholAutomount] "C:Program FilesAlcohol SoftAlcohol 120axcmd.exe" /automount
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - C:ProgramDataAOLieToolbar esourcesfr-FRlocalsearch.html
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLMSystemCCSServicesTcpip..{CA084F4B-1BFB-49A8-9D8F-E6DCD338A5CF}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: C:WindowsSystem32avgrsstx.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS4ServerinVersionCueCS4.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbaestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
O23 - Service: @C:Program FilesDigitalPersonaBinDpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:Program FilesDigitalPersonaBinDpHostW.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program FilesHP GamesMy HP Game ConsoleGameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:Windowssystem32Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:Windowssystem32GameMon.des.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:Program FilesSMINSTBLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared filesRichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware DoctorpctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware DoctorpctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbSTacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:Program FilesCommon FilesSteamSteamService.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:Program FilesHewlett-PackardMediaTVKernelTVTVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:Program FilesHewlett-PackardMediaTVKernelTVTVSched.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:Windowssystem32vfsFPService.exe

--
End of file - 15521 bytes

Le rapport GenProc :



GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :


Etape 1/ Télécharge :
ToolsCleaner! (A.Rothstein & Dj QUIOU) sur ton Bureau.

Etape 2/
- Double-clique sur ToolsCleaner2.exe pour le lancer.
- Clique sur Recherche et laisse le scan agir.
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options Facultatives.
- Clique sur Quitter pour obtenir le rapport C:TCleaner.txt


Etape 3/
Poste un rapport Nod32 (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:Program FilesEsetOnlineScannerlog.txt