Votre question

comment me débarasser virus gzmrt.dll (windows vista)

Tags :
  • Windows Vista
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Février 2008 17:11:38

Je n'y connais rien, mon ordi a ralenti beaucoup.

Merci


:super: [:arslan:1] (RESOLU)

Autres pages sur : debarasser virus gzmrt dll windows vista

a b 8 Sécurité
13 Février 2008 17:30:24

ON PATIENTE ET ON N'ALERTE PAS POUR UNE AIDE !
ET ON DIT BONJOUR !
/ça c'est fait

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
13 Février 2008 18:41:46


Bonjour, je m'excuse je ne voulais pas du tout être brusque. Pour l'alerte c'est sûrement une erreur de ma part, je veux juste que quelqu'un soit gentil pour accepter de m'aider.

J'ai joint mon rapport. Merci



Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 12:36:10, on 2008-02-13
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\brigitte\AppData\Local\Temp\wz67f5\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7959 bytes
Contenus similaires
a b 8 Sécurité
13 Février 2008 19:18:35

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    14 Février 2008 15:01:46

    merci voici le rapport,


    ComboFix 08-02-14.2 - brigitte 2008-02-14
    8:53:57.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1153 [GMT -4:00]
    Endroit: C:\Users\brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETH21COG\ComboFix[1].exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\jusched.exe
    C:\Windows\system32\x64

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-13 22:36 --------- d-----w C:\ProgramData\Apple Computer
    2008-02-13 13:46 --------- d-----w C:\Program Files\Trend Micro
    2008-02-12 23:20 --------- d-----w C:\ProgramData\Symantec
    2008-02-12 23:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-12 22:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-12 22:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-12 22:53 943,800 ----a-w C:\Windows\System32\winload.exe
    2008-02-12 22:53 905,400 ----a-w C:\Windows\System32\winresume.exe
    2008-02-12 22:53 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
    2008-02-12 22:53 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
    2008-02-12 22:53 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-02-12 22:53 6,656 ----a-w C:\Windows\System32\kbd106.dll
    2008-02-12 22:53 595,456 ----a-w C:\Windows\System32\schedsvc.dll
    2008-02-12 22:53 558,080 ----a-w C:\Windows\System32\oleaut32.dll
    2008-02-12 22:53 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
    2008-02-12 22:53 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
    2008-02-12 22:53 39,424 ----a-w C:\Windows\System32\lodctr.exe
    2008-02-12 22:53 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
    2008-02-12 22:53 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
    2008-02-12 22:53 35,328 ----a-w C:\Windows\System32\dispci.dll
    2008-02-12 22:53 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
    2008-02-12 22:53 32,256 ----a-w C:\Windows\System32\unlodctr.exe
    2008-02-12 22:53 260,096 ----a-w C:\Windows\System32\dpx.dll
    2008-02-12 22:53 23,552 ----a-w C:\Windows\System32\nshhttp.dll
    2008-02-12 22:53 224,824 ----a-w C:\Windows\System32\clfs.sys
    2008-02-12 22:53 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
    2008-02-12 22:53 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
    2008-02-12 22:53 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
    2008-02-12 22:53 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
    2008-02-12 22:53 12,800 ----a-w C:\Windows\System32\batt.dll
    2008-02-12 22:53 115,200 ----a-w C:\Windows\System32\loadperf.dll
    2008-02-12 22:53 101,888 ----a-w C:\Windows\System32\drvinst.exe
    2008-02-12 22:53 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
    2008-02-12 22:51 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-12 22:51 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-12 22:51 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-12 22:51 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-12 22:51 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-12 22:51 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-12 22:51 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-12 22:51 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-12 22:51 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-12 22:51 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-12 22:51 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-12 22:51 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-12 22:51 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-12 22:51 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
    2008-02-12 22:51 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-12 22:51 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-12 22:51 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-12 22:51 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-12 22:49 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-12 22:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-12 22:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-12 22:49 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-12 22:49 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2008-02-12 22:39 --------- d-----w C:\Program Files\Alwil Software
    2008-02-11 19:27 --------- d-----w C:\Users\brigitte\AppData\Roaming\LimeWire
    2008-02-11 18:37 80,090 ----a-w C:\Windows\System32\adssite-remove.exe
    2008-02-11 18:37 40,724 ----a-w C:\Windows\System32\rightonadz-uninst.exe
    2008-02-11 18:20 --------- d-----w C:\Users\brigitte\AppData\Roaming\WinBatch
    2008-02-10 02:51 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-10 02:49 --------- d-----w C:\Program Files\MSBuild
    2008-02-10 02:49 --------- d-----w C:\Program Files\Microsoft Works
    2008-02-10 02:35 --------- d-----w C:\Program Files\LimeWire
    2008-02-09 02:18 102 ----a-w C:\Users\brigitte\AppData\Roaming\wklnhst.dat
    2008-02-08 00:47 --------- d-----w C:\Users\brigitte\AppData\Roaming\Template
    2008-02-07 21:21 --------- d-----w C:\Program Files\QuickTime
    2008-02-07 20:27 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-04 18:27 --------- d-----w C:\Program Files\Java
    2008-02-03 18:10 --------- d---a-w C:\Program Files\Common Files\LightScribe
    2008-02-03 18:03 --------- d-----w C:\ProgramData\LightScribe
    2008-02-02 22:41 --------- d-----w C:\ProgramData\DVD Shrink
    2008-02-02 20:29 --------- d-----w C:\Users\brigitte\AppData\Roaming\Roxio
    2008-02-02 20:16 --------- d-----w C:\ProgramData\Roxio
    2008-02-02 05:29 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
    2008-01-31 20:06 --------- d-----w C:\Users\brigitte\AppData\Roaming\Apple Computer
    2008-01-31 20:05 --------- d-----w C:\Program Files\Common Files\Apple
    2008-01-24 03:22 --------- d-----w C:\Program Files\OLYMPUS
    2008-01-24 03:17 --------- d-----w C:\ProgramData\WinZip
    2008-01-23 02:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-22 19:14 --------- d-----w C:\Program Files\Bonjour
    2008-01-22 19:13 --------- d-----w C:\ProgramData\Apple
    2008-01-22 19:13 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-18 00:11 --------- d-----w C:\Users\brigitte\AppData\Roaming\Hewlett-Packard
    2008-01-10 04:10 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-10 04:10 --------- d-----w C:\Program Files\Windows Mail
    2008-01-10 03:13 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-10 03:13 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-10 03:12 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-10 01:37 --------- d-----w C:\ProgramData\Xerox
    2008-01-10 01:00 --------- d-----w C:\ProgramData\OLYMPUS
    2008-01-10 00:57 --------- d-----w C:\ProgramData\QuickTime
    2008-01-10 00:55 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-01-04 09:48 --------- d---a-w C:\ProgramData\TEMP
    2008-01-02 21:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
    2008-01-02 21:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
    2008-01-02 21:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
    2008-01-02 21:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
    2008-01-02 21:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:12 1232896]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
    "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 18:54 95536]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-14 16:59 1006264]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 07:06 4669440 C:\Windows\RtHDVCpl.exe]
    "CCUTRAYICON"="FactoryMode" []
    "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 08:13 71176]
    "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-09-25 01:11 54672]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 18:11 49152]
    "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 18:54 54576]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 79224]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 15:10:02 394856]
    Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-26 01:32:08 421888]

    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 10:52]
    R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 05:32]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-07 10:26]
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
    R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-05-04 08:43]
    S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 04:13]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-18 00:56:05 C:\Windows\Tasks\HPCeeScheduleForbrigitte.job"
    - C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe HPCeeScheduleForbrigitte (null)
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-14 08:55:11
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-14 8:55:40
    ComboFix-quarantined-files.txt 2008-02-14 12:55:38
    .
    2008-02-12 22:42:04 --- E O F ---
    a b 8 Sécurité
    14 Février 2008 15:03:52

    Reposte un rapport Hijackthis.
    15 Février 2008 14:44:36

    voici le nouveau rapport, merci encore.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:43:22, on 2008-02-15
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\hp\KBD\KbdStub.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Windows\System32\jureg.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Users\brigitte\AppData\Local\Temp\wze9b2\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
    O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7636 bytes
    15 Février 2008 21:23:23


    voici le résultat, merci



    AntiVir PersonalEdition Classic
    Report file date: 15 février 2008 15:01

    Scanning for 1110678 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (plain) [6.0.6000]
    Username: SYSTEM
    Computer name: PC-DE-BRIGITTE

    Version information:
    BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 18:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 17:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 20:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 17:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 19:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 18:58:01
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 18:58:01
    ANTIVIR3.VDF : 7.0.2.148 201216 Bytes 2008-02-15 18:58:01
    AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 2008-02-15 18:58:04
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 15:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 12:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 18:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-15 18:58:04
    AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 12:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 17:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 12:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 16:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 17:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 17:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 14:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 15 février 2008 15:01

    The scan of running processes will be started
    Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'FlashUtil9e.exe' - '1' Module(s) have been scanned
    Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
    Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'ieuser.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'WlanCU.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'schtasks.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'jureg.exe' - '1' Module(s) have been scanned
    Scan process 'HPHC_Scheduler.exe' - '1' Module(s) have been scanned
    Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
    Scan process 'OSD.exe' - '1' Module(s) have been scanned
    Scan process 'KbdStub.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
    Scan process 'XAudio.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    67 processes with 67 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '17' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <FACTORY_IMAGE>


    End of the scan: 15 février 2008 15:21
    Used time: 19:53 min

    The scan has been done completely.

    15443 Scanning directories
    257666 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    257666 Files not concerned
    1590 Archives were scanned
    2 Warnings
    10 Notes

    a b 8 Sécurité
    16 Février 2008 12:14:28

    Reposte un rapport Hijackthis.
    16 Février 2008 21:59:32


    voici le rapport,



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:58:31, on 2008-02-16
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Windows\System32\jureg.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Users\brigitte\AppData\Local\Temp\wz1a05\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: rightonads optimizer - {7D9362F8-77D8-4b29-97B5-621D550890C0} - C:\Windows\system32\gzmrt.dll
    O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\Windows\system32\nsiEEE9.dll
    O2 - BHO: BrowsingSoftware - {B886C1F4-D1D3-45F5-F45E-75EB024320AC} - C:\Program Files\BrowsingSoftware\BrowsingSoftware-2.dll
    O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\Windows\system32\mysidesearch_sidebar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [postSetupCheck] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrt.dll" DllStart
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
    O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8016 bytes
    a b 8 Sécurité
    17 Février 2008 13:16:02

    Refais un scan Combofix.
    17 Février 2008 16:33:51

    voici le nouveau rapport combofix

    ComboFix 08-02-17.2 - brigitte 2008-02-17 10:27:22.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1186 [GMT -4:00]
    Endroit: C:\Users\brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MT7AI1KS\ComboFix[1].exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\nsiEEE9.dll
    C:\Windows\system32\TEVPXCW60.DLL
    C:\Windows\TDEVXCW60.DLL

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-16 21:49 --------- d-----w C:\Program Files\BrowsingSoftware
    2008-02-16 02:51 80,090 ----a-w C:\Windows\System32\adssite-remove.exe
    2008-02-16 02:51 40,724 ----a-w C:\Windows\System32\rightonadz-uninst.exe
    2008-02-16 02:39 --------- d-----w C:\Users\brigitte\AppData\Roaming\LimeWire
    2008-02-16 02:26 --------- d-----w C:\Users\brigitte\AppData\Roaming\TurboDemo
    2008-02-16 02:10 --------- d-----w C:\Program Files\Microsoft Works
    2008-02-15 18:47 --------- d-----w C:\ProgramData\Avira
    2008-02-15 18:47 --------- d-----w C:\Program Files\Avira
    2008-02-13 22:36 --------- d-----w C:\ProgramData\Apple Computer
    2008-02-13 13:46 --------- d-----w C:\Program Files\Trend Micro
    2008-02-12 23:20 --------- d-----w C:\ProgramData\Symantec
    2008-02-12 23:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-12 22:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-12 22:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-12 22:51 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-12 22:49 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-12 22:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-12 22:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-12 22:49 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-12 22:49 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2008-02-12 22:39 --------- d-----w C:\Program Files\Alwil Software
    2008-02-11 18:20 --------- d-----w C:\Users\brigitte\AppData\Roaming\WinBatch
    2008-02-10 02:51 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-10 02:49 --------- d-----w C:\Program Files\MSBuild
    2008-02-10 02:35 --------- d-----w C:\Program Files\LimeWire
    2008-02-09 02:18 102 ----a-w C:\Users\brigitte\AppData\Roaming\wklnhst.dat
    2008-02-08 00:47 --------- d-----w C:\Users\brigitte\AppData\Roaming\Template
    2008-02-07 21:21 --------- d-----w C:\Program Files\QuickTime
    2008-02-07 20:27 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-04 18:27 --------- d-----w C:\Program Files\Java
    2008-02-03 18:10 --------- d---a-w C:\Program Files\Common Files\LightScribe
    2008-02-03 18:03 --------- d-----w C:\ProgramData\LightScribe
    2008-02-02 22:41 --------- d-----w C:\ProgramData\DVD Shrink
    2008-02-02 20:29 --------- d-----w C:\Users\brigitte\AppData\Roaming\Roxio
    2008-02-02 20:16 --------- d-----w C:\ProgramData\Roxio
    2008-02-02 05:29 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
    2008-01-31 20:06 --------- d-----w C:\Users\brigitte\AppData\Roaming\Apple Computer
    2008-01-31 20:05 --------- d-----w C:\Program Files\Common Files\Apple
    2008-01-24 03:22 --------- d-----w C:\Program Files\OLYMPUS
    2008-01-24 03:17 --------- d-----w C:\ProgramData\WinZip
    2008-01-23 02:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-22 19:14 --------- d-----w C:\Program Files\Bonjour
    2008-01-22 19:13 --------- d-----w C:\ProgramData\Apple
    2008-01-22 19:13 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-18 00:11 --------- d-----w C:\Users\brigitte\AppData\Roaming\Hewlett-Packard
    2008-01-10 04:10 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-10 04:10 --------- d-----w C:\Program Files\Windows Mail
    2008-01-10 03:13 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-10 03:13 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-10 03:12 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-10 01:37 --------- d-----w C:\ProgramData\Xerox
    2008-01-10 01:00 --------- d-----w C:\ProgramData\OLYMPUS
    2008-01-10 00:57 --------- d-----w C:\ProgramData\QuickTime
    2008-01-10 00:55 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-01-04 09:48 --------- d---a-w C:\ProgramData\TEMP
    2008-01-02 21:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
    2008-01-02 21:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
    2008-01-02 21:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
    2008-01-02 21:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
    2008-01-02 21:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
    2008-01-02 21:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
    2008-01-02 21:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
    2008-01-02 21:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
    2008-01-02 20:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
    2008-01-02 20:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll
    2008-01-02 20:48 2,016,256 ----a-w C:\Windows\system32\drivers\igdkmd32.sys
    2008-01-02 20:47 1,953,696 ----a-w C:\Windows\System32\igklg400.dll
    2008-01-02 20:47 1,533,360 ----a-w C:\Windows\System32\igklg450.dll
    2008-01-02 20:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll
    2008-01-02 20:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
    2008-01-02 20:37 184,320 ----a-w C:\Windows\System32\igfxres.dll
    2008-01-02 20:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll
    2008-01-02 20:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
    2008-01-02 20:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
    2008-01-02 20:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll
    2008-01-02 20:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll
    2008-01-02 20:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
    2008-01-02 20:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll
    2008-01-02 20:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll
    2008-01-02 20:33 102,400 ----a-w C:\Windows\System32\hccutils.dll
    2007-12-29 21:06 --------- d-----w C:\Program Files\TRENDnet
    2007-12-23 18:33 --------- d-----w C:\Users\brigitte\AppData\Roaming\muvee Technologies
    2007-12-21 14:39 10,752 ----a-w C:\Windows\System32\WhoisCL.exe
    2007-12-17 22:32 174 --sha-w C:\Program Files\desktop.ini
    2007-12-17 22:28 --------- d-----w C:\Program Files\Windows Calendar
    2007-12-17 22:22 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2007-12-17 22:22 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2007-12-17 22:22 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2007-12-17 22:22 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2007-12-17 22:22 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2007-12-17 22:22 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2007-12-17 22:22 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2007-12-17 22:22 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2007-12-17 22:22 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2007-12-17 22:22 2,923,520 ----a-w C:\Windows\explorer.exe
    2007-12-17 22:22 2,028,544 ----a-w C:\Windows\System32\win32k.sys
    2007-12-17 22:21 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
    2007-12-17 22:19 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2007-12-17 22:18 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-12-17 22:17 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D9362F8-77D8-4b29-97B5-621D550890C0}]
    C:\Windows\system32\gzmrt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B886C1F4-D1D3-45F5-F45E-75EB024320AC}]
    2007-12-30 16:48 1019904 --a------ C:\Program Files\BrowsingSoftware\BrowsingSoftware-3.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:12 1232896]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
    "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 18:54 95536]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-14 16:59 1006264]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 07:06 4669440 C:\Windows\RtHDVCpl.exe]
    "CCUTRAYICON"="FactoryMode" []
    "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 08:13 71176]
    "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-09-25 01:11 54672]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 18:11 49152]
    "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 18:54 54576]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-15 14:58 249896]
    "postSetupCheck"="C:\Windows\system32\gzmrt.dll" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 15:10:02 394856]
    Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-26 01:32:08 421888]

    R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 05:32]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-07 10:26]
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
    R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-05-04 08:43]
    S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 04:13]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-18 00:56:05 C:\Windows\Tasks\HPCeeScheduleForbrigitte.job"
    - C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe HPCeeScheduleForbrigitte (null)
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-17 10:28:39
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-17 10:29:04
    ComboFix-quarantined-files.txt 2008-02-17 14:29:02
    ComboFix2.txt 2008-02-14 12:55:40
    .
    2008-02-14 17:56:28 --- E O F ---
    a b 8 Sécurité
    17 Février 2008 16:44:47

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Windows\System32\adssite-remove.exe
    C:\Windows\System32\rightonadz-uninst.exe

    Folder::
    C:\Program Files\BrowsingSoftware

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D9362F8-77D8-4b29-97B5-621D550890C0}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B886C1F4-D1D3-45F5-F45E-75EB024320AC}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "postSetupCheck"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    18 Février 2008 00:14:51

    Voici le rapport de combComboFix 08-02-18.1 - brigitte 2008-02-17 18:09:29.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1096 [GMT -4:00]
    Endroit: C:\Users\brigitte\Desktop\ComboFix.exe
    Command switches used :: C:\Users\brigitte\Desktop\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Windows\System32\adssite-remove.exe
    C:\Windows\System32\rightonadz-uninst.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-16 02:39 --------- d-----w C:\Users\brigitte\AppData\Roaming\LimeWire
    2008-02-16 02:26 --------- d-----w C:\Users\brigitte\AppData\Roaming\TurboDemo
    2008-02-16 02:10 --------- d-----w C:\Program Files\Microsoft Works
    2008-02-15 18:47 --------- d-----w C:\ProgramData\Avira
    2008-02-15 18:47 --------- d-----w C:\Program Files\Avira
    2008-02-13 22:36 --------- d-----w C:\ProgramData\Apple Computer
    2008-02-13 13:46 --------- d-----w C:\Program Files\Trend Micro
    2008-02-12 23:20 --------- d-----w C:\ProgramData\Symantec
    2008-02-12 23:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-12 22:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-12 22:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-12 22:51 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-12 22:49 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-12 22:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-12 22:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-12 22:49 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-12 22:49 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2008-02-12 22:39 --------- d-----w C:\Program Files\Alwil Software
    2008-02-11 18:20 --------- d-----w C:\Users\brigitte\AppData\Roaming\WinBatch
    2008-02-10 02:51 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-10 02:49 --------- d-----w C:\Program Files\MSBuild
    2008-02-10 02:35 --------- d-----w C:\Program Files\LimeWire
    2008-02-09 02:18 102 ----a-w C:\Users\brigitte\AppData\Roaming\wklnhst.dat
    2008-02-08 00:47 --------- d-----w C:\Users\brigitte\AppData\Roaming\Template
    2008-02-07 21:21 --------- d-----w C:\Program Files\QuickTime
    2008-02-07 20:27 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-04 18:27 --------- d-----w C:\Program Files\Java
    2008-02-03 18:10 --------- d---a-w C:\Program Files\Common Files\LightScribe
    2008-02-03 18:03 --------- d-----w C:\ProgramData\LightScribe
    2008-02-02 22:41 --------- d-----w C:\ProgramData\DVD Shrink
    2008-02-02 20:29 --------- d-----w C:\Users\brigitte\AppData\Roaming\Roxio
    2008-02-02 20:16 --------- d-----w C:\ProgramData\Roxio
    2008-02-02 05:29 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
    2008-01-31 20:06 --------- d-----w C:\Users\brigitte\AppData\Roaming\Apple Computer
    2008-01-31 20:05 --------- d-----w C:\Program Files\Common Files\Apple
    2008-01-24 03:22 --------- d-----w C:\Program Files\OLYMPUS
    2008-01-24 03:17 --------- d-----w C:\ProgramData\WinZip
    2008-01-23 02:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-22 19:14 --------- d-----w C:\Program Files\Bonjour
    2008-01-22 19:13 --------- d-----w C:\ProgramData\Apple
    2008-01-22 19:13 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-18 00:11 --------- d-----w C:\Users\brigitte\AppData\Roaming\Hewlett-Packard
    2008-01-10 04:10 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-10 04:10 --------- d-----w C:\Program Files\Windows Mail
    2008-01-10 03:13 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-10 03:13 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-10 03:12 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-10 01:37 --------- d-----w C:\ProgramData\Xerox
    2008-01-10 01:00 --------- d-----w C:\ProgramData\OLYMPUS
    2008-01-10 00:57 --------- d-----w C:\ProgramData\QuickTime
    2008-01-10 00:55 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-01-04 09:48 --------- d---a-w C:\ProgramData\TEMP
    2008-01-02 21:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
    2008-01-02 21:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
    2008-01-02 21:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
    2008-01-02 21:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
    2008-01-02 21:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
    2008-01-02 21:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
    2008-01-02 21:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
    2008-01-02 21:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
    2008-01-02 20:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
    2008-01-02 20:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll
    2008-01-02 20:48 2,016,256 ----a-w C:\Windows\system32\drivers\igdkmd32.sys
    2008-01-02 20:47 1,953,696 ----a-w C:\Windows\System32\igklg400.dll
    2008-01-02 20:47 1,533,360 ----a-w C:\Windows\System32\igklg450.dll
    2008-01-02 20:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll
    2008-01-02 20:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
    2008-01-02 20:37 184,320 ----a-w C:\Windows\System32\igfxres.dll
    2008-01-02 20:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll
    2008-01-02 20:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
    2008-01-02 20:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
    2008-01-02 20:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll
    2008-01-02 20:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll
    2008-01-02 20:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
    2008-01-02 20:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll
    2008-01-02 20:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll
    2008-01-02 20:33 102,400 ----a-w C:\Windows\System32\hccutils.dll
    2007-12-29 21:06 --------- d-----w C:\Program Files\TRENDnet
    2007-12-23 18:33 --------- d-----w C:\Users\brigitte\AppData\Roaming\muvee Technologies
    2007-12-21 14:39 10,752 ----a-w C:\Windows\System32\WhoisCL.exe
    2007-12-17 22:32 174 --sha-w C:\Program Files\desktop.ini
    2007-12-17 22:22 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2007-12-17 22:22 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2007-12-17 22:22 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2007-12-17 22:22 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2007-12-17 22:22 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2007-12-17 22:22 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2007-12-17 22:22 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2007-12-17 22:22 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2007-12-17 22:22 2,923,520 ----a-w C:\Windows\explorer.exe
    2007-12-17 22:22 2,028,544 ----a-w C:\Windows\System32\win32k.sys
    2007-12-17 22:21 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
    2007-12-17 22:20 86,016 ----a-w C:\Windows\System32\icfupgd.dll
    2007-12-17 22:20 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2007-12-17 22:20 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2007-12-17 22:20 61,952 ----a-w C:\Windows\System32\cmifw.dll
    2007-12-17 22:20 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2007-12-17 22:20 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
    2007-12-17 22:20 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
    2007-12-17 22:20 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:12 1232896]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
    "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 18:54 95536]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-14 16:59 1006264]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 07:06 4669440 C:\Windows\RtHDVCpl.exe]
    "CCUTRAYICON"="FactoryMode" []
    "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 08:13 71176]
    "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-09-25 01:11 54672]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 18:11 49152]
    "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 18:54 54576]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-15 14:58 249896]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 15:10:02 394856]
    Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-26 01:32:08 421888]

    R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 05:32]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-07 10:26]
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
    R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-05-04 08:43]
    S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 04:13]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-18 00:56:05 C:\Windows\Tasks\HPCeeScheduleForbrigitte.job"
    - C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe HPCeeScheduleForbrigitte (null)
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 18:10:25
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-18 18:10:54
    .
    2008-02-14 17:56:28 --- E O F ---
    o fix


    Le rapport Hidjackthis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:14:03, on 2008-02-18
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\jureg.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\schtasks.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Users\brigitte\AppData\Local\Temp\wz8066\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
    O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7467 bytes

    a b 8 Sécurité
    18 Février 2008 12:27:04

    C'est mieux ?
    19 Février 2008 01:05:52

    Super, je crois que tout va bien :) 

    Il n'y a plus de fenêtre qui apparait pour le fameux gzmrt.dll
    Je te suis tres reconnaissante pour l'aide apportée.
    MERCI BEAUCOUP.

    Pourrais-tu m'expliquer où j'ai pris ça?Je ne veux pas refaire cette erreur.


    [PROBLEME RESOLU
    a b 8 Sécurité
    19 Février 2008 13:01:42

    Tout est indiqué dans le lien suivant ;) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    20 Février 2008 01:07:46

    Bonjour, je ne peux quitter ToolCleaner: Impossible de creer fichier c:/TCleaner.txt acces refusé

    Qu'est-ce que j'ai mal fait ?

    merci alp
    a b 8 Sécurité
    20 Février 2008 13:14:03

    Lance-le en faisant clic-droit/exécuter en tant qu'administrateur
    21 Février 2008 00:30:19


    voici le rapport,

    -->- Recherche:

    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Users\IUSR_NMPR\Desktop\HijackThis.lnk: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Users\IUSR_NMPR\Desktop\HijackThis.lnk: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Pour la restauration du systeme, avec Vista je n'ai pas les mêmes
    tableaux et cela n'est pas dit de la même façon. Je n'ai rien fait je ne suis pas certaine.

    Merci de ta patience [:arslan:1]
    a b 8 Sécurité
    21 Février 2008 12:31:51

    C'est n'est pas grave pour la resto ;) 
    21 Février 2008 23:05:19

    Peux-tu m'expliquer pourquoi quand je quitte le forum, qu'il y a une multitude de fenêtre qui souvre. Je finis par les fermer, mais c'est un peu capotant.

    Merci
    a b 8 Sécurité
    22 Février 2008 17:29:06

    Des fenêtres ?
    22 Février 2008 18:43:25

    Je veux dire des onglets.Celle du site souvre a répétition soit environ 25fois.
    22 Février 2008 18:45:07

    Et quand je ferme l'ordi, j'ai le message suivant:
    application n'a pas réussi à s'initialiser 0xc0000142

    Merci
    a b 8 Sécurité
    23 Février 2008 11:47:24

    Tu peux faire un screen ?
    23 Février 2008 18:52:00

    c'est quoi un screen?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS