mon ordi bug - Sécurité, virus et assimilés::Failles de sécurité

Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...

Auteur

Message

nesva29

Posté le 29/10/2007 10:27:14

bonjour, j'ai aussi mon ordi qui rame
voici mon rapport hijack
merci pour votre aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:57, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\AOL\1192741679\ee\AOLSoftware.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TRIXX\TRIXX.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Propriétaire\Application Data\WinButler\WinButler.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayio.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\MATCO\BuzzSawService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\StarOffice7\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\system32\nsi52.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1192741679\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\propriétaire\local settings\temp\gain_trickler_3202.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TRIXX] "C:\Program Files\TRIXX\TRIXX.exe" -s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Fichiers communs\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\Propriétaire\Application Data\WinButler\WinButler.exe
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayio.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Ouvrir client sur le moniteur &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Ouvrir client sur le moniteur &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Buzzsaw_Defragmentation - SpyderComm, Inc. - C:\Program Files\MATCO\BuzzSawService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12147 bytes

Malekal_morte

Posté le 29/10/2007 12:06:52

Salut,

Vas dans ajout/suppression de programmes, désinstalle WebHancer.

Relance HijackThis, coche ces lignes :

O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\system32\nsi52.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\Propriétaire\Application Data\WinButler\WinButler.exe
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayio.exe

--> clic sur fix checked

Télécharge Combofix sUBs : combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.

-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur

Hageaxx

Posté le 29/10/2007 12:09:23

Bonjour,

Petit passage...

Malekal ===>

O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer

nesva29

Posté le 29/10/2007 15:37:27

ComboFix 07-10-29.1 - Propriétaire 2007-10-29 15:20:41.1 - NTFSx86
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nsi52.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-29 ))))))))))))))))))))))))))))))))))))
.

2007-10-29 15:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-29 14:16 <REP> d-------- G:\Program Files\Java
2007-10-29 10:23 <REP> d-------- C:\WINDOWS\Sun
2007-10-29 08:52 <REP> d-------- G:\Program Files\Trend Micro
2007-10-29 00:44 <REP> d-------- C:\WINDOWS\avxoscan
2007-10-29 00:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-10-29 00:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-10-29 00:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-10-29 00:35 <REP> d-------- G:\Program Files\Panda Security
2007-10-29 00:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-29 00:05 <REP> d-------- G:\Program Files\microsoft frontpage
2007-10-28 22:41 <REP> d-------- C:\Documents and Settings\Propriétaire\SecurityScans
2007-10-28 22:41 <REP> d-------- C:\Documents and Settings\Propriétaire\SecurityScans
2007-10-28 20:54 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-10-28 10:43 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-28 10:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-26 18:37 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Petroglyph
2007-10-26 18:37 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Petroglyph
2007-10-26 09:37 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2007-10-26 09:36 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2007-10-26 09:36 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2007-10-26 09:36 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2007-10-26 09:36 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2007-10-26 09:36 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2007-10-26 09:36 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2007-10-26 08:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\WinButler
2007-10-26 08:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\WinButler
2007-10-26 07:11 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-10-24 15:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Shareaza
2007-10-24 15:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Shareaza
2007-10-23 13:37 46,592 --a------ C:\WINDOWS\system32\gzmrotate.dll
2007-10-23 08:59 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar
2007-10-23 08:59 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar
2007-10-23 08:59 79,877 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-10-23 08:59 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-10-23 08:56 69,632 --a------ C:\WINDOWS\uinst001.exe
2007-10-23 08:46 <REP> d-------- C:\WINDOWS\system32\PC Booster 5
2007-10-23 08:43 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-10-20 11:22 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Talkback
2007-10-20 11:22 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Talkback
2007-10-19 16:26 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-19 12:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ATI
2007-10-19 12:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ATI
2007-10-19 12:27 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\AdobeUM
2007-10-19 12:27 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\AdobeUM
2007-10-19 12:26 <REP> d-------- C:\WINDOWS\system32\Adobe
2007-10-19 12:26 <REP> d-------- C:\WINDOWS\Profiles
2007-10-19 12:26 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-10-19 12:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterTrust
2007-10-19 12:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterTrust
2007-10-19 12:18 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Motive
2007-10-19 12:18 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Motive
2007-10-19 11:57 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-19 11:57 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-19 11:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-19 11:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-19 11:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-19 11:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-19 11:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-19 11:57 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-19 11:56 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-10-19 11:52 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-10-19 11:43 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-19 10:56 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Ahead
2007-10-19 10:56 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Ahead
2007-10-19 10:54 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-10-19 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-19 10:49 <REP> d-------- C:\WINDOWS\ShellNew
2007-10-19 10:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Template
2007-10-19 10:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Template
2007-10-19 10:39 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2007-10-19 09:49 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-10-19 09:49 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-10-19 09:49 95,617 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-10-19 09:46 <REP> d-------- C:\WINDOWS\provisioning
2007-10-19 09:46 <REP> d-------- C:\WINDOWS\peernet
2007-10-19 09:44 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-10-19 09:35 <REP> d-------- C:\WINDOWS\EHome
2007-10-19 07:21 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-10-19 07:21 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-10-19 06:07 245 --a------ C:\WINDOWS\system\hpsysdrv.dat
2007-10-19 06:05 <REP> d-------- C:\WINDOWS\I386
2007-10-19 06:00 <REP> dr------- C:\Program Files
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Propriétaire\Mes documents
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Propriétaire\Mes documents
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Propriétaire\Menu Démarrer
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Propriétaire\Menu Démarrer
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Propriétaire\Favoris
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Propriétaire\Favoris
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\All Users\Documents
2007-10-19 05:59 <REP> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-10-19 05:59 <REP> dr------- C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2007-10-18 23:55 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-18 23:48 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-10-18 23:48 332,800 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-10-18 23:48 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-10-18 23:48 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2007-10-18 23:42 1,097,728 --a------ C:\WINDOWS\system32\esent.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-18 21:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-18 21:17 3,500 --sha-r C:\WINDOWS\system32\drivers\HP_PC000A-ABF S7290FR FR420_YC_Pres_QCZB417_E42FRheREF2_4_IMS-6575_SMICRO-STAR INTERNATIONAL CO., LTD_V3.10_B3.06_T031016_W1_L40C_M512_J120_7Intel_8Pentium 4_92,8_110397007_N10390900_P_Z14F12F00_K_A_U10397001_G.MRK
2007-10-18 21:14 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
2007-10-18 19:22 --------- d-----w G:\Program Files\SolSuite
2007-10-07 17:34 2,639 ----a-w G:\Program Files\Modeler.cfg
2007-10-07 17:32 339 ----a-w G:\Program Files\3d.cfg
2007-10-07 17:31 916 ----a-w G:\Program Files\$.g2d
2007-10-07 17:31 57 ----a-w G:\Program Files\CTRL3D.DAT
2007-10-07 17:31 5,416 ----a-w G:\Program Files\$.f1
2007-10-07 17:29 8,628 ---ha-w G:\Program Files\myhwin.GID
2007-09-30 19:27 --------- d-----w G:\Program Files\Works
2007-09-30 05:48 823 ----a-w G:\Program Files\$.m3d
2007-09-22 06:32 --------- d-----w G:\Program Files\lib
2007-09-22 06:28 61,640 ----a-w G:\Program Files\Uninst.isu
2007-09-22 06:28 --------- d-----w G:\Program Files\project
2007-08-28 17:25 --------- d-----w G:\Program Files\123 Free Solitaire
2007-01-18 13:37 5,239,808 ----a-w G:\Program Files\MYHOUSE.EXE
2006-06-07 14:50 974,336 ----a-w G:\Program Files\MOD3D.EXE
2005-10-28 13:27 671,744 ----a-w G:\Program Files\RAYTRACE.EXE
2005-10-26 14:25 1,285,120 ----a-w G:\Program Files\MYH3D.EXE
2005-10-07 10:06 17,197 ----a-w G:\Program Files\GL3D2.LNG
2005-09-15 11:14 183,564 ----a-w G:\Program Files\MYHWIN.HLP
2005-07-21 12:51 43,733 ----a-w G:\Program Files\MYH3D.HLP
2004-10-21 16:36 44,432 ----a-w G:\Program Files\MODWIN.HLP
2004-09-03 16:30 33 ----a-w G:\Program Files\VERSION.NFO
2004-09-03 16:30 328 ----a-w G:\Program Files\README.TXT
2004-05-25 16:50 924,160 ----a-w G:\Program Files\MODELER.EXE
2004-05-20 17:24 362,496 ----a-w G:\Program Files\MODLIB.DLL
2004-05-20 16:45 382,464 ----a-w G:\Program Files\INSTALL.DLL
2002-08-23 12:17 87,552 ----a-w G:\Program Files\HIDDENLN.DLL
2002-01-09 11:01 436,736 ----a-w G:\Program Files\SETOP.DLL
2001-09-24 12:12 182,785 ----a-w G:\Program Files\RAYTRACE.HLP
2001-01-21 14:11 4 ----a-w G:\Program Files\LICENSE.DAT
2000-04-09 00:04 73,728 ----a-w G:\Program Files\GENQTVR.DLL
1999-09-13 14:40 41 ----a-w G:\Program Files\NIGHT.CLF
1999-09-09 01:30 37 ----a-w G:\Program Files\CLOUD1.CLF
1998-06-17 07:22 187,392 ----a-w G:\Program Files\LPNG.DLL
1997-12-23 08:14 91,648 ----a-w G:\Program Files\GZIP.EXE
1996-10-16 17:43 1,214 ----a-w G:\Program Files\MYHOUSE.HTM
1996-08-23 11:13 21,504 ----a-w G:\Program Files\SCP2AVI.DLL
1995-10-29 16:35 2,354 ----a-w G:\Program Files\MHOOK.DLL
1994-11-06 11:35 9,803 ----a-w G:\Program Files\PARSE.DAT
1993-07-12 16:17 768 ----a-w G:\Program Files\ACDPALET.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]
2007-10-23 13:37 46592 --a------ C:\WINDOWS\system32\gzmrotate.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41C29B07-6F91-4966-91BE-2E2841643C83}"= C:\Program Files\Adssite Advanced Toolbar\toolbar.dll [2007-08-30 13:24 561152]

[HKEY_CLASSES_ROOT\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}]
[HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1]
[HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}]
[HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 09:57]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:16]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50]
"VTTimer"="VTTimer.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 19:13]
"C-Media Mixer"="Mixer.exe" [2003-04-06 10:39 C:\WINDOWS\mixer.exe]
"CmPCIaudio"="CMICNFG3.CPL" []
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-18 22:43]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1192741679\ee\AOLSoftware.exe" [2006-09-26 01:52]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"Trickler"="c:\documents and settings\propriétaire\local settings\temp\gain_trickler_3202.exe" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"TRIXX"="C:\Program Files\TRIXX\TRIXX.exe" [2005-08-16 12:18]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 00:07]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-10-23 13:37]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Desktop\V5.1\moffice.exe" [2007-10-24 13:55]
"OFFICEKB"="C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe" [2007-10-24 13:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"AOL Dialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOlDial.exe" [2007-06-21 11:01]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2004-01-01 11:42]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-23 18:05]
"WinButler"="C:\Documents and Settings\Propriétaire\Application Data\WinButler\WinButler.exe" [2007-10-25 15:55]
"SfKg6wIPu"="C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayio.exe" [2007-10-25 16:39]
"AOL Fast Start"="C:\Program Files\AOL 9.0 VR\AOL.exe" [2007-06-21 12:44]

C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\
StarOffice 7.lnk - C:\Program Files\StarOffice7\program\quickstart.exe [2003-06-01 06:00:00]

C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\
StarOffice 7.lnk - C:\Program Files\StarOffice7\program\quickstart.exe [2003-06-01 06:00:00]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
Barre d'état système d'ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 00:07:30]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 12:19:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=1 (0x1)

R1 TRIXX;TRIXX;\??\C:\Program Files\TRIXX\TRIXXDriver.sys
R2 Buzzsaw_Defragmentation;Buzzsaw_Defragmentation;C:\Program Files\MATCO\BuzzSawService.exe
R3 cmuda3;C-Media PCI Audio Interface;C:\WINDOWS\system32\drivers\cmuda3.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 jbridgep;jbridgep;\??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\jbridgep.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-18 21:16:40 C:\WINDOWS\Tasks\Connexion Facile à Internet.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 15:28:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-29 15:32:21 - machine was rebooted
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:45, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\MATCO\BuzzSawService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\AOL\1192741679\ee\AOLSoftware.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TRIXX\TRIXX.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Propriétaire\Application Data\WinButler\WinButler.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayio.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\StarOffice7\program\soffice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1192741679\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\propriétaire\local settings\temp\gain_trickler_3202.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TRIXX] "C:\Program Files\TRIXX\TRIXX.exe" -s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Fichiers communs\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\Propriétaire\Application Data\WinButler\WinButler.exe
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayio.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Ouvrir client sur le moniteur &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Ouvrir client sur le moniteur &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Buzzsaw_Defragmentation - SpyderComm, Inc. - C:\Program Files\MATCO\BuzzSawService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11484 bytes

Malekal_morte

Posté le 29/10/2007 16:12:46

Hageaxx a écrit :

Bonjour,
Petit passage...

Oui mais regarde le dernier rapport HijackThis

-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur

Malekal_morte

Posté le 29/10/2007 16:17:33

Relance HijackThis, coche ces lignes :

O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\propriétaire\local settings\temp\gain_trickler_3202.exe"
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\Propriétaire\Application Data\WinButler\WinButler.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayio.exe

--> clic sur fix checked

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\system32\gzmrotate.dll
c:\documents and settings\propriétaire\local settings\temp\gain_trickler_3202.exe
C:\Documents and Settings\Propriétaire\Application Data\WinButler\WinButler.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayio.exe
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\rightonadz-uninst.exe

Folder::
C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\Propriétaire\Application Data\WinButler
C:\Documents and Settings\Propriétaire\SecurityScans

Enregistre ce fichier sous le nom CFScript

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

< inclued picture >

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Poste un nouveau rapport HijackThis.

-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur

nesva29

Posté le 29/10/2007 16:51:26

ComboFix 07-10-29.1 - Propriétaire 2007-10-29 16:28:26.2 - NTFSx86
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt

FILE::
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayio.exe
C:\Documents and Settings\Propriétaire\Application Data\WinButler\WinButler.exe
c:\documents and settings\propriétaire\local settings\temp\gain_trickler_3202.exe
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\rightonadz-uninst.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayio.exe
C:\Documents and Settings\Propriétaire\Application Data\WinButler
C:\Documents and Settings\Propriétaire\Application Data\WinButler\config.cfg
C:\Documents and Settings\Propriétaire\Application Data\WinButler\WinBuninstaller.exe
C:\Documents and Settings\Propriétaire\Application Data\WinButler\WinButler.exe
C:\Documents and Settings\Propriétaire\SecurityScans
C:\Documents and Settings\Propriétaire\SecurityScans\Config\CurrScanSet.xml
C:\Documents and Settings\Propriétaire\SecurityScans\Config\CurrTemplate
C:\Documents and Settings\Propriétaire\SecurityScans\Config\errors.xml
C:\Documents and Settings\Propriétaire\SecurityScans\Config\mru.xml
C:\Documents and Settings\Propriétaire\SecurityScans\WORKGROUP - MAISON (28-10-2007 22-45).xml
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\rightonadz-uninst.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-29 ))))))))))))))))))))))))))))))))))))
.

2007-10-29 15:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-29 14:16 <REP> d-------- G:\Program Files\Java
2007-10-29 10:23 <REP> d-------- C:\WINDOWS\Sun
2007-10-29 08:52 <REP> d-------- G:\Program Files\Trend Micro
2007-10-29 00:44 <REP> d-------- C:\WINDOWS\avxoscan
2007-10-29 00:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-10-29 00:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-10-29 00:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-10-29 00:35 <REP> d-------- G:\Program Files\Panda Security
2007-10-29 00:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-29 00:05 <REP> d-------- G:\Program Files\microsoft frontpage
2007-10-28 20:54 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-10-28 10:43 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-28 10:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-26 18:37 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Petroglyph
2007-10-26 18:37 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Petroglyph
2007-10-26 09:37 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2007-10-26 09:36 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2007-10-26 09:36 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2007-10-26 09:36 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2007-10-26 09:36 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2007-10-26 09:36 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2007-10-26 09:36 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2007-10-26 07:11 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-10-24 15:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Shareaza
2007-10-24 15:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Shareaza
2007-10-23 08:56 69,632 --a------ C:\WINDOWS\uinst001.exe
2007-10-23 08:46 <REP> d-------- C:\WINDOWS\system32\PC Booster 5
2007-10-23 08:43 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-10-20 11:22 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Talkback
2007-10-20 11:22 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Talkback
2007-10-19 16:26 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-19 12:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ATI
2007-10-19 12:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ATI
2007-10-19 12:27 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\AdobeUM
2007-10-19 12:27 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\AdobeUM
2007-10-19 12:26 <REP> d-------- C:\WINDOWS\system32\Adobe
2007-10-19 12:26 <REP> d-------- C:\WINDOWS\Profiles
2007-10-19 12:26 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-10-19 12:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterTrust
2007-10-19 12:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterTrust
2007-10-19 12:18 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Motive
2007-10-19 12:18 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Motive
2007-10-19 11:57 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-19 11:57 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-19 11:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-19 11:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-19 11:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-19 11:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-19 11:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-19 11:57 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-19 11:56 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-10-19 11:52 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-10-19 11:43 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-19 10:56 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Ahead
2007-10-19 10:56 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Ahead
2007-10-19 10:54 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-10-19 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-19 10:49 <REP> d-------- C:\WINDOWS\ShellNew
2007-10-19 10:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Template
2007-10-19 10:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Template
2007-10-19 10:39 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2007-10-19 09:49 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-10-19 09:49 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-10-19 09:49 95,617 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-10-19 09:46 <REP> d-------- C:\WINDOWS\provisioning
2007-10-19 09:46 <REP> d-------- C:\WINDOWS\peernet
2007-10-19 09:44 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-10-19 09:35 <REP> d-------- C:\WINDOWS\EHome
2007-10-19 07:21 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-10-19 07:21 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-10-19 06:07 245 --a------ C:\WINDOWS\system\hpsysdrv.dat
2007-10-19 06:05 <REP> d-------- C:\WINDOWS\I386
2007-10-19 06:00 <REP> dr------- C:\Program Files
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Propriétaire\Mes documents
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Propriétaire\Mes documents
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Propriétaire\Menu Démarrer
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Propriétaire\Menu Démarrer
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Propriétaire\Favoris
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Propriétaire\Favoris
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
2007-10-19 06:00 <REP> dr------- C:\Documents and Settings\All Users\Documents
2007-10-19 05:59 <REP> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-10-19 05:59 <REP> dr------- C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2007-10-18 23:55 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-18 23:48 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-10-18 23:48 332,800 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-10-18 23:48 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-10-18 23:48 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2007-10-18 23:42 1,097,728 --a------ C:\WINDOWS\system32\esent.dll
2007-10-18 23:35 <REP> d--hs---- C:\Documents and Settings\Propriétaire\UserData
2007-10-18 23:35 <REP> d--hs---- C:\Documents and Settings\Propriétaire\UserData
2007-10-18 23:31 <REP> d-------- C:\WINDOWS\system32\bits
2007-10-18 23:30 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-10-18 23:30 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-18 23:22 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-18 23:22 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-18 23:15 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-10-18 23:15 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-18 21:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-18 21:17 3,500 --sha-r C:\WINDOWS\system32\drivers\HP_PC000A-ABF S7290FR FR420_YC_Pres_QCZB417_E42FRheREF2_4_IMS-6575_SMICRO-STAR INTERNATIONAL CO., LTD_V3.10_B3.06_T031016_W1_L40C_M512_J120_7Intel_8Pentium 4_92,8_110397007_N10390900_P_Z14F12F00_K_A_U10397001_G.MRK
2007-10-18 21:14 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
2007-10-18 19:22 --------- d-----w G:\Program Files\SolSuite
2007-10-07 17:34 2,639 ----a-w G:\Program Files\Modeler.cfg
2007-10-07 17:32 339 ----a-w G:\Program Files\3d.cfg
2007-10-07 17:31 916 ----a-w G:\Program Files\$.g2d
2007-10-07 17:31 57 ----a-w G:\Program Files\CTRL3D.DAT
2007-10-07 17:31 5,416 ----a-w G:\Program Files\$.f1
2007-10-07 17:29 8,628 ---ha-w G:\Program Files\myhwin.GID
2007-09-30 19:27 --------- d-----w G:\Program Files\Works
2007-09-30 05:48 823 ----a-w G:\Program Files\$.m3d
2007-09-22 06:32 --------- d-----w G:\Program Files\lib
2007-09-22 06:28 61,640 ----a-w G:\Program Files\Uninst.isu
2007-09-22 06:28 --------- d-----w G:\Program Files\project
2007-08-28 17:25 --------- d-----w G:\Program Files\123 Free Solitaire
2007-01-18 13:37 5,239,808 ----a-w G:\Program Files\MYHOUSE.EXE
2006-06-07 14:50 974,336 ----a-w G:\Program Files\MOD3D.EXE
2005-10-28 13:27 671,744 ----a-w G:\Program Files\RAYTRACE.EXE
2005-10-26 14:25 1,285,120 ----a-w G:\Program Files\MYH3D.EXE
2005-10-07 10:06 17,197 ----a-w G:\Program Files\GL3D2.LNG
2005-09-15 11:14 183,564 ----a-w G:\Program Files\MYHWIN.HLP
2005-07-21 12:51 43,733 ----a-w G:\Program Files\MYH3D.HLP
2004-10-21 16:36 44,432 ----a-w G:\Program Files\MODWIN.HLP
2004-09-03 16:30 33 ----a-w G:\Program Files\VERSION.NFO
2004-09-03 16:30 328 ----a-w G:\Program Files\README.TXT
2004-05-25 16:50 924,160 ----a-w G:\Program Files\MODELER.EXE
2004-05-20 17:24 362,496 ----a-w G:\Program Files\MODLIB.DLL
2004-05-20 16:45 382,464 ----a-w G:\Program Files\INSTALL.DLL
2002-08-23 12:17 87,552 ----a-w G:\Program Files\HIDDENLN.DLL
2002-01-09 11:01 436,736 ----a-w G:\Program Files\SETOP.DLL
2001-09-24 12:12 182,785 ----a-w G:\Program Files\RAYTRACE.HLP
2001-01-21 14:11 4 ----a-w G:\Program Files\LICENSE.DAT
2000-04-09 00:04 73,728 ----a-w G:\Program Files\GENQTVR.DLL
1999-09-13 14:40 41 ----a-w G:\Program Files\NIGHT.CLF
1999-09-09 01:30 37 ----a-w G:\Program Files\CLOUD1.CLF
1998-06-17 07:22 187,392 ----a-w G:\Program Files\LPNG.DLL
1997-12-23 08:14 91,648 ----a-w G:\Program Files\GZIP.EXE
1996-10-16 17:43 1,214 ----a-w G:\Program Files\MYHOUSE.HTM
1996-08-23 11:13 21,504 ----a-w G:\Program Files\SCP2AVI.DLL
1995-10-29 16:35 2,354 ----a-w G:\Program Files\MHOOK.DLL
1994-11-06 11:35 9,803 ----a-w G:\Program Files\PARSE.DAT
1993-07-12 16:17 768 ----a-w G:\Program Files\ACDPALET.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 09:57]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:16]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50]
"VTTimer"="VTTimer.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 19:13]
"C-Media Mixer"="Mixer.exe" [2003-04-06 10:39 C:\WINDOWS\mixer.exe]
"CmPCIaudio"="CMICNFG3.CPL" []
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-18 22:43]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1192741679\ee\AOLSoftware.exe" [2006-09-26 01:52]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"TRIXX"="C:\Program Files\TRIXX\TRIXX.exe" [2005-08-16 12:18]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 00:07]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Desktop\V5.1\moffice.exe" [2007-10-24 13:55]
"OFFICEKB"="C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe" [2007-10-24 13:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"AOL Dialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOlDial.exe" [2007-06-21 11:01]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2004-01-01 11:42]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-23 18:05]
"AOL Fast Start"="C:\Program Files\AOL 9.0 VR\AOL.exe" [2007-06-21 12:44]

C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\
StarOffice 7.lnk - C:\Program Files\StarOffice7\program\quickstart.exe [2003-06-01 06:00:00]

C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\
StarOffice 7.lnk - C:\Program Files\StarOffice7\program\quickstart.exe [2003-06-01 06:00:00]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
Barre d'état système d'ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 00:07:30]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 12:19:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=1 (0x1)

R1 TRIXX;TRIXX;\??\C:\Program Files\TRIXX\TRIXXDriver.sys
R2 Buzzsaw_Defragmentation;Buzzsaw_Defragmentation;C:\Program Files\MATCO\BuzzSawService.exe
R3 cmuda3;C-Media PCI Audio Interface;C:\WINDOWS\system32\drivers\cmuda3.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 jbridgep;jbridgep;\??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\jbridgep.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-18 21:16:40 C:\WINDOWS\Tasks\Connexion Facile à Internet.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 16:42:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-29 16:45:36 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-29 15:32
.
--- E O F ---

nesva29

Posté le 29/10/2007 16:59:59

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:56, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\AOL\1192741679\ee\AOLSoftware.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TRIXX\TRIXX.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\MATCO\BuzzSawService.exe
C:\Program Files\StarOffice7\program\soffice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1192741679\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TRIXX] "C:\Program Files\TRIXX\TRIXX.exe" -s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Fichiers communs\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Ouvrir client sur le moniteur &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Ouvrir client sur le moniteur &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Buzzsaw_Defragmentation - SpyderComm, Inc. - C:\Program Files\MATCO\BuzzSawService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10596 bytes

nesva29

Posté le 29/10/2007 17:03:02

c'est un peu mieux mais quand j'essaye d'ouvrir certain dossier puis sous dossier comme ma musique par exemple: pas de reponse et je n'ai plus rien sur mon bureau , je n'ai que le fond d'ecran

Malekal_morte

Posté le 29/10/2007 18:32:18

http://forum.malekal.com/ftopic3123.php

Pour moi, Antivir est beaucoup plus performant, c'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place (ce n'est pas une obligation) : http://www.malekal.com/tutorial_antivir.php

Pour t'aider tu peux suivre ce lien : http://forum.malekal.com/ftopic4192.php

- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
- Assure toi qu'Antivir est bien à jour, vérifie la date d'update.

-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.

Redémarre en mode normal.

Poste le rapport ici.

-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur

nesva29

Posté le 29/10/2007 22:16:07

AntiVir PersonalEdition Classic
Report file date: lundi 29 octobre 2007 19:35

Scanning for 908208 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: MAISON

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 18:22:24
ANTIVIR3.VDF : 7.0.0.151 58368 Bytes 29/10/2007 18:22:24
AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 29/10/2007 18:22:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: g:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 29 octobre 2007 19:35

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '43' files ).

Starting the file scan:

Begin scan in 'C:\' <PRESARIO>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
[DETECTION] Is the Trojan horse TR/BHO.IEBar.A
[INFO] The file was moved to '479529a7.qua'!
C:\Program Files\MUSK Codec Pack v5\5.1\5.1.exe
[DETECTION] Contains detection pattern of the dropper DR/Gator.3202
[INFO] The file was moved to '47572e70.qua'!
C:\qoobox\Quarantine\C\Documents and Settings\Propriétaire\Application Data\WinButler\WinBuninstaller.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dwe
[INFO] The file was moved to '47943006.qua'!
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll
[WARNING] The file could not be opened!
Begin scan in 'D:\' <PRESARIO_RP>
Begin scan in 'G:\'
G:\Mes fichiers reçus\Nath\Programmes\jeux\Raimbow\Sugar.Games.Universal.Crack-FaNtAsY.exe
[DETECTION] Is the Trojan horse TR/WGAPatch.A.5
[INFO] The file was moved to '478d44af.qua'!

End of the scan: lundi 29 octobre 2007 22:00
Used time: 2:25:27 min

The scan has been done completely.

9706 Scanning directories
569631 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were