Se connecter / S'enregistrer
Votre question

le fameux triangle jaune disant infection

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Octobre 2007 19:18:17

bonjour à tous , j'ai lu les réponses concernant ce fameux triangle annonçant qu'on est infecté et j'ai vu qu'il fallait mettre son log donc merci à la communauté pour l'aide :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:24, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ad-Aware\Ad-Watch.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.249.93.99 www.google.fr
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hiwgosar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hiwgosar.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\WINDOWS\system32\transbar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
O20 - Winlogon Notify: hiwgosar - C:\WINDOWS\SYSTEM32\hiwgosar.dll
O20 - Winlogon Notify: ljjheee - ljjheee.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7816 bytes

Autres pages sur : fameux triangle jaune disant infection

a b 8 Sécurité
15 Octobre 2007 19:20:01

Bonjour,

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**
15 Octobre 2007 19:41:08

merci pour la rapidité :

SmitFraudFix v2.240

Rapport fait à 19:40:07,40, 15/10/2007
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ad-Aware\Ad-Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 hk.digitaltrends.com
127.0.0.1 microsoft.com.org #[IE-SpyAd]
127.0.0.1 www.www.microsoft.com.org

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\stef


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\stef\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\stef\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{61C3116F-DFBD-422F-A71A-74E8D890BEF4}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{61C3116F-DFBD-422F-A71A-74E8D890BEF4}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{61C3116F-DFBD-422F-A71A-74E8D890BEF4}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Contenus similaires
a b 8 Sécurité
15 Octobre 2007 19:45:23

Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    15 Octobre 2007 19:50:41

    re,

    ComboFix 07-10-12.4 - stef 2007-10-15 19:47:23.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1492 [GMT 2:00]
    Running from: C:\Documents and Settings\stef\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Hammer.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE


    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-15 19:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-15 19:40 2,082 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-15 19:39 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-10-15 19:39 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-10-15 19:39 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-10-15 19:39 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-15 19:39 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-15 19:02 <REP> d-------- C:\Program Files\Trend Micro
    2007-10-15 11:28 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2007-10-15 04:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Xentient
    2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\VS80-KB925674-X86
    2007-10-15 04:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2007-10-15 04:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2007-10-15 04:24 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\IXP001.TMP
    2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\IXP000.TMP
    2007-10-15 04:24 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2007-10-14 20:25 <REP> d-------- C:\Documents and Settings\stef\Application Data\OpenOffice.org2
    2007-10-14 20:23 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
    2007-10-14 18:20 <REP> d-------- C:\Documents and Settings\stef\Application Data\Symantec
    2007-10-14 18:15 215,144 -ra------ C:\WINDOWS\pw32a.dll
    2007-10-14 18:15 215,144 -ra------ C:\WINDOWS\patchw32.dll
    2007-10-14 18:09 <REP> d-------- C:\Program Files\Symantec
    2007-10-14 18:09 <REP> d-------- C:\Program Files\Norton Ghost
    2007-10-14 18:09 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-14 18:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2007-10-14 18:09 131,808 --a------ C:\WINDOWS\system32\drivers\symsnap.sys
    2007-10-14 18:09 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
    2007-10-14 18:09 109,360 --a------ C:\WINDOWS\system32\GEARAspi.dll
    2007-10-14 18:09 37,864 --a------ C:\WINDOWS\system32\drivers\v2imount.sys
    2007-10-14 18:09 15,664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    2007-10-14 18:09 14,072 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys
    2007-10-14 16:40 <REP> d-------- C:\Documents and Settings\stef\Application Data\Ahead
    2007-10-14 15:41 <REP> d-------- C:\Documents and Settings\stef\Application Data\Lavasoft
    2007-10-14 15:26 389,184 --a------ C:\WINDOWS\system32\oqinlokh.exe
    2007-10-14 15:26 339,968 --a------ C:\WINDOWS\system32\hiwgosar.dll
    2007-10-13 22:20 <REP> d-------- C:\WINDOWS\Sun
    2007-10-13 22:19 <REP> d-------- C:\Program Files\Java
    2007-10-13 22:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2007-10-13 22:17 <REP> d-------- C:\Program Files\Azureus
    2007-10-13 20:14 <REP> d-------- C:\Program Files\Ubisoft
    2007-10-13 20:08 <REP> d-------- C:\Program Files\fraps
    2007-10-13 20:08 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-13 19:56 <REP> d-------- C:\Program Files\eMule
    2007-10-13 19:52 <REP> d-------- C:\Documents and Settings\stef\Application Data\Canon
    2007-10-13 19:52 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2007-10-13 19:52 140,288 --a------ C:\WINDOWS\system32\CNMLM7M.DLL
    2007-10-13 19:52 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-10-13 19:52 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-10-13 19:52 8,704 --a------ C:\WINDOWS\system32\CNMVS7M.DLL
    2007-10-13 19:50 <REP> d--h----- C:\WINDOWS\system32\CanonMP Uninstaller Information
    2007-10-13 19:50 221,184 --a------ C:\WINDOWS\system32\CNCC800.DLL
    2007-10-13 19:50 139,264 --a------ C:\WINDOWS\system32\CNCL800.DLL
    2007-10-13 19:50 77,824 --a------ C:\WINDOWS\system32\CNCA800.DLL
    2007-10-13 19:50 69,632 --a------ C:\WINDOWS\system32\CNCI800.DLL
    2007-10-13 19:50 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
    2007-10-13 19:42 <REP> d-------- C:\Program Files\Canon
    2007-10-13 18:34 <REP> d-------- C:\Documents and Settings\stef\Application Data\Azureus
    2007-10-13 18:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2007-10-13 18:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    2007-10-13 18:01 <REP> d-------- C:\Program Files\DAEMON Tools Pro
    2007-10-13 18:01 <REP> d-------- C:\Documents and Settings\stef\Application Data\DAEMON Tools Pro
    2007-10-13 17:56 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-13 17:54 <REP> d-------- C:\Documents and Settings\stef\.homejukebox
    2007-10-13 17:53 <REP> d-------- C:\Program Files\Home Jukebox
    2007-10-13 17:48 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2007-10-13 17:48 <REP> d-------- C:\Documents and Settings\stef\Application Data\teamspeak2
    2007-10-13 17:43 <REP> d-------- C:\Documents and Settings\stef\Application Data\Media Player Classic
    2007-10-13 17:41 <REP> d-------- C:\Program Files\adslTV
    2007-10-13 17:41 <REP> d-------- C:\Documents and Settings\stef\Application Data\vlc
    2007-10-13 17:29 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2007-10-13 16:49 <REP> d-------- C:\Program Files\Fichiers communs\ACD Systems
    2007-10-13 16:49 <REP> d-------- C:\Program Files\ACD Systems
    2007-10-13 16:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
    2007-10-13 16:23 <REP> d-------- C:\Documents and Settings\stef\WINDOWS
    2007-10-13 16:23 297,472 --a------ C:\WINDOWS\uninst.exe
    2007-10-13 16:14 59,392 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2007-10-13 16:13 <REP> d-------- C:\Documents and Settings\stef\Application Data\Logitech
    2007-10-13 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
    2007-10-13 16:13 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
    2007-10-13 16:13 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
    2007-10-13 16:13 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
    2007-10-13 16:13 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
    2007-10-13 16:09 <REP> d-------- C:\Documents and Settings\stef\Application Data\InstallShield
    2007-10-13 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
    2007-10-13 16:09 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
    2007-10-13 16:09 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
    2007-10-13 16:09 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
    2007-10-13 16:09 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
    2007-10-13 16:05 <REP> d-------- C:\Program Files\Logitech
    2007-10-13 16:05 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
    2007-10-13 16:01 1,287 --a------ C:\WINDOWS\mozver.dat
    2007-10-13 15:43 <REP> d-------- C:\Program Files\IncrediMail
    2007-10-13 15:37 <REP> d-------- C:\Program Files\quicken
    2007-10-13 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-13 15:06 <REP> d-------- C:\Program Files\MSBuild
    2007-10-13 15:05 <REP> d-------- C:\WINDOWS\system32\XPSViewer

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-15 16:37 --------- d-----w C:\Program Files\Ad-Aware
    2007-10-14 14:14 --------- d-----w C:\Program Files\Spybot
    2007-10-13 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-13 14:13 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2007-10-13 14:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2007-10-13 02:09 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-10-12 20:58 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-10-12 20:58 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-10-12 20:29 --------- d-----w C:\Documents and Settings\stef\Application Data\ATI
    2007-10-12 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
    2007-10-12 20:23 --------- d-----w C:\Program Files\ATI Technologies
    2007-10-12 20:21 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-10-12 19:21 --------- d-----w C:\Documents and Settings\stef\Application Data\Xentient
    2007-10-12 19:20 --------- d-----w C:\Program Files\Styler
    2007-10-12 19:20 --------- d-----w C:\Documents and Settings\stef\Application Data\Styler
    2007-10-12 19:19 --------- d-----w C:\Program Files\MSXML 6.0
    2007-10-12 19:18 --------- d-----w C:\Program Files\Cener Development
    2007-10-12 19:12 --------- d-----w C:\Program Files\Windows Live
    2007-10-12 19:12 --------- d-----w C:\Program Files\microsoft frontpage
    2007-10-12 19:12 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-10-12 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-10-12 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
    2007-10-12 19:11 77,184 ----a-w C:\WINDOWS\system32\drivers\lnsfw1.sys
    2007-10-12 19:11 45,824 ----a-w C:\WINDOWS\system32\drivers\lnsfw.sys
    2007-10-12 19:11 36,924 ----a-w C:\WINDOWS\system32\fwapi.dll
    2007-10-12 19:11 --------- d-----w C:\Program Files\Nero
    2007-10-12 19:11 --------- d-----w C:\Program Files\MSXML 4.0
    2007-10-12 19:11 --------- d-----r C:\Program Files\Windows Sidebar
    2007-10-12 19:06 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-10-12 19:04 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-10-02 14:32 4,613,120 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
    2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
    2007-09-27 12:20 16,844,800 ----a-w C:\WINDOWS\RTHDCPL.EXE
    2007-09-15 01:23 169,856 ----a-w C:\WINDOWS\system32\drivers\atinavt2.sys
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-17 17:28 --------- d-----w C:\Program Files\MSN Messenger
    2007-08-03 11:22 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-07-29 15:51 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    2007-07-26 16:06 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
    2007-07-26 15:09 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
    2007-07-25 13:24 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-10-14 15:26 339968 --a------ C:\WINDOWS\system32\hiwgosar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\hiwgosar.dll [2007-10-14 15:26 339968]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\hiwgosar.dll [2007-10-14 15:26 339968]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16]
    "VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 15:00]
    "Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37]
    "TransBar"="C:\WINDOWS\system32\transbar.exe" [2004-08-28 15:00]
    "Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 11:48]
    "Look 'n' Stop"="C:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2007-10-12 21:11]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
    "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 14:20 C:\WINDOWS\RTHDCPL.EXE]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-07-31 17:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 15:00]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
    "AWMON"="C:\Program Files\Ad-Aware\Ad-Watch.exe" [2005-05-25 13:12]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe
    "nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    "nltide2"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N
    "nltide_2"=regsvr32 /s /n /i:U shell32
    "nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"=1 (0x1)
    "NoSMHelp"=1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"=1 (0x1)
    "NoSMHelp"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    C:\WINDOWS\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hiwgosar]
    hiwgosar.dll 2007-10-14 15:26 339968 C:\WINDOWS\system32\hiwgosar.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjheee]
    ljjheee.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    R0 Jraid;Jraid;C:\WINDOWS\system32\DRIVERS\jraid.sys
    R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys
    R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys
    R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys
    R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys
    R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\system32\DRIVERS\v2imount.sys
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S3 WimFltr;WimFltr;C:\WINDOWS\system32\DRIVERS\wimfltr.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-15 17:41:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-15 19:49:37
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-15 19:50:04 - machine was rebooted
    .
    --- E O F ---
    a b 8 Sécurité
    15 Octobre 2007 19:53:48

    Reposte un rapport Hijackthis.
    15 Octobre 2007 19:56:23

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:55, on 15/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20627)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\Program Files\styler\Styler.exe
    C:\Program Files\Soft4Ever\looknstop\looknstop.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Norton Ghost\Agent\VProTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ad-Aware\Ad-Watch.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hiwgosar.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hiwgosar.dll
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [TransBar] C:\WINDOWS\system32\transbar.exe /s
    O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
    O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
    O20 - Winlogon Notify: hiwgosar - C:\WINDOWS\SYSTEM32\hiwgosar.dll
    O20 - Winlogon Notify: ljjheee - ljjheee.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 7291 bytes
    a b 8 Sécurité
    15 Octobre 2007 20:47:43

    Re,

    - Assure toi d'avoir accès aux dossiers/fichiers cachés
    -> Démarrer
    -> Panneau de configuration
    -> Options des Dossiers, onglet Affichage :
    . Clique sur Afficher les dossiers cachés
    . Décoche Masquer les extensions des fichiers dont le type est connu
    . Décoche Masquer les fichiers protégés du système d'exploitation


    Va sur le site de S!ri
    Clique sur Parcourir... puis ouvre:

    C:\WINDOWS\SYSTEM32\hiwgosar.dll

    Clique ensuite sur Upload.
    15 Octobre 2007 20:51:22

    ok c'est fait captain :) 
    a b 8 Sécurité
    15 Octobre 2007 21:17:25

    Re,

    On supprime maintenant :) 

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\hiwgosar.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hiwgosar]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjheee]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    15 Octobre 2007 21:29:59

    y'a eu redemmarage :bounce: 

    voici combofix :

    ComboFix 07-10-12.4 - stef 2007-10-15 21:24:15.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1070 [GMT 2:00]
    Running from: C:\Documents and Settings\stef\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\stef\Bureau\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system32\hiwgosar.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\hiwgosar.dll
    C:\WINDOWS\system32\hiwgosar.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-15 20:44 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-10-15 20:44 <REP> C:\WINDOWS\LastGood.Tmp
    2007-10-15 19:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-15 19:40 2,082 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-15 19:39 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-10-15 19:39 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-10-15 19:39 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-10-15 19:39 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-15 19:39 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-15 19:02 <REP> d-------- C:\Program Files\Trend Micro
    2007-10-15 11:28 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2007-10-15 04:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Xentient
    2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\VS80-KB925674-X86
    2007-10-15 04:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2007-10-15 04:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2007-10-15 04:24 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\IXP001.TMP
    2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\IXP000.TMP
    2007-10-15 04:24 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2007-10-14 20:25 <REP> d-------- C:\Documents and Settings\stef\Application Data\OpenOffice.org2
    2007-10-14 20:23 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
    2007-10-14 18:20 <REP> d-------- C:\Documents and Settings\stef\Application Data\Symantec
    2007-10-14 18:15 215,144 -ra------ C:\WINDOWS\pw32a.dll
    2007-10-14 18:15 215,144 -ra------ C:\WINDOWS\patchw32.dll
    2007-10-14 18:09 <REP> d-------- C:\Program Files\Symantec
    2007-10-14 18:09 <REP> d-------- C:\Program Files\Norton Ghost
    2007-10-14 18:09 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-14 18:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2007-10-14 18:09 131,808 --a------ C:\WINDOWS\system32\drivers\symsnap.sys
    2007-10-14 18:09 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
    2007-10-14 18:09 109,360 --a------ C:\WINDOWS\system32\GEARAspi.dll
    2007-10-14 18:09 37,864 --a------ C:\WINDOWS\system32\drivers\v2imount.sys
    2007-10-14 18:09 15,664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    2007-10-14 18:09 14,072 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys
    2007-10-14 16:40 <REP> d-------- C:\Documents and Settings\stef\Application Data\Ahead
    2007-10-14 15:41 <REP> d-------- C:\Documents and Settings\stef\Application Data\Lavasoft
    2007-10-14 15:26 389,184 --a------ C:\WINDOWS\system32\oqinlokh.exe
    2007-10-13 22:20 <REP> d-------- C:\WINDOWS\Sun
    2007-10-13 22:19 <REP> d-------- C:\Program Files\Java
    2007-10-13 22:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2007-10-13 22:17 <REP> d-------- C:\Program Files\Azureus
    2007-10-13 20:14 <REP> d-------- C:\Program Files\Ubisoft
    2007-10-13 20:08 <REP> d-------- C:\Program Files\fraps
    2007-10-13 20:08 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-13 19:56 <REP> d-------- C:\Program Files\eMule
    2007-10-13 19:52 <REP> d-------- C:\Documents and Settings\stef\Application Data\Canon
    2007-10-13 19:52 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2007-10-13 19:52 140,288 --a------ C:\WINDOWS\system32\CNMLM7M.DLL
    2007-10-13 19:52 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-10-13 19:52 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-10-13 19:52 8,704 --a------ C:\WINDOWS\system32\CNMVS7M.DLL
    2007-10-13 19:50 <REP> d--h----- C:\WINDOWS\system32\CanonMP Uninstaller Information
    2007-10-13 19:50 221,184 --a------ C:\WINDOWS\system32\CNCC800.DLL
    2007-10-13 19:50 139,264 --a------ C:\WINDOWS\system32\CNCL800.DLL
    2007-10-13 19:50 77,824 --a------ C:\WINDOWS\system32\CNCA800.DLL
    2007-10-13 19:50 69,632 --a------ C:\WINDOWS\system32\CNCI800.DLL
    2007-10-13 19:50 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
    2007-10-13 19:42 <REP> d-------- C:\Program Files\Canon
    2007-10-13 18:34 <REP> d-------- C:\Documents and Settings\stef\Application Data\Azureus
    2007-10-13 18:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2007-10-13 18:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    2007-10-13 18:01 <REP> d-------- C:\Program Files\DAEMON Tools Pro
    2007-10-13 18:01 <REP> d-------- C:\Documents and Settings\stef\Application Data\DAEMON Tools Pro
    2007-10-13 17:56 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-13 17:54 <REP> d-------- C:\Documents and Settings\stef\.homejukebox
    2007-10-13 17:53 <REP> d-------- C:\Program Files\Home Jukebox
    2007-10-13 17:48 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2007-10-13 17:48 <REP> d-------- C:\Documents and Settings\stef\Application Data\teamspeak2
    2007-10-13 17:43 <REP> d-------- C:\Documents and Settings\stef\Application Data\Media Player Classic
    2007-10-13 17:41 <REP> d-------- C:\Program Files\adslTV
    2007-10-13 17:41 <REP> d-------- C:\Documents and Settings\stef\Application Data\vlc
    2007-10-13 17:29 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2007-10-13 16:49 <REP> d-------- C:\Program Files\Fichiers communs\ACD Systems
    2007-10-13 16:49 <REP> d-------- C:\Program Files\ACD Systems
    2007-10-13 16:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
    2007-10-13 16:23 <REP> d-------- C:\Documents and Settings\stef\WINDOWS
    2007-10-13 16:23 297,472 --a------ C:\WINDOWS\uninst.exe
    2007-10-13 16:14 59,392 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2007-10-13 16:13 <REP> d-------- C:\Documents and Settings\stef\Application Data\Logitech
    2007-10-13 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
    2007-10-13 16:13 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
    2007-10-13 16:13 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
    2007-10-13 16:13 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
    2007-10-13 16:13 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
    2007-10-13 16:09 <REP> d-------- C:\Documents and Settings\stef\Application Data\InstallShield
    2007-10-13 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
    2007-10-13 16:09 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
    2007-10-13 16:09 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
    2007-10-13 16:09 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
    2007-10-13 16:09 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
    2007-10-13 16:05 <REP> d-------- C:\Program Files\Logitech
    2007-10-13 16:05 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
    2007-10-13 16:01 1,287 --a------ C:\WINDOWS\mozver.dat
    2007-10-13 15:43 <REP> d-------- C:\Program Files\IncrediMail
    2007-10-13 15:37 <REP> d-------- C:\Program Files\quicken
    2007-10-13 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-13 15:06 <REP> d-------- C:\Program Files\MSBuild

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-15 16:37 --------- d-----w C:\Program Files\Ad-Aware
    2007-10-14 14:14 --------- d-----w C:\Program Files\Spybot
    2007-10-13 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-13 14:13 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2007-10-13 14:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2007-10-13 02:09 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-10-12 20:58 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-10-12 20:58 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-10-12 20:29 --------- d-----w C:\Documents and Settings\stef\Application Data\ATI
    2007-10-12 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
    2007-10-12 20:23 --------- d-----w C:\Program Files\ATI Technologies
    2007-10-12 20:21 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-10-12 19:21 --------- d-----w C:\Documents and Settings\stef\Application Data\Xentient
    2007-10-12 19:20 --------- d-----w C:\Program Files\Styler
    2007-10-12 19:20 --------- d-----w C:\Documents and Settings\stef\Application Data\Styler
    2007-10-12 19:19 --------- d-----w C:\Program Files\MSXML 6.0
    2007-10-12 19:18 --------- d-----w C:\Program Files\Cener Development
    2007-10-12 19:12 --------- d-----w C:\Program Files\Windows Live
    2007-10-12 19:12 --------- d-----w C:\Program Files\microsoft frontpage
    2007-10-12 19:12 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-10-12 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-10-12 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
    2007-10-12 19:11 77,184 ----a-w C:\WINDOWS\system32\drivers\lnsfw1.sys
    2007-10-12 19:11 45,824 ----a-w C:\WINDOWS\system32\drivers\lnsfw.sys
    2007-10-12 19:11 36,924 ----a-w C:\WINDOWS\system32\fwapi.dll
    2007-10-12 19:11 --------- d-----w C:\Program Files\Nero
    2007-10-12 19:11 --------- d-----w C:\Program Files\MSXML 4.0
    2007-10-12 19:11 --------- d-----r C:\Program Files\Windows Sidebar
    2007-10-12 19:06 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-10-12 19:04 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-10-02 14:32 4,613,120 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
    2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
    2007-09-27 12:20 16,844,800 ----a-w C:\WINDOWS\RTHDCPL.EXE
    2007-09-15 01:23 169,856 ----a-w C:\WINDOWS\system32\drivers\atinavt2.sys
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-17 17:28 --------- d-----w C:\Program Files\MSN Messenger
    2007-08-03 11:22 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-07-29 15:51 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    2007-07-26 16:06 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
    2007-07-26 15:09 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
    2007-07-25 13:24 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-15_19.49.50.42 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2006-03-20 11:17:24 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2006-03-20 11:17:20 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    + 2007-10-15 19:27:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_a20.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16]
    "VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 15:00]
    "Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37]
    "TransBar"="C:\WINDOWS\system32\transbar.exe" [2004-08-28 15:00]
    "Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 11:48]
    "Look 'n' Stop"="C:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2007-10-12 21:11]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
    "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 14:20 C:\WINDOWS\RTHDCPL.EXE]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-07-31 17:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 15:00]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
    "AWMON"="C:\Program Files\Ad-Aware\Ad-Watch.exe" [2005-05-25 13:12]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe
    "nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    "nltide2"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N
    "nltide_2"=regsvr32 /s /n /i:U shell32
    "nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"=1 (0x1)
    "NoSMHelp"=1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"=1 (0x1)
    "NoSMHelp"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    C:\WINDOWS\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    R0 Jraid;Jraid;C:\WINDOWS\system32\DRIVERS\jraid.sys
    R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys
    R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys
    R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys
    R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys
    R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\system32\DRIVERS\v2imount.sys
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S3 WimFltr;WimFltr;C:\WINDOWS\system32\DRIVERS\wimfltr.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-15 17:52:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-15 21:27:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-15 21:27:39 - machine was rebooted
    C:\ComboFix2.txt ... 2007-10-15 19:50
    .
    --- E O F ---




    et voici l'autre :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:29, on 15/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20627)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\Program Files\styler\Styler.exe
    C:\Program Files\Soft4Ever\looknstop\looknstop.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Norton Ghost\Agent\VProTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ad-Aware\Ad-Watch.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [TransBar] C:\WINDOWS\system32\transbar.exe /s
    O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
    O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 7006 bytes


    merci pour ton temps

    a b 8 Sécurité
    15 Octobre 2007 21:31:29

    Mieux ?
    15 Octobre 2007 21:36:01

    trop fort y'a plus le triangle, plus la barre security sur internet explorer et plus 2 raccourcis moisis sur le bureau pour avoir soi disant un super anti-spyware.

    J'ai 35 balais et c'est grâce à des gars comme toi sur les forums qui me dépannent que j'ai pas laisser tomber l'informatique car des problèmes sont fréquents à cause de mecs qui n'ont que ça à faire que de plmober les ordis des gens.
    MERCi encore MERCI et longue vie pour ce forum.

    PS: tu pourrais me dire quel antivirus te considère comme le meilleur en ce moment? merci.
    a b 8 Sécurité
    15 Octobre 2007 21:38:52

    Citation :
    PS: tu pourrais me dire quel antivirus te considère comme le meilleur en ce moment? merci.

    Payant : Nod32 - Kaspersy
    Gratuit : AntiVir
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS