Gros problemes Winfixer et autres :(

Bonjour,

J'ai un gros souci avec ce genre de publicité qui s'affiche dès ma connection sur IE ! Elles me ralentissent le chargement des pages webs ou ne les affichent pas du tout !

Je joue en ligne et je n'ai pas de probleme la dessus ! ce n'est que dès que j'ouvre IE

j'ai scanné avec avast , ad aware et spybot mais rien n'y fait

j'ai fait un hijack mais je n'y comprends rien non plus :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56, on 2008-05-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?source=fhig
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera V
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_90.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-4b9eaffecce77db1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_12.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-ww/frw/games3.cab?fgiocv=1
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://212.239.40.78/cdo/fr/game.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O18 - Filter hijack: text/html - {64BEFB91-ED4D-47E8-AC20-6403CC53E864} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8417 bytes

bonjour

tient , des infections que l'on ne voit plus depuis longtemps
merci ==> avast , ad aware et spybot

Télécharger sur le bureau
Lspfix

= fermer les programmes
= déconnecter internet
= double-clc sur Lspfix .exe
= cocher I Know what I'm doing
= du coté Keep il y a des DLL

= si newdotnet6_90.dll présente

ne pas toucher aux autres

= la sélectionner et appuyer >> pour la faire passer du côté Remove
= clic Finish
=======
Télécharger et enregistrer sur le bureau
Combofix

=Double-clic sur Combofix
= Presser 1 si demandé
= Attendre la fermeture de l’outil ( 5 -10 mn ou plus si infection importante)
=Copier/coller le rapport dans la réponse
Un rapport dans C:\Combofix.txt à mettre dans la réponse




puis

Télécharger sur le bureau

Malwarebyte's Anti-Malware

= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse

puis refait un hijack

(Modifié par land3 le 16-05-2008 à 15:21)

AH merci je fais tout ça et je te dis ! ouff de l'aide

Ajout du 16-05-2008 à 15:54:

combofix.txt:



ComboFix 08-05-15.2 - Compaq_Propriétaire 2008-05-16 15:43:17.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1563 [GMT 2:00]

Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe

le rapport est incomplet
pour ne rien rater => dans le bloc note où il se trouve +> edition => sélectionner tout
puis Edition ==> copier

et dans la réponse ici => clic-droit et => coller

ben j'ai bien fait ça pourtant et il n'y a rien d'autre ! je vais refaire un scan pour voir



Sinon j'ai le rapport anti malware :



Malwarebytes' Anti-Malware 1.12

Version de la base de données: 755



Type de recherche: Examen complet (C:\|I:\|)

Eléments examinés: 145011

Temps écoulé: 44 minute(s), 52 second(s)



Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 3

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 72



Processus mémoire infecté(s):

(Aucun élément nuisible détecté)



Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)



Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{db893839-10f0-4af9-92fa-b23528f530af} (Dialer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bug doctor_is1 (Rogue.BugDoctor) -> Quarantined and deleted successfully.



Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)



Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)



Dossier(s) infecté(s):

C:\Program Files\Bug Doctor (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin (Rogue.BugDoctor) -> Quarantined and deleted successfully.



Fichier(s) infecté(s):

C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Mes fichiers reçus\BugdoctorSetup.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\BugDoctor.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\BugDoctorLiveUpdate.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\Bug Doctor Help.chm (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnFridayJune152007150126.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnMondayAugust132007113750.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnMondaySeptember032007081517.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnMondaySeptember172007093936.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnMondaySeptember242007101431.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnSaturdayAugust182007112530.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnSaturdaySeptember012007085327.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnSundayAugust192007132902.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnThursdayFebruary282008164431.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnThursdayJuly052007041442.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnThursdaySeptember062007084010.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnTuesdayJune122007165027.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnTuesdayOctober022007162553.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnWednesdayApril302008103133.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnWednesdayJuly112007015801.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnWednesdayOctober032007103422.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\FixedOnWednesdayOctober032007103524.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\Get Bonuses.url (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin.ini (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\unins000.dat (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\unins000.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\bug.swf (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\fixing_error-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\fixing_error-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\fixing_error-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\fixing_error-rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\fix_complete-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\fix_complete-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\fix_complete-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\fix_complete-roll_over.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\LiveUpdate_disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\LiveUpdate_normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\LiveUpdate_pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\LiveUpdate_rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\main_disable.jpg (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\main_enable.jpg (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\main_pressed.jpg (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\main_roll_over.jpg (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\mask.bmp (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\mask1.bmp (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\scan.swf (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\scancomplete.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\scanning_error-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\scanning_error-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\scanning_error-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\scanning_error-rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\scan_complete-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\scan_complete-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\scan_complete-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\scan_complete-roll_over.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\schedule_disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\schedule_normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\schedule_pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\schedule_rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\skin.ini (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\SubMainDisable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\SubMainNormal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\SubMainPressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\SubMainRollOver.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\support_disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\support_normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\support_pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\support_rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\unlock_key-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\unlock_key-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\unlock_key-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\Bug Doctor\skin\unlock_key-roll_over.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Propriétaire\Bureau\BugDoctor.lnk (Rogue.BugDoctor) -> Quarantined and deleted successfully.



Ajout du 16-05-2008 à 17:00:

rapport hijack :



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:57, on 2008-05-16

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\windows\system\hpsysdrv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\VM305_STI.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\PCHButton.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Inventel\Gateway\WLANCFG.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera V

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\PCHButton.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-4b9eaffecce77db1.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_12.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-ww/frw/games3.cab?fgiocv=1

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O18 - Protocol: vskype - (no CLSID) - (no file)

O18 - Filter hijack: text/html - {64BEFB91-ED4D-47E8-AC20-6403CC53E864} - (no file)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

---------------
relancer hijack
"Do A System Scan Only"

cocher ces lignes et clic ensuite sur FIX CHECKED

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-4b9eaffecce77db1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-ww/frw/games3.cab?fgiocv=1
O18 - Filter hijack: text/html - {64BEFB91-ED4D-47E8-AC20-6403CC53E864} - (no file)
============
pour le rapport combofix il est à C:\
c'est combofix.txt

j'ai refait un combofix et en fichier txt je n'ai trouvé que celui là dans C:/combofix/combofix.txt



ComboFix 08-05-15.3 - Compaq_Propriétaire 2008-05-16 17:14:47.4 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1505 [GMT 2:00]

Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

Ajout du 16-05-2008 à 17:26:

Et voilà j'ai Fixé les lignes comme tu as dit dans hitjack

pour combofix , on a une ligne de plus

mais largement incomplet

refait un nouveau scan combofix afin d'avoir un rapport complet

je me pose une question pour combofix il faut que je coupe ma connection ? mon avast ? pour le lancer



si ça se trouve je fais n'importe quoi

Ajout du 16-05-2008 à 17:57:

lol voilà le rapport :



ComboFix 08-05-15.3 - Compaq_Propriétaire 2008-05-16 17:40:25.4 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1562 [GMT 2:00]

Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe

.



(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.



C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\rccigc.dat

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\rccigc.exe

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\rccigc_nav.dat

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\rccigc_navps.dat

C:\WINDOWS\system32\cefbdefd3_g.dll

.

---- Previous Run -------

.

C:\Program Files\newdotnet

C:\Program Files\newdotnet\readme.html

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\nvs2.inf

D:\Autorun.inf

I:\Autorun.inf



.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.



-------\Legacy_6TO4

-------\Service_6to4





((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))

.



2008-05-16 15:58 . 2008-05-16 15:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-16 15:58 . 2008-05-16 15:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-16 15:58 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-16 15:58 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-05-16 12:52 . 2008-05-16 12:52 <REP> d-------- C:\Program Files\Trend Micro

2008-05-16 11:45 . 2008-05-16 12:26 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-05-16 11:45 . 2008-05-16 12:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-16 09:51 . 2008-05-16 09:51 <REP> d-------- C:\_OTMoveIt

2008-05-16 00:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-05-16 00:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-05-16 00:00 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-05-16 00:00 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-05-16 00:00 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe

2008-05-16 00:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-05-16 00:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-05-16 00:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-05-16 00:00 . 2008-05-16 10:57 2,368 --a------ C:\WINDOWS\system32\tmp.reg

2008-05-15 23:31 . 2008-05-15 23:31 <REP> d-------- C:\Program Files\Lavasoft

2008-05-15 23:31 . 2008-05-16 09:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-15 19:09 . 2008-05-15 19:09 <REP> d-------- C:\Rogue

2008-05-15 19:08 . 2008-05-16 09:19 <REP> d-------- C:\Program Files\RogueRemover FREE

2008-05-15 17:01 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-11 00:36 . 2008-05-15 19:04 <REP> d-------- C:\Program Files\Panda Security

2008-05-10 17:52 . 2008-05-10 17:52 <REP> d-------- C:\Program Files\CCleaner

2008-05-09 19:13 . 2008-05-09 19:13 <REP> d-------- C:\WINDOWS\system32\fr

2008-05-09 19:13 . 2008-05-09 19:13 <REP> d-------- C:\WINDOWS\system32\bits

2008-05-09 19:13 . 2008-05-09 19:13 <REP> d-------- C:\WINDOWS\l2schemas

2008-05-09 19:11 . 2008-05-09 19:13 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-05-09 19:03 . 2008-05-09 19:03 <REP> d-------- C:\WINDOWS\EHome

2008-04-23 20:43 . 2008-04-23 20:43 4,096 --a------ C:\WINDOWS\system32\crash



.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-15 15:01 --------- d-----w C:\Program Files\Java

2008-05-15 06:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-14 06:57 --------- d-----w C:\Program Files\World of Warcraft

2008-05-07 15:26 --------- d-----w C:\Program Files\eMule

2008-04-23 18:53 --------- d-----w C:\Program Files\QuickTime

2008-04-23 18:53 --------- d-----w C:\Program Files\Pochette Express 2

2008-04-23 18:53 --------- d-----w C:\Program Files\PhotoMix

2008-04-23 18:53 --------- d-----w C:\Program Files\PheniXScripT V3.2

2008-04-23 18:53 --------- d-----w C:\Program Files\PeerTV

2008-04-23 18:53 --------- d-----w C:\Program Files\Microsoft Works

2008-04-23 18:53 --------- d-----w C:\Program Files\ma-config.com

2008-04-23 18:53 --------- d-----w C:\Program Files\Kyodai Mahjongg

2008-04-23 18:53 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-04-23 18:53 --------- d-----w C:\Program Files\DivX

2008-04-14 02:34 70,656 ----a-w C:\WINDOWS\notepad.exe

2008-04-14 02:34 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 02:34 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-14 02:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-14 02:34 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 02:34 153,088 ----a-w C:\WINDOWS\regedit.exe

2008-04-14 02:34 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 02:34 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 02:34 10,752 ----a-w C:\WINDOWS\hh.exe

2008-04-14 02:34 1,037,824 ----a-w C:\WINDOWS\explorer.exe

2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 02:03 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys

2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys

2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys

2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys

2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys

.



((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\PCHButton.exe" [2004-01-02 02:12 159744]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]

"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 16:15 61440]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 14:19 7626752]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 14:19 86016]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

"msacm.enc"= ITIG726.acm

"msacm.l3codec"= l3codecp.acm



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fork admin]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall_TBPS]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"nwiz"=nwiz.exe /install

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\OsmOse Script\\OsmOse Script.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\NetMeeting\\conf.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\PheniXScripT V3.2\\mirc.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\Winamp\\winamp.exe"=

"C:\\Program Files\\Advancia Scrip V3.0\\AdVaNCiA ScripT 3.0.exe"=

"C:\\Program Files\\PeerTV\\PeerCast.exe"=

"C:\\Program Files\\PeerTV\\VLC\\vlc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\winegg2.0\\eggdrop.exe"=

"C:\\Program Files\\KSS\\PeerTV\\PeerCast.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-2.2.0-frFR-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-2.2.3.7359-to-2.3.0.7561-frFR-downloader.exe"=

"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

"C:\\val\\cinema\\arnaud-script\\ArNaUd-ScRiPt.exe"=

"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"=

"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21:TCP"= 21:TCP:*:Disabled:FTP1

"21:UDP"= 21:UDP:*:Disabled:FTP2

"59:TCP"= 59:TCP:*:Disabled:dcc tcp

"59:UDP"= 59:UDP:*:Disabled: dcc udp

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)



R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 22:55]

R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]

R3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-04-05 15:14]

S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-01-05 17:06]

S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 21:16]

S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-04-27 08:26]

S3 RescueDrv;Inventel Access Point USB Rescue Driver;C:\WINDOWS\system32\Drivers\resc_dwb.sys [2003-04-24 11:03]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp



.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-05-16 15:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-05-16 15:15:33 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe

.

**************************************************************************



catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-16 17:45:25

Windows 5.1.2600 Service Pack 3 NTFS



Balayage processus cach‚s ...



Balayage cach‚ autostart entries ...



Balayage des fichiers cach‚s ...



Scan termin‚ avec succŠs

Les fichiers cach‚s: 0



**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Inventel\Gateway\WLANCFG.EXE

C:\WINDOWS\system32\verclsid.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-16 17:52:06 - machine was rebooted [Compaq_Propri‚taire]

ComboFix-quarantined-files.txt 2008-05-16 15:51:59



Pre-Run: 38,311,403,520 octets libres

Post-Run: 38,233,067,520 octets libres



295 --- E O F --- 2008-04-11 11:44:29



Ajout du 16-05-2008 à 17:59:

j'ai plus de avast au demarrage :/ c'est normal ?

Ajout du 16-05-2008 à 18:08:

tu veux peut t'etre de l'aspirine



j'comprends rien du tout à ce rapport ( sauf que je reconnais certains de mes prog )

réinstalle Avast si besoin

dire si tu as encore des problèmes

et refait ensuite un hijack afin de voir si Avast tourne bien