Votre question

probleme avec fenetre intempestive et des fichiers de system32

Tags :
  • Fenêtre intempestive
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Mai 2008 18:06:21

bonjour,

voila j'ai des problemes avec des fenetres intempestive et des fichiers present dans system32.

et j'avais des trojans que j'ai supprimer.

voici mon hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:34, on 24/05/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS.0\System32\igfxtray.exe
C:\WINDOWS.0\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS.0\system32\slserv.exe
C:\WINDOWS.0\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS.0\System32\ctfmon.exe
C:\WINDOWS.0\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Xi\NetTransport 2\NetTransport.exe
C:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS.0\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.0\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.0\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BM2f03fade] Rundll32.exe "C:\WINDOWS.0\System32\prxvvihi.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS.0\SYSTEM32\slserv.exe

--
End of file - 5242 bytes

Autres pages sur : probleme fenetre intempestive fichiers system32

a b 8 Sécurité
24 Mai 2008 21:14:10

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    13 Juin 2008 07:18:50

    desolé de repondre seulement maintenant, mais j'avais eu un soucis avec mon ordi

    la souris se bloquai apres un certain temps une fois arrivé dans windows.
    et tous les favoris avaient disparu

    ComboFix 08-06-10.5 - ludovic 2008-06-12 20:23:56.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.393 [GMT 2:00]
    Endroit: C:\Documents and Settings\ludovic\Bureau\ComboFix.exe
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\system32\drivers\kbd.sys

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-12 to 2008-06-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-12 19:38 . 2008-06-12 19:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-06-12 19:31 . 2008-06-12 19:31 268 --ah----- C:\sqmdata18.sqm
    2008-06-12 19:31 . 2008-06-12 19:31 244 --ah----- C:\sqmnoopt18.sqm
    2008-06-12 06:06 . 2008-06-12 06:06 244 --ah----- C:\sqmnoopt17.sqm
    2008-06-12 06:06 . 2008-06-12 06:06 232 --ah----- C:\sqmdata17.sqm
    2008-06-11 21:13 . 2008-06-11 21:13 244 --ah----- C:\sqmnoopt16.sqm
    2008-06-11 21:13 . 2008-06-11 21:13 232 --ah----- C:\sqmdata16.sqm
    2008-06-11 21:10 . 2008-06-11 21:10 268 --ah----- C:\sqmdata15.sqm
    2008-06-11 21:10 . 2008-06-11 21:10 244 --ah----- C:\sqmnoopt15.sqm
    2008-06-11 20:31 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 20:31 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-11 20:22 . 2008-06-11 20:22 268 --ah----- C:\sqmdata14.sqm
    2008-06-11 20:22 . 2008-06-11 20:22 244 --ah----- C:\sqmnoopt14.sqm
    2008-06-11 07:16 . 2008-06-11 07:16 268 --ah----- C:\sqmdata13.sqm
    2008-06-11 07:16 . 2008-06-11 07:16 244 --ah----- C:\sqmnoopt13.sqm
    2008-06-11 06:42 . 2008-06-11 06:42 <REP> d-------- C:\Documents and Settings\ludovic\Application Data\Atari
    2008-06-11 06:39 . 2008-06-11 06:39 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
    2008-06-11 06:39 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
    2008-06-11 06:31 . 2008-06-11 06:31 <REP> d-------- C:\Program Files\Atari
    2008-06-09 21:55 . 2008-06-09 21:55 <REP> d-------- C:\Program Files\Bonjour
    2008-06-09 21:34 . 2008-06-09 21:34 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-06-09 20:20 . 2008-06-09 20:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-06-09 20:19 . 2008-06-09 20:19 244 --ah----- C:\sqmnoopt12.sqm
    2008-06-09 20:19 . 2008-06-09 20:19 232 --ah----- C:\sqmdata12.sqm
    2008-06-08 21:48 . 2008-06-09 22:10 1,152 --a------ C:\WINDOWS\Profil.Brain
    2008-06-08 20:55 . 2008-06-08 20:55 244 --ah----- C:\sqmnoopt11.sqm
    2008-06-08 20:55 . 2008-06-08 20:55 232 --ah----- C:\sqmdata11.sqm
    2008-06-08 07:30 . 2008-06-08 07:30 268 --ah----- C:\sqmdata10.sqm
    2008-06-08 07:30 . 2008-06-08 07:30 244 --ah----- C:\sqmnoopt10.sqm
    2008-06-08 01:55 . 2008-06-08 01:55 268 --ah----- C:\sqmdata09.sqm
    2008-06-08 01:55 . 2008-06-08 01:55 244 --ah----- C:\sqmnoopt09.sqm
    2008-06-07 13:15 . 2008-06-07 13:15 268 --ah----- C:\sqmdata08.sqm
    2008-06-07 13:15 . 2008-06-07 13:15 244 --ah----- C:\sqmnoopt08.sqm
    2008-06-06 22:33 . 2008-06-09 21:55 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-06 06:05 . 2008-06-06 06:05 268 --ah----- C:\sqmdata07.sqm
    2008-06-06 06:05 . 2008-06-06 06:05 244 --ah----- C:\sqmnoopt07.sqm
    2008-06-05 23:35 . 2008-06-05 23:35 268 --ah----- C:\sqmdata06.sqm
    2008-06-05 23:35 . 2008-06-05 23:35 244 --ah----- C:\sqmnoopt06.sqm
    2008-06-04 18:47 . 2008-06-04 18:47 244 --ah----- C:\sqmnoopt05.sqm
    2008-06-04 18:47 . 2008-06-04 18:47 232 --ah----- C:\sqmdata05.sqm
    2008-06-03 07:13 . 2008-06-03 07:13 268 --ah----- C:\sqmdata04.sqm
    2008-06-03 07:13 . 2008-06-03 07:13 244 --ah----- C:\sqmnoopt04.sqm
    2008-06-02 20:57 . 2008-06-02 20:57 268 --ah----- C:\sqmdata03.sqm
    2008-06-02 20:57 . 2008-06-02 20:57 244 --ah----- C:\sqmnoopt03.sqm
    2008-06-02 20:53 . 2008-06-04 18:56 <REP> d-------- C:\Program Files\ATITool
    2008-06-02 01:26 . 2008-05-16 11:39 414,185,080 --a------ C:\S2E10KYLE_XY__310520080935__K7.wmv
    2008-06-02 01:25 . 2008-05-16 10:59 400,153,084 --a------ C:\S2E9KYLE_XY__310520080850__K7.wmv
    2008-05-30 22:50 . 2008-06-04 06:57 <REP> d-------- C:\vcs5BGEffects
    2008-05-30 22:49 . 2008-06-12 19:36 <REP> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
    2008-05-30 07:19 . 2008-05-30 07:19 268 --ah----- C:\sqmdata02.sqm
    2008-05-30 07:19 . 2008-05-30 07:19 244 --ah----- C:\sqmnoopt02.sqm
    2008-05-29 20:30 . 2008-05-29 20:30 <REP> d-------- C:\Program Files\IcoFX 1.6
    2008-05-29 20:30 . 2008-05-29 20:36 <REP> d-------- C:\Documents and Settings\ludovic\Application Data\IcoFX
    2008-05-29 07:31 . 2008-05-29 07:31 268 --ah----- C:\sqmdata01.sqm
    2008-05-29 07:31 . 2008-05-29 07:31 244 --ah----- C:\sqmnoopt01.sqm
    2008-05-28 06:14 . 2008-06-12 03:02 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-05-27 19:34 . 2008-06-09 22:11 <REP> d-------- C:\Program Files\Micro Application
    2008-05-27 07:23 . 2008-05-27 07:23 268 --ah----- C:\sqmdata00.sqm
    2008-05-27 07:23 . 2008-05-27 07:23 244 --ah----- C:\sqmnoopt00.sqm
    2008-05-27 00:38 . 2008-05-13 11:07 415,321,084 --a------ C:\S2E8KYLE_XY__240520080940__K7.wmv
    2008-05-25 23:41 . 2008-05-13 11:02 415,865,092 --a------ C:\S2E7KYLE_XY__240520080850__K7.wmv
    2008-05-25 19:48 . 2008-05-25 20:26 134,803,182 --a------ C:\jt13d23052008.asf
    2008-05-25 19:01 . 2008-05-25 19:48 134,895,982 --a------ C:\jt13d22052008.asf
    2008-05-25 18:38 . 2008-05-25 19:37 144,610,982 --a------ C:\jt13d21052008.asf
    2008-05-25 18:34 . 2008-05-25 19:29 133,283,582 --a------ C:\jt13d20052008.asf
    2008-05-25 18:13 . 2008-05-25 19:01 138,068,582 --a------ C:\jt13d19052008.asf
    2008-05-25 17:52 . 2008-05-25 17:52 0 --a------ C:\WINDOWS\ativpsrm.bin
    2008-05-23 02:02 . 2008-05-23 02:07 <REP> d-------- C:\Documents and Settings\ludovic\dwhelper
    2008-05-23 00:50 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-05-23 00:42 . 2008-05-23 00:42 <REP> d-------- C:\ATI
    2008-05-23 00:34 . 2008-06-07 20:09 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-05-22 00:13 . 2008-05-22 00:13 <REP> d-------- C:\Program Files\Veoh Networks
    2008-05-17 18:12 . 2008-05-19 18:52 <REP> d-------- C:\Program Files\Warzone 2100
    2008-05-17 18:12 . 2008-05-17 18:12 <REP> d-------- C:\Program Files\OpenAL
    2008-05-17 18:12 . 2008-05-17 18:12 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2008-05-17 18:12 . 2008-05-17 18:12 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2008-05-17 18:00 . 2008-06-03 22:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-05-17 18:00 . 2008-05-17 18:00 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-05-17 18:00 . 2008-05-22 23:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-05-17 14:08 . 2008-05-17 14:08 0 --a------ C:\WINDOWS\SAFEEDIT.INI
    2008-05-17 14:06 . 2008-05-17 14:06 0 --a------ C:\WINDOWS\UBEEDIT.INI
    2008-05-17 14:06 . 2008-05-17 14:06 0 --a------ C:\WINDOWS\AIPEDIT.INI
    2008-05-17 11:08 . 2008-05-17 11:08 <REP> d-------- C:\Program Files\Activision
    2008-05-16 06:05 . 2008-05-16 06:05 4,096 --a------ C:\WINDOWS\d3dx.dat
    2008-05-15 22:49 . 2008-05-15 22:49 <REP> d-------- C:\Program Files\Download Manager
    2008-05-15 22:45 . 2008-05-16 03:10 <REP> d-------- C:\Documents and Settings\ludovic\Application Data\IGN_DLM
    2008-05-15 06:36 . 2008-05-15 06:36 <REP> d-------- C:\Documents and Settings\ludovic\Application Data\DonationCoder
    2008-05-15 06:25 . 2008-05-15 06:36 46 --a------ C:\WINDOWS\system32\DonationCoder_urlsnooper_InstallInfo.dat
    2008-05-15 06:23 . 2008-05-15 06:35 <REP> d-------- C:\Program Files\WinPcap
    2008-05-15 06:23 . 2008-05-15 06:37 <REP> d-------- C:\Program Files\URLSnooper2
    2008-05-15 06:23 . 2008-05-15 06:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DonationCoder
    2008-05-14 20:03 . 2008-05-14 20:03 <REP> d--h----- C:\WINDOWS\PIF
    2008-05-13 23:21 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-05-13 23:21 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-05-13 22:49 . 2008-05-13 22:49 <REP> d-------- C:\Program Files\Notebook Hardware Control
    2008-05-13 21:40 . 2008-06-12 19:36 12,288 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys
    2008-05-13 19:34 . 2008-05-13 19:36 <REP> d-------- C:\Documents and Settings\ludovic\Contacts
    2008-05-13 19:30 . 2008-05-13 19:30 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-05-13 19:18 . 2008-05-13 19:30 <REP> d-------- C:\Program Files\Windows Live
    2008-05-13 19:18 . 2008-05-13 19:21 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-05-13 19:18 . 2008-05-13 19:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-05-13 07:20 . 2008-06-02 19:33 <REP> d-------- C:\Program Files\DOSBox-0.72
    2008-05-12 17:56 . 2008-05-12 17:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
    2008-05-12 17:45 . 2008-05-12 17:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll
    2008-05-12 17:45 . 2008-05-12 17:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
    2008-05-12 17:43 . 2008-05-12 17:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll
    2008-05-12 17:34 . 2008-05-12 17:34 6,221,824 --a------ C:\WINDOWS\system32\Atioglgl.dll
    2008-05-12 17:22 . 2008-05-12 17:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
    2008-05-12 17:22 . 2008-05-12 17:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
    2008-05-12 17:22 . 2008-05-12 17:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
    2008-05-12 17:09 . 2008-05-12 17:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll
    2008-05-12 17:03 . 2008-05-12 17:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
    2008-05-12 17:02 . 2008-05-12 17:02 241,664 --a------ C:\WINDOWS\system32\atiok3x2.dll
    2008-05-12 08:55 . 2008-05-12 08:55 <REP> d-------- C:\Program Files\PixiePack Codec Pack
    2008-05-12 08:53 . 2008-06-12 20:12 <REP> d-------- C:\Documents and Settings\ludovic\Application Data\Tunebite
    2008-05-12 08:53 . 2007-12-11 09:52 26,784 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
    2008-05-12 08:52 . 2008-05-12 08:52 <REP> d-------- C:\Program Files\RapidSolution
    2008-05-12 08:52 . 2008-05-12 08:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-12 17:37 --------- d-----w C:\Program Files\SpiralFrog
    2008-06-12 17:32 598,208 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-06-12 17:32 51,900,448 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-06-12 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-06-12 01:10 --------- d-----w C:\Documents and Settings\ludovic\Application Data\uTorrent
    2008-06-11 04:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-11 04:18 3,358,208 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
    2008-06-11 04:18 1,715,712 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
    2008-06-08 19:42 --------- d-----w C:\Program Files\ATI Technologies
    2008-06-06 19:34 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-06-05 21:00 1,685,504 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
    2008-06-02 18:57 4,066,304 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-05-25 15:55 --------- d-----w C:\Documents and Settings\ludovic\Application Data\ATI
    2008-05-21 22:39 120,935 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_21_20_58_21_small.dmp.zip
    2008-05-17 09:18 2,747,392 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
    2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\dllcache\ati3duag.dll
    2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
    2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
    2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2008-05-12 11:54 2,530,816 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-05-12 11:54 1,464,832 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-05-11 18:10 --------- d-----w C:\Program Files\DVD Shrink
    2008-05-11 10:25 --------- d-----w C:\Documents and Settings\ludovic\Application Data\CyberLink
    2008-05-11 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-05-11 10:15 --------- d-----w C:\Program Files\CyberLink
    2008-05-10 20:06 --------- d-----w C:\Documents and Settings\ludovic\Application Data\dvdcss
    2008-05-10 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spiralfrog
    2008-05-10 06:04 --------- d-----w C:\Program Files\Microsoft Virtual PC
    2008-05-10 00:23 --------- d-----w C:\Program Files\DAEMON Tools
    2008-05-10 00:13 --------- d-----w C:\Documents and Settings\ludovic\Application Data\AVGTOOLBAR
    2008-05-09 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-05-09 21:31 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    2008-05-09 21:31 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    2008-05-09 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-05-09 21:30 --------- d-----w C:\Program Files\Zone Labs
    2008-05-09 21:08 --------- d-----w C:\Documents and Settings\ludovic\Application Data\DivX
    2008-05-09 14:30 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-05-09 14:30 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-05-09 14:30 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
    2008-05-09 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
    2008-05-09 12:43 --------- d-----w C:\Documents and Settings\ludovic\Application Data\Move Networks
    2008-05-09 10:56 --------- d-----w C:\Program Files\Hotspot Shield
    2008-05-09 10:55 --------- d-----w C:\Program Files\QuickTime
    2008-05-09 10:54 --------- d-----w C:\Program Files\Apple Software Update
    2008-05-09 10:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-05-09 10:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-05-09 09:48 --------- d-----w C:\Program Files\DivX
    2008-05-08 17:04 --------- d-----w C:\Program Files\CCleaner
    2008-05-08 16:15 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-05-08 16:12 --------- d-----w C:\Program Files\MSXML 6.0
    2008-05-08 16:10 --------- d-----w C:\Program Files\MSBuild
    2008-05-08 16:07 --------- d-----w C:\Program Files\Reference Assemblies
    2008-05-08 15:19 --------- d-----w C:\Program Files\CONEXANT
    2008-05-08 15:17 --------- d-----w C:\Program Files\MSXML 4.0
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-05-08 12:11 --------- d-----w C:\Program Files\Conduit
    2008-05-08 11:02 --------- d-----w C:\Program Files\Windows Defender
    2008-05-08 10:33 --------- d-----w C:\Program Files\Xi
    2008-05-08 09:41 --------- d-----w C:\Documents and Settings\ludovic\Application Data\vlc
    2008-05-08 09:40 --------- d-----w C:\Program Files\VideoLAN
    2008-05-07 18:31 --------- d-----w C:\Documents and Settings\ludovic\Application Data\Talkback
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-05-06 22:52 --------- d-----w C:\Program Files\Replay Media Catcher
    2008-05-06 22:36 229,057 ----a-w C:\WINDOWS\Alcohol_Toolbar_Uninstaller_4296.exe
    2008-05-06 22:36 --------- d-----w C:\Program Files\Alcohol Toolbar
    2008-05-06 22:36 --------- d-----w C:\Program Files\Alcohol Soft
    2008-05-06 21:34 --------- d-----w C:\Documents and Settings\ludovic\Application Data\ClonySoft
    2008-05-06 21:29 --------- d-----w C:\Program Files\uTorrent
    2008-05-06 21:22 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-05-06 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-06 21:01 --------- d-----w C:\Program Files\Lavasoft
    2008-05-06 21:00 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-06 20:55 --------- d-----w C:\Program Files\AVG
    2008-05-06 04:41 --------- d-----w C:\Documents and Settings\ludovic\Application Data\Thunderbird
    2008-05-06 02:34 31 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
    2008-05-06 02:33 --------- d-----w C:\Program Files\SAGEM
    2008-05-06 02:23 --------- d-----w C:\Program Files\Java
    2008-05-06 02:23 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-05-06 02:18 --------- d-----w C:\Program Files\MiTAC
    2008-05-06 02:17 --------- d-----w C:\Program Files\Realtek
    2008-05-06 02:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-05-06 02:13 --------- d-----w C:\Program Files\Intel
    2008-05-06 02:03 --------- d-----w C:\Program Files\Synaptics
    2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-06 14:06 167368]
    "Tunebite"="C:\Program Files\RapidSolution\Tunebite\Tunebite.exe" [2007-12-12 13:19 4937008]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 23:57 1103480]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-16 18:02 3313664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 18:44 98394]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 18:43 688218]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15:52 15797248 C:\WINDOWS\RTHDCPL.exe]
    "WLAN"="C:\WINDOWS\system32\WLan.exe" [2005-11-25 08:52 221184]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-09 16:30 1177368]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
    "SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [2008-03-12 13:05 163128]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
    "vcs6diamond"="C:\Program Files\AV Vcs 6.0 DIAMOND\Vcs6Core.exe" [2007-06-28 18:34 304128]
    "NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2006-09-01 19:40 2228224]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

    C:\Documents and Settings\ludovic\Menu D‚marrer\Programmes\D‚marrage\
    Kitbar4$.lnk - C:\Documents and Settings\ludovic\Bureau\kitbar\Kitbar4$.exe [2008-06-04 07:11:52 1163264]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-06 04:33:56 839680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\uTorrent\\utorrent.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\APPS\\Powercinema\\PowerCinema.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 15:00]
    R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 16:01]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-09 16:30]
    R1 kioport;kioport Library Driver;C:\WINDOWS\system32\drivers\kioport.sys [2005-04-29 14:02]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-09 16:30]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-09 16:30]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-09 16:30]
    R3 CIR;Hid Device;C:\WINDOWS\system32\DRIVERS\CIR.sys [2005-09-30 11:37]
    R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]
    R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
    S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25]
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-14 21:40]

    *Newly Created Service* - CATCHME
    *Newly Created Service* - FLEXNET_LICENSING_SERVICE

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
    C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-04 17:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-06-12 17:36:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-05-13 21:50:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2008-05-20 21:50:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-12 20:27:49
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-12 20:30:06
    ComboFix-quarantined-files.txt 2008-06-12 18:29:36

    Pre-Run: 26,607,218,688 octets libres
    Post-Run: 26,654,560,256 octets libres

    334 --- E O F --- 2008-06-12 01:05:54
    2 Juillet 2008 06:49:51

    bonjour,

    j'ai toujours le meme probleme et maintenant j'ai mon ordi qui rame et mon disque dur qui chauffe( il atteint 41-42°C) ainsi que firefox au demarrrage me met serveur non trouvé alors que ma connection fonctionne


    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS