Trojan downloader.exe+ win32.samll.ddx+ autre [Résolu]

Bonjour jlpjlp,

Je suis très, très novice dans le domaine....

J'ai pris en note vos instructions, je tente de faire ce que vous m'avez indiquez et je reviens avec l'information.

Un grand merci de m'aider

Bonjour jlpjlp,

Voici le rapport avec le combofix

ComboFix 08-03-26.1 - robert 2008-03-27 11:40:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.298 [GMT -4:00]
Running from: C:\Documents and Settings\robert\Desktop\Killbeagle.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.
TimedOut: progfile.dat
-- Script messages for sUBs --
GREP -Fis \baiso
VFind -td "C:\WINDOWS\system32\*"
Findstr -MIF:/ sursen
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -Eisf temp00
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\WINDOWS\dwnrpofk.dll
C:\WINDOWS\qvdntlmw.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))
.

2008-03-27 11:28 . 2008-03-27 11:31 <DIR> d-------- C:\Hijackthis
2008-03-27 11:23 . 2008-03-27 11:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-27 08:17 . 2008-03-27 08:17 <DIR> d-------- C:\VundoFix Backups
2008-03-27 06:22 . 2008-03-27 06:22 110,592 --a------ C:\WINDOWS\system32\tmpmvkpy.exe
2008-03-26 20:54 . 2008-03-27 11:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-26 20:54 . 2008-03-27 11:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-26 18:28 . 2008-03-26 18:28 <DIR> d-------- C:\Documents and Settings\robert\Desktopvirii
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\DesktopTrojan.Win32.BlackBird.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\DesktopFWebdEditor.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\Desktopfwebd.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\Desktopfkwp2.0.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\Desktopfkwp1.5.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\Desktopfilemanagerclient.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\DesktopEditorFKWP2.0.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\DesktopEditorFKWP1.5.exe
2008-03-26 18:27 . 2008-03-26 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\lijqvgvy
2008-03-26 18:27 . 2008-03-26 18:27 98,304 --a------ C:\WINDOWS\system32\xqtepibi.exe
2008-03-26 18:26 . 2008-03-26 12:28 221,184 --a------ C:\WINDOWS\vbgtorfd.dll
2008-03-26 18:26 . 2008-03-26 12:28 212,992 --a------ C:\WINDOWS\kdftlboedsb.dll
2008-03-26 18:26 . 2008-03-26 12:28 81,920 --a------ C:\WINDOWS\norlatmx.exe
2008-03-26 18:26 . 2008-03-26 18:26 21,660 --a------ C:\Program Files\antiviirus.exe
2008-03-26 18:26 . 2008-03-26 18:26 16,536 -r-hs---- C:\Program Files\tmp3.exe
2008-03-26 18:26 . 2008-03-26 18:26 16,536 -r-hs---- C:\Program Files\tmp2.exe
2008-03-26 18:26 . 2008-03-26 18:26 16,536 -r-hs---- C:\Program Files\tmp1.exe
2008-03-26 18:26 . 2008-03-26 18:26 16,536 -r-hs---- C:\Program Files\tmp0.exe
2008-03-25 11:06 . 2008-03-25 11:12 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-03-23 14:46 . 2008-03-23 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DivoGames
2008-03-10 16:45 . 2008-03-10 16:28 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 16:45 . 2008-03-10 16:45 2,548 --a------ C:\WINDOWS\unins000.dat
2008-03-09 21:34 . 2008-03-09 21:34 <DIR> d-------- C:\Program Files\Benjamin Moore
2008-03-09 21:34 . 2008-03-09 21:34 <DIR> d-------- C:\Benjamin Moore
2008-03-08 10:50 . 2008-03-08 10:50 <DIR> d-------- C:\Program Files\Room Arranger
2008-02-27 17:21 . 2008-02-27 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 15:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-27 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-27 01:02 --------- d-----w C:\Program Files\ErrorKiller
2008-03-23 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-23 19:30 --------- d-----w C:\Documents and Settings\robert\Application Data\PlayFirst
2008-03-23 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-23 19:23 --------- d-----w C:\Program Files\IncrediGames
2008-03-19 12:50 --------- d-----w C:\Documents and Settings\robert\Application Data\Canon
2008-03-11 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-11 10:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 14:57 --------- d-----w C:\Documents and Settings\robert\Application Data\OpenOffice.org2
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-05 20:26 --------- d-----w C:\Documents and Settings\robert\Application Data\Gamelab
2008-02-28 19:16 69,024 -c--a-w C:\Documents and Settings\robert\Application Data\GDIPFONTCACHEV1.DAT
2008-02-27 13:02 --------- d-----w C:\Program Files\Windows Live
2008-02-26 17:51 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-26 17:51 --------- d-----w C:\Program Files\Windows Live Favorites
2008-02-26 17:43 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-26 17:38 --------- d-----w C:\Program Files\MSN Messenger
2008-02-26 17:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 18:38 --------- d-----w C:\Program Files\Incredijeux
2008-02-25 18:30 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-02-22 19:35 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-22 19:35 --------- d-----w C:\Program Files\BookingBoard
2008-02-22 19:35 --------- d-----w C:\Program Files\Acoustica CD Label Maker
2008-02-22 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-22 16:29 --------- d-----w C:\Documents and Settings\robert\Application Data\Netscape
2008-02-18 12:27 --------- d-----w C:\Documents and Settings\robert\Application Data\Grisoft
2008-02-18 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 22:26 --------- d-----w C:\Program Files\IncrediMail
2008-02-17 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 00:46 85,504 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-02-15 03:19 164 ----a-w C:\install.dat
2008-02-08 15:37 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-02-01 16:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-30 15:43 --------- d-----w C:\Program Files\Creative
2008-01-30 15:38 --------- d-----w C:\Documents and Settings\robert\Application Data\SmartDraw
2006-02-23 22:12 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2003-11-22 21:49 1 -c--a-w C:\Documents and Settings\robert\scrcfg.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-09 08:52 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-02-03 16:04 214456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"SoundMan"="SOUNDMAN.EXE" [2003-05-13 18:20 55296 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50 155648]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 00:41 94208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-05 20:32 77824]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 18:19 40960]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 23:56 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-07-01 00:00 65536]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 23:56 188416]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-12 20:50 33792]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 03:20 372736]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-02 19:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 13:22 26248]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"!AVG Anti-Spyware"="C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"antiviirus"="C:\Program Files\antiviirus.exe" [2008-03-26 18:26 21660]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 03:56 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"XKzCRxfxYt"= C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"KernelRunOnce"= {027f38ec-ac1b-40cf-92d4-542c2d310fa1} - C:\WINDOWS\Installer\{027f38ec-ac1b-40cf-92d4-542c2d310fa1}\KernelRunOnce.dll [2008-03-26 18:26 14378]
"zip"= {b4db913f-28ad-4a68-8b0b-09b8e09e40c6} - C:\WINDOWS\Installer\{b4db913f-28ad-4a68-8b0b-09b8e09e40c6}\zip.dll [2008-03-26 18:26 23198]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Documents and Settings\\robert\\My Documents\\My Received Files\\IziSpot 3\\IziSpot.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-06-20 17:41]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 15:00:01 C:\WINDOWS\Tasks\AB8E033691F5BF8A.job"
- c:\progra~1\funkfo~1\Open Mpeg Once.exe
"2008-03-27 15:00:02 C:\WINDOWS\Tasks\AE5D636E91CAE24E.job"
- c:\progra~1\funkfo~1\Open Mpeg Once.exe
"2008-03-27 15:00:02 C:\WINDOWS\Tasks\AEFBD04A91804086.job"
- c:\progra~1\funkfo~1\Open Mpeg Once.exe
"2008-03-22 00:00:40 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - robert.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-03-27 15:16:32 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 11:49:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-27 11:59:35
ComboFix-quarantined-files.txt 2008-03-27 15:59:28
Pre-Run: 18,877,583,360 bytes free
Post-Run: 18,874,888,192 bytes free
.
2008-03-12 12:04:06 --- E O F ---


Maintenant pouvez vous me dire quoi faire ?

ok, j'ai fait « do a scan only» et coché les cases devant les lignes que tu m'as indiqué.

Voici le nouveau rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:43, on 2008-03-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Samsung ML-2010 Series\CommonSM\CommonSM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" USB(VGA) Camera
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Policies\Explorer\Run: [XKzCRxfxYt] C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.ca/s/v/24.9/uploader2.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

jlpjlp,

De plus, j'ai toujours cette fenêtre qui apparaît qui dit:

The application has failed ti start beacause MCF71U.DLL was not found. Re-Installing the application may fix the problem...

Peux-tu m'aider a retirer cette fenêtre aussi en ^même temps que l'autre: lucallbackproxy.exe


Merci à l'avance

Bon matin jlpjlp,

J'ai Relancer un Hijacthis et coché et fix checked.

J'ai fait un Otmoit et lancer supressions de la citation.

J'ai aussi lancé le logiciel pour le MCF71U.DLL Cependant, 993 fichier a été détecté et seulement 15 ont été réparer gratuitement, ça m'indique de payé pour le reste.....Que faire ?

Voici le rapport de combofix:

ComboFix 08-03-26.1 - robert 2008-03-29 8:00:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.361 [GMT -4:00]
Running from: C:\Documents and Settings\robert\Desktop\OUTILS PC\Killbeagle.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.
TimedOut: progfile.dat
-- Script messages for sUBs --
GREP -Fis \baiso
VFind -td "C:\WINDOWS\system32\*"
SED "/32\\[0-9]*\\insatll.~tmp/I!d"
VFind -tf "C:\WINDOWS\system32\insatll.~tmp"
Findstr -MIF:/ sursen
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -Eisf temp00
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-29 06:31 . 2008-03-29 06:31 <DIR> d-------- C:\Program Files\Uniblue
2008-03-29 06:31 . 2008-03-29 06:31 <DIR> d-------- C:\Documents and Settings\robert\Application Data\Uniblue
2008-03-28 08:58 . 2008-03-28 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
2008-03-27 15:51 . 2008-03-28 06:15 <DIR> d-------- C:\Program Files\Lopxp
2008-03-27 15:18 . 2008-03-27 15:18 <DIR> d-------- C:\Documents and Settings\robert\Application Data\Malwarebytes
2008-03-27 15:17 . 2008-03-27 20:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-27 15:17 . 2008-03-27 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-27 11:23 . 2008-03-27 11:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-26 20:54 . 2008-03-27 13:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-26 20:54 . 2008-03-27 12:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-25 11:06 . 2008-03-25 11:12 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-03-23 14:46 . 2008-03-23 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DivoGames
2008-03-10 16:45 . 2008-03-10 16:28 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 16:45 . 2008-03-10 16:45 2,548 --a------ C:\WINDOWS\unins000.dat
2008-03-09 21:34 . 2008-03-09 21:34 <DIR> d-------- C:\Program Files\Benjamin Moore
2008-03-09 21:34 . 2008-03-09 21:34 <DIR> d-------- C:\Benjamin Moore
2008-03-08 10:50 . 2008-03-08 10:50 <DIR> d-------- C:\Program Files\Room Arranger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-29 11:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-28 00:21 --------- d-----w C:\Program Files\MSN Messenger
2008-03-27 19:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-27 17:23 --------- d-----w C:\Program Files\Panda Security
2008-03-27 01:02 --------- d-----w C:\Program Files\ErrorKiller
2008-03-23 19:30 --------- d-----w C:\Documents and Settings\robert\Application Data\PlayFirst
2008-03-23 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-23 19:23 --------- d-----w C:\Program Files\IncrediGames
2008-03-19 12:50 --------- d-----w C:\Documents and Settings\robert\Application Data\Canon
2008-03-11 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-11 10:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 14:57 --------- d-----w C:\Documents and Settings\robert\Application Data\OpenOffice.org2
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-05 20:26 --------- d-----w C:\Documents and Settings\robert\Application Data\Gamelab
2008-02-28 19:16 69,024 -c--a-w C:\Documents and Settings\robert\Application Data\GDIPFONTCACHEV1.DAT
2008-02-27 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-02-27 13:02 --------- d-----w C:\Program Files\Windows Live
2008-02-26 17:51 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-26 17:51 --------- d-----w C:\Program Files\Windows Live Favorites
2008-02-26 17:43 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-26 17:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 18:38 --------- d-----w C:\Program Files\Incredijeux
2008-02-25 18:30 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-02-22 19:35 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-22 19:35 --------- d-----w C:\Program Files\BookingBoard
2008-02-22 19:35 --------- d-----w C:\Program Files\Acoustica CD Label Maker
2008-02-22 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-22 16:29 --------- d-----w C:\Documents and Settings\robert\Application Data\Netscape
2008-02-18 12:27 --------- d-----w C:\Documents and Settings\robert\Application Data\Grisoft
2008-02-18 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 22:26 --------- d-----w C:\Program Files\IncrediMail
2008-02-17 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 00:46 85,504 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-02-15 03:19 164 ----a-w C:\install.dat
2008-02-08 15:37 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-02-01 16:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-30 15:43 --------- d-----w C:\Program Files\Creative
2008-01-30 15:38 --------- d-----w C:\Documents and Settings\robert\Application Data\SmartDraw
2006-02-23 22:12 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2003-11-22 21:49 1 -c--a-w C:\Documents and Settings\robert\scrcfg.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-09 08:52 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-02-03 16:04 214456]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 15:51 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50 155648]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 00:41 94208]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 18:19 40960]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 23:56 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-07-01 00:00 65536]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 23:56 188416]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-12 20:50 33792]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 03:20 372736]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-02 19:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 13:22 26248]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"!AVG Anti-Spyware"="C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 03:56 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Documents and Settings\\robert\\My Documents\\My Received Files\\IziSpot 3\\IziSpot.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-06-20 17:41]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 00:06:12 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - robert.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-03-29 11:32:40 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 08:07:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-29 8:14:03
ComboFix-quarantined-files.txt 2008-03-29 12:14:00
Pre-Run: 24,214,421,504 bytes free
Post-Run: 24,203,825,152 bytes free
.
2008-03-12 12:04:06 --- E O F ---

Voici le nouveau rapport de Hijacthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:20:47, on 2008-03-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" USB(VGA) Camera
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.ca/s/v/24.9/uploader2.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe