Probleme Antivirus 2009 + trojans

ca semble etre beaucoup mieux deja (fin des alertes avast et du téléchargement forcé de l'autre truc).... Merci beaucoup pour les instructions. Voici donc les rapports combofix et hijackthis.

Je reste à l'écoute au cas ou d'autres manip seraient a effectuer. En tout cas un grand merci déjà !



ComboFix 08-08-19.03 - watashi 2008-08-20 22:43:46.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.281 [GMT 2:00]
Endroit: D:\Bureau\Bureau\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\services.exe
C:\Users\watashi\AppData\Roaming\rhcpwtj0e1ag
C:\Windows\system32\aiawcnuw.dll
C:\Windows\system32\fcccbcbB.dll
C:\WINDOWS\System32\HgPrrqss.ini
C:\WINDOWS\System32\HgPrrqss.ini2
C:\Windows\system32\hGVPfEuu.dll
C:\Windows\system32\huujre.dll
C:\Windows\system32\knhyukdl.dll
C:\Windows\system32\lphctwtj0e1ag.exe
C:\WINDOWS\System32\nykpjeqs.ini
C:\Windows\system32\phctwtj0e1ag.bmp
C:\Windows\system32\pphctwtj0e1ag.exe
C:\Windows\system32\sqejpkyn.dll
C:\Windows\system32\ssqrrPgH.dll
C:\Windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))))))))
.

2008-08-20 21:39 . 2008-08-20 22:15 <REP> d-------- C:\Program Files\a-squared Free
2008-08-20 18:43 . 2008-08-20 18:43 <REP> d-------- C:\Program Files\Trend Micro
2008-08-20 18:43 . 2008-08-20 21:05 <REP> d-------- C:\hijackthis
2008-08-20 17:48 . 2008-08-20 17:48 79 --a------ C:\390.bat
2008-08-20 17:07 . 2008-08-20 17:14 <REP> d-------- C:\Users\watashi\AppData\Roaming\Wallpaper
2008-08-20 17:07 . 2008-08-20 17:07 <REP> d-------- C:\Program Files\Wallpaper
2008-08-19 13:50 . 2008-07-19 07:09 1,811,656 --a------ C:\WINDOWS\System32\wuaueng.dll
2008-08-19 13:50 . 2008-07-19 05:44 1,524,736 --a------ C:\WINDOWS\System32\wucltux.dll
2008-08-19 13:50 . 2008-07-19 05:44 83,456 --a------ C:\WINDOWS\System32\wudriver.dll
2008-08-19 13:50 . 2008-07-19 07:10 53,448 --a------ C:\WINDOWS\System32\wuauclt.exe
2008-08-19 13:50 . 2008-07-19 07:10 45,768 --a------ C:\WINDOWS\System32\wups2.dll
2008-08-19 13:50 . 2008-07-19 07:10 36,552 --a------ C:\WINDOWS\System32\wups.dll
2008-08-19 13:49 . 2008-07-19 07:09 563,912 --a------ C:\WINDOWS\System32\wuapi.dll
2008-08-19 13:49 . 2008-07-18 22:08 163,904 --a------ C:\WINDOWS\System32\wuwebv.dll
2008-08-19 13:49 . 2008-07-18 20:44 31,232 --a------ C:\WINDOWS\System32\wuapp.exe
2008-08-13 20:34 . 2008-08-13 20:34 <REP> d-------- C:\Program Files\Bonjour
2008-08-13 20:26 . 2008-08-13 20:26 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-13 10:30 . 2008-07-16 03:32 2,048 --a------ C:\WINDOWS\System32\tzres.dll
2008-08-13 10:13 . 2008-06-27 03:55 1,383,424 --a------ C:\WINDOWS\System32\mshtml.tlb
2008-08-13 10:13 . 2008-06-27 06:15 827,392 --a------ C:\WINDOWS\System32\wininet.dll
2008-08-13 09:28 . 2008-06-19 05:31 361,984 --a------ C:\WINDOWS\System32\IPSECSVC.DLL
2008-08-13 09:07 . 2008-04-18 07:48 269,312 --a------ C:\WINDOWS\System32\es.dll
2008-08-13 08:45 . 2008-04-10 07:12 738,304 --a------ C:\WINDOWS\System32\inetcomm.dll
2008-08-11 13:31 . 2008-08-11 13:33 <REP> d-------- C:\Program Files\Satsuki Decoder Pack
2008-08-10 21:38 . 2008-08-10 21:38 <REP> d-------- C:\Program Files\eMule
2008-08-05 13:14 . 2008-08-05 13:14 <REP> d-------- C:\Program Files\VirtualDubMOD
2008-07-30 21:47 . 2008-07-30 21:47 <REP> d-------- C:\Program Files\URUSoft
2008-07-24 15:57 . 2008-07-24 15:57 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-07-24 15:57 . 2008-07-24 15:57 <REP> d-------- C:\ProgramData\WindowsSearch
2008-07-24 15:04 . 2008-07-24 15:04 <REP> d-------- C:\Program Files\CCleaner
2008-07-24 14:03 . 2008-08-10 21:39 <REP> d-------- C:\Users\All Users\eMule
2008-07-24 14:03 . 2008-08-10 21:39 <REP> d-------- C:\ProgramData\eMule

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 20:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-20 17:05 --------- d-----w C:\Program Files\Stardock
2008-08-20 16:31 --------- d-----w C:\Users\watashi\AppData\Roaming\uTorrent
2008-08-20 14:49 --------- d-----w C:\Program Files\Common Files\Stardock
2008-08-19 13:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-13 18:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-13 15:01 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 08:32 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-24 13:00 --------- d-----w C:\Program Files\Gabest
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-12 18:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 18:51 --------- d-----w C:\Program Files\SAGEM
2008-07-12 18:50 --------- d-----w C:\Users\watashi\AppData\Roaming\InstallShield
2008-07-11 19:20 --------- d--h--w C:\ProgramData\CanonBJ
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-08 15:27 174 --sha-w C:\Program Files\desktop.ini
2008-06-08 13:41 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-08 13:41 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-06 13:50 57,762 ----a-w C:\Program Files\howto.chm
2008-06-06 13:50 568 ----a-w C:\Program Files\fpsectbl
2008-06-06 13:50 56,721 ----a-w C:\Program Files\realplay.chm
2008-06-06 13:50 119,808 ----a-w C:\Program Files\waiting.avi
2008-06-06 13:50 11,444 ----a-w C:\Program Files\frw.bmp
2008-06-06 13:50 1,209 ----a-w C:\Program Files\flvplay.swf
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2007-09-20 13:09 0 ----a-w C:\Users\watashi\AppData\Roaming\wklnhst.dat
2007-04-11 17:05 42,878 ----a-w C:\Program Files\Photoshop CS3 — Lisez-moi.html
2007-11-07 10:56 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-06 14:09 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-06 14:09 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-06 14:09 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Wallpaper"="C:\Program Files\Wallpaper\Wallpaper.exe" [2007-08-21 01:27 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 22:57 159744]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-02-16 02:08 172032]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39 46704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-09 00:22 185896]

C:\Users\watashi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-08-20 16:49:33 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=huujre.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\ssqrrPgH

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BA28DEFC-5B64-48B9-8AB4-FCA7274D4BDB}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{58548536-B69C-49F1-96FB-4097FB23F586}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{7EFF222C-E57B-4E88-A5DF-CE7E7269DB42}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1003B2E6-6BF1-4E2E-A255-4CFB6EDD6646}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{54262A41-8173-4092-B453-715FB88EC122}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B61EB31D-9C30-4B54-BE9C-7739B4BC109F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7A054E8D-C92B-4E78-9456-0AC1F8B6C21C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7B4EBD22-17EF-492D-B530-345008586981}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{B42FEB5C-A4F3-4F19-95DE-2A3C5D60391D}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{67D42722-5DD5-4424-86B3-C291E12A7639}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{FA208312-678C-496D-95FE-D31346398CBF}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{250C669D-F691-443C-A82E-76AF305919A7}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{85D764E2-D353-413E-9512-169CB2663035}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{70FC0AA5-6F94-4BE7-8AF8-D9AA2A747547}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{B70F23AD-A841-4AAA-A110-7F0E0CABC6E7}"= UDP:2869:S
"{7D6C7EE6-B37C-498A-9072-0039A15293BF}"= TCP:1900:C
"{594F4613-6374-4C8E-93E6-A003555617B3}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{00761E38-8CBF-47AA-94B9-19BBD3C68A89}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{44F5D295-06E4-4EEF-AD7A-8A33C34C2B94}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{B96F07C8-C9C5-4223-BEC0-CB70C6C4EA75}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{E3304E49-BB76-42BB-978A-854C23BBBA07}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{DACCD282-63AA-47AC-B582-DA7768EB4501}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{2A0C93E2-8AD6-4845-9166-E837B8DF3636}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{83B97227-FC0C-4EE0-AD7D-43A5B1D7B20D}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"TCP Query User{BE7188DB-E24D-427A-BDA2-C68B71C47524}C:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= UDP:C:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"UDP Query User{3B7C9FAA-CA16-4212-942D-1D3714BA6D0F}C:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= TCP:C:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"TCP Query User{71FA9663-291E-42B8-8CFB-7B0998087FD6}C:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= UDP:C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"UDP Query User{437CCDC8-1B58-4BF2-ACCA-8382709D53B7}C:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= TCP:C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"{8ECBF270-D686-47FE-8626-B9512ACF133C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2511536C-D762-481A-947A-5C9247827638}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{066B6291-FBD4-40EE-8D8F-30103CC26B55}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3EA52D6A-B43B-4D62-AC6E-B0F3E480F5BC}"= UDP:44729:utorrent 1
"{72BC6061-193F-42B9-9380-C9239B41E54B}"= TCP:44729:utorrent 2
"{C32A952C-A97A-4EF0-B988-FD3B27B37852}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9FBC8163-25CC-48B0-B140-86A540D10865}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{E08EF6CD-E03B-40BD-AD7A-378AC8A24AB1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A1EE5491-60CA-4BD9-BE81-7BA7345FDBBC}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{638961B4-0F1C-4DE6-9310-ED029FE4E8D9}C:\\users\\watashi\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\watashi\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{110D4792-F909-49BF-B2BB-6B591942EF49}C:\\users\\watashi\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\watashi\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
S3 DTVFW;DVB-T USB adapter firmware;C:\Windows\system32\DRIVERS\dtvfw.sys [2005-11-30 11:51]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MSServer - C:\Windows\system32\fcccbcbB.dll
HKLM-Run-lphctwtj0e1ag - C:\Windows\system32\lphctwtj0e1ag.exe
HKLM-Run-SMrhcpwtj0e1ag - C:\Program Files\rhcpwtj0e1ag\rhcpwtj0e1ag.exe
HKLM-Run-a0a03950 - C:\Windows\system32\sqejpkyn.dll
HKLM-Run-BMa3930acc - C:\Windows\system32\aiawcnuw.dll
ShellExecuteHooks-{2935C200-7E7D-4257-B9D4-EE75BAA206C9} - C:\Windows\system32\fcccbcbB.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\watashi\AppData\Roaming\Mozilla\Firefox\Profiles\engkcfqz.default\
.
.
------- File Associations (Beta) -------
.
VBEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
VBSFile="%SystemRoot%\System32\WScript.exe" "%1" %*
vbefile\shell\open\command="%SystemRoot%\System32\WScript.exe" "%1" %*
vbsfile\shell\open\command="%SystemRoot%\System32\WScript.exe" "%1" %*
jsefile\shell\open\command=%SystemRoot%\System32\WScript.exe "%1" %*
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 22:51:04
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-20 22:58:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-20 20:57:37

Pre-Run: 14,129,651,712 octets libres
Post-Run: 13,992,460,288 octets libres

280 --- E O F --- 2008-08-20 11:28:27











et l'autre (hijackthis)















Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:16, on 20/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.23.16.20:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: huujre.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Unknown owner - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

voici le rapport... Je désinstalle avec l'outil suppression de programme de windows les autres programmes (car il n'a trouvé que Hijackyhis.

Merci énormément...

A la prochaine (dans un autre contexte que celui la !!) peut etre !




- Recherche:

C:\HijackThis: trouvé !
C:\Qoobox: trouvé !
C:\hijackthis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\watashi\Desktop\HijackThis.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\hijackthis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\watashi\Desktop\HijackThis.lnk: supprimé !
C:\HijackThis: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: Erreur de suppression !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

Corbeille vidée!