Bonjour,  
 
Depuis plusieurs jours, lorsque je surf normalement avec firefox, des pubs intempestives "Ads served by adssite" s'ouvre!
J'ai donc lancé Ad aware Se personal et Sbybot sur windows et en mode sans échec, ils m'ont supprimés plusieurs saloperies (Je précise que j'avais décocher "restauration du système" avant d'aller en mode sans échec).
J'ai donc désinstaller Ad aware Se personal pour installer Ad aware 2007 et j'ai refait les mêmes étapes que précédemment mais c'est toujours la même chose et les pubs sont toujours présente!
 
J'ajouterai que les logiciels que j'ai utilisés sont tous mis à jour quotidiennement. Je suis un peu perdu et ne sais plus quoi faire,
 
merci d'avance!

Personne pour m'aider à résoudre ce problème?
Merci par avance.

Bonjour
 
 
Télécharge HijackThis v2.0.2
http://www.trendsecure.com/portal/ [...] ckThis.exe
Démo en image
http://perso.orange.fr/rginformati [...] hijack.htm
 
Fais un scan et poste l'analyse ici.

Bonjour,
 
Je pense avoir résolu mon problème grâce au logiciel Spyware Doctor, il m'a supprimé Ads served by adssite.
Cependant, si il y est encore, je posterai l'analyse de HijackThis.
Merci tout de même !

Il est toujours là, voici le log HijackThis:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:05, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\MATTHIEU\HiJackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112w.bay112.mail.live.com [...] nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
--
End of file - 7726 bytes
 
Merci

Bonjour
 
Je me doutais bien que Spyware Doctor ne suffirais pas.
 
 
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.  
 
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.

Bonjour,  
 
Voici le rapport Combofixe:
 
ComboFix 07-12-09.1 - Matthieu 2007-12-11 17:00:58.1 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.157 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\MATTHIEU\ComboFix.exe
 * Created a new restore point
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\WINDOWS\system32\nsj17B.dll
 
.
(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2007-11-11 to 2007-12-11  ))))))))))))))))))))))))))))))))))))
.
 
2007-12-11 12:09 . 2007-12-11 12:09 59,223 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2007-12-10 19:52 . 2007-12-10 19:52 303,104 --a------ C:\WINDOWS\system32\adssite_sidebar.dll
2007-12-09 11:31 . 2007-12-09 14:05 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-09 11:31 . 2007-12-09 11:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC Tools
2007-12-09 11:31 . 2007-12-09 11:32 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-09 11:31 . 2007-12-09 11:32 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-09 11:31 . 2007-12-09 11:32 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-09 11:31 . 2007-12-09 11:32 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-08 18:03 . 2007-12-08 18:03 <REP> d-------- C:\Program Files\Tomb Raider - Anniversary Demo
2007-12-08 14:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-07 19:03 . 2007-12-07 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-07 19:03 . 2007-12-07 19:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-12-07 19:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-06 19:32 . 2007-12-08 12:37 <REP> d-------- C:\Program Files\Trend Micro
2007-12-06 17:23 . 2007-12-07 20:14 <REP> d-------- C:\Program Files\Lavasoft
2007-12-05 20:13 . 2007-12-05 20:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-05 15:53 . 2007-12-05 15:53 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-05 15:53 . 2007-12-05 15:53 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-12-05 15:44 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-12-05 15:44 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-12-05 15:42 . 2007-12-05 15:42 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
2007-12-05 15:42 . 2007-12-05 15:42 <REP> d-------- C:\Program Files\Common Files
2007-12-05 15:28 . 2007-12-05 15:29 79,868 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-12-05 15:28 . 2007-12-05 16:48 40,737 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-01 18:19 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-01 18:18 . 2007-12-01 18:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-01 18:15 . 2007-12-08 15:04 <REP> d-------- C:\Program Files\Windows Live
2007-12-01 18:15 . 2007-12-01 18:16 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-01 18:15 . 2007-12-08 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-01 13:08 . 2007-12-01 13:08 <REP> d-------- C:\Program Files\SAGEM Wi-Fi USB 802.11g
2007-12-01 13:08 . 2007-12-01 13:08 <REP> d-------- C:\Program Files\SAGEM
2007-12-01 13:08 . 2005-07-13 16:38 81,920 --a------ C:\WINDOWS\system32\ZDPN50.dll
2007-12-01 13:08 . 2005-07-13 16:38 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.sys
2007-12-01 13:07 . 2005-07-13 16:37 260,608 --a------ C:\WINDOWS\system32\drivers\WlanUZXP.sys
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmpF9CB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp3EBB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp22CB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp08CB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp06CB2.FOT
2007-12-01 11:40 . 2007-07-19 01:39 490,776 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2007-11-30 19:30 . 2007-11-30 19:30 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-30 19:30 . 2007-11-30 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2007-11-28 15:00 . 2007-11-28 15:00 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-11-28 15:00 . 2007-12-08 18:03 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-28 15:00 . 2007-11-28 15:00 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-11-28 14:57 . 2007-11-28 14:57 <REP> d-------- C:\Program Files\Aspyr Media, Inc
2007-11-22 19:05 . 2007-11-22 19:05 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-11-22 19:05 . 2007-11-22 19:07 18,043 --a------ C:\WINDOWS\War3Unin.dat
2007-11-22 19:05 . 2007-11-22 19:05 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-11-22 19:02 . 2007-11-24 11:39 <REP> d-------- C:\Program Files\Warcraft III
2007-11-21 19:58 . 2007-11-21 20:07 <REP> d-------- C:\Program Files\Yahoo!
2007-11-17 11:18 . 2007-11-28 15:40 <REP> d-------- C:\Program Files\THQ
2007-11-15 18:23 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-15 18:23 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-15 18:23 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-15 18:23 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 15:54 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-08 14:37 --------- d-----w C:\Program Files\Lx_cats
2007-12-08 14:06 --------- d-----w C:\Program Files\MSN Messenger
2007-12-07 19:15 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2007-12-05 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-01 12:17 --------- d-----w C:\Program Files\Wanadoo
2007-12-01 12:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 18:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-28 14:55 --------- d-----w C:\Program Files\OpenOffice.org 2.2
2007-11-28 14:50 --------- d-----w C:\Program Files\EA GAMES
2007-11-28 14:43 --------- d-----w C:\Program Files\America's Army Server Manager
2007-11-28 14:43 --------- d-----w C:\Program Files\America's Army
2007-11-28 14:39 --------- d-----w C:\Program Files\CamStudio
2007-11-10 14:37 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-06 12:20 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\gtk-2.0
2007-11-01 15:36 --------- d-----w C:\Program Files\iWebAlbum
2007-10-25 16:07 --------- d-----w C:\Program Files\Sierra On-Line
2007-10-20 13:12 --------- d-----w C:\Program Files\iTunes
2007-10-20 13:12 --------- d-----w C:\Program Files\iPod
2007-10-20 08:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\vlc
2007-10-18 15:43 --------- d-----w C:\Program Files\Opera
2007-10-18 15:40 --------- d-----w C:\Program Files\adslTV
2007-10-17 12:51 --------- d-----w C:\Program Files\Java
2007-10-17 12:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Leadertech
2007-10-15 15:51 --------- d-----w C:\Program Files\GIMP-2.0
2007-10-15 14:25 --------- d-----w C:\Program Files\The Learning Company
2007-10-14 13:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Notepad++
2007-10-14 12:32 --------- d-----w C:\Program Files\Notepad++
2007-09-30 16:52 157 ----a-w C:\UnInstall.dat
2007-09-30 14:45 545,280 ----a-w C:\WINDOWS\flashax.exe
2007-09-30 14:45 12,288 ----a-w C:\WINDOWS\impborl.dll
2007-09-10 06:46 3,355,255 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2006-06-16 19:29 13,878 ----a-w C:\Documents and Settings\Administrateur\Menu Démarrer.zip
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-10 19:52 303104 --a------ C:\WINDOWS\system32\adssite_sidebar.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02]
"Tweak UI"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 15:21]
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 01000000
"NoRecentDocsHistory"= 01000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
   C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-06-08 17:19 94208 --a------ C:\Program Files\Lexmark 2300 Series\ezprint.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
   C:\Program Files\Lexmark Fax Solutions\fm3032.exe /s
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 13:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
   C:\Program Files\Logitech\QuickCam\Quickcam.exe /hide
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2007-02-06 16:43 252704 --a--c--- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
2005-05-05 00:24 200704 --a------ C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
   C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
   C:\Program Files\QuickTime\QTTask.exe -atboottime
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
   C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe  -osboot
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
   C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
   C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
   C:\PROGRA~1\Wanadoo\Watch.exe
 
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-09-21 17:21:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------  
 
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qbvngrxx69774D3.dll
.
**************************************************************************
 
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 17:06:19
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...
 
scanning hidden autostart entries ...
 
scanning hidden files ...
 
scan completed successfully  
hidden files: 0  
 
**************************************************************************
.
Completion time: 2007-12-11 17:07:32 - machine was rebooted
.
 --- E O F ---
 
 
 
Et le rapport Hijackthis:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\MATTHIEU\HiJackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112w.bay112.mail.live.com [...] nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
--
End of file - 8032 bytes
 
 
 
 
Merci  

Bonjour
 
 
Copie (Ctrl+C) le texte ci-dessous :
 
File::
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe  
C:\WINDOWS\system32\adssite_sidebar.dll  
C:\WINDOWS\system32\adssite-remove.exe  
C:\WINDOWS\system32\rightonadz-uninst.exe  
C:\WINDOWS\flashax.exe  
C:\WINDOWS\impborl.dll  
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qbvngrxx69774D3.dll
 
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]  
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]  
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}]
 
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt
 

 
Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Re,
 
Voici le contenu du scan:
 
ComboFix 07-12-09.1 - Matthieu 2007-12-11 17:33:14.2 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.106 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\MATTHIEU\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\MATTHIEU\CFScript.txt
 * Created a new restore point
 
FILE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qbvngrxx69774D3.dll
C:\WINDOWS\flashax.exe
C:\WINDOWS\impborl.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\system32\rightonadz-uninst.exe
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qbvngrxx69774D3.dll
C:\WINDOWS\flashax.exe
C:\WINDOWS\impborl.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\system32\rightonadz-uninst.exe
 
.
(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2007-11-11 to 2007-12-11  ))))))))))))))))))))))))))))))))))))
.
 
2007-12-09 11:31 . 2007-12-09 14:05 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-09 11:31 . 2007-12-09 11:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC Tools
2007-12-09 11:31 . 2007-12-09 11:32 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-09 11:31 . 2007-12-09 11:32 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-09 11:31 . 2007-12-09 11:32 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-09 11:31 . 2007-12-09 11:32 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-08 18:03 . 2007-12-08 18:03 <REP> d-------- C:\Program Files\Tomb Raider - Anniversary Demo
2007-12-08 14:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-07 19:03 . 2007-12-07 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-07 19:03 . 2007-12-07 19:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-12-07 19:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-06 19:32 . 2007-12-08 12:37 <REP> d-------- C:\Program Files\Trend Micro
2007-12-06 17:23 . 2007-12-07 20:14 <REP> d-------- C:\Program Files\Lavasoft
2007-12-05 20:13 . 2007-12-05 20:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-05 15:53 . 2007-12-05 15:53 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-05 15:53 . 2007-12-05 15:53 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-12-05 15:44 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-12-05 15:44 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-12-05 15:42 . 2007-12-05 15:42 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
2007-12-05 15:42 . 2007-12-05 15:42 <REP> d-------- C:\Program Files\Common Files
2007-12-01 18:19 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-01 18:18 . 2007-12-01 18:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-01 18:15 . 2007-12-08 15:04 <REP> d-------- C:\Program Files\Windows Live
2007-12-01 18:15 . 2007-12-01 18:16 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-01 18:15 . 2007-12-08 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-01 13:08 . 2007-12-01 13:08 <REP> d-------- C:\Program Files\SAGEM Wi-Fi USB 802.11g
2007-12-01 13:08 . 2007-12-01 13:08 <REP> d-------- C:\Program Files\SAGEM
2007-12-01 13:08 . 2005-07-13 16:38 81,920 --a------ C:\WINDOWS\system32\ZDPN50.dll
2007-12-01 13:08 . 2005-07-13 16:38 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.sys
2007-12-01 13:07 . 2005-07-13 16:37 260,608 --a------ C:\WINDOWS\system32\drivers\WlanUZXP.sys
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmpF9CB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp3EBB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp22CB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp08CB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp06CB2.FOT
2007-12-01 11:40 . 2007-07-19 01:39 490,776 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2007-11-30 19:30 . 2007-11-30 19:30 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-30 19:30 . 2007-11-30 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2007-11-28 15:00 . 2007-11-28 15:00 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-11-28 15:00 . 2007-12-08 18:03 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-28 15:00 . 2007-11-28 15:00 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-11-28 14:57 . 2007-11-28 14:57 <REP> d-------- C:\Program Files\Aspyr Media, Inc
2007-11-22 19:05 . 2007-11-22 19:05 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-11-22 19:05 . 2007-11-22 19:07 18,043 --a------ C:\WINDOWS\War3Unin.dat
2007-11-22 19:05 . 2007-11-22 19:05 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-11-22 19:02 . 2007-11-24 11:39 <REP> d-------- C:\Program Files\Warcraft III
2007-11-21 19:58 . 2007-11-21 20:07 <REP> d-------- C:\Program Files\Yahoo!
2007-11-17 11:18 . 2007-11-28 15:40 <REP> d-------- C:\Program Files\THQ
2007-11-15 18:23 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-15 18:23 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-15 18:23 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-15 18:23 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 15:54 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-08 14:37 --------- d-----w C:\Program Files\Lx_cats
2007-12-08 14:06 --------- d-----w C:\Program Files\MSN Messenger
2007-12-07 19:15 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2007-12-05 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-01 12:17 --------- d-----w C:\Program Files\Wanadoo
2007-12-01 12:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 18:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-28 14:55 --------- d-----w C:\Program Files\OpenOffice.org 2.2
2007-11-28 14:50 --------- d-----w C:\Program Files\EA GAMES
2007-11-28 14:43 --------- d-----w C:\Program Files\America's Army Server Manager
2007-11-28 14:43 --------- d-----w C:\Program Files\America's Army
2007-11-28 14:39 --------- d-----w C:\Program Files\CamStudio
2007-11-06 12:20 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\gtk-2.0
2007-11-01 15:36 --------- d-----w C:\Program Files\iWebAlbum
2007-10-25 16:07 --------- d-----w C:\Program Files\Sierra On-Line
2007-10-20 13:12 --------- d-----w C:\Program Files\iTunes
2007-10-20 13:12 --------- d-----w C:\Program Files\iPod
2007-10-20 08:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\vlc
2007-10-18 15:43 --------- d-----w C:\Program Files\Opera
2007-10-18 15:40 --------- d-----w C:\Program Files\adslTV
2007-10-17 12:51 --------- d-----w C:\Program Files\Java
2007-10-17 12:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Leadertech
2007-10-15 15:51 --------- d-----w C:\Program Files\GIMP-2.0
2007-10-15 14:25 --------- d-----w C:\Program Files\The Learning Company
2007-10-14 13:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Notepad++
2007-10-14 12:32 --------- d-----w C:\Program Files\Notepad++
2007-09-30 16:52 157 ----a-w C:\UnInstall.dat
2007-09-10 06:46 3,355,255 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2006-06-16 19:29 13,878 ----a-w C:\Documents and Settings\Administrateur\Menu Démarrer.zip
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
 
(((((((((((((((((((((((((((((   snapshot@2007-12-11_17.06.38.85   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-11 16:36:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_23c.dat
.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02]
"Tweak UI"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 15:21]
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 01000000
"NoRecentDocsHistory"= 01000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
   C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-06-08 17:19 94208 --a------ C:\Program Files\Lexmark 2300 Series\ezprint.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
   C:\Program Files\Lexmark Fax Solutions\fm3032.exe /s
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 13:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
   C:\Program Files\Logitech\QuickCam\Quickcam.exe /hide
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2007-02-06 16:43 252704 --a--c--- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
2005-05-05 00:24 200704 --a------ C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
   C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
   C:\Program Files\QuickTime\QTTask.exe -atboottime
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
   C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe  -osboot
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
   C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
   C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
   C:\PROGRA~1\Wanadoo\Watch.exe
 
*Newly Created Service* - ZDPNDIS5  
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-09-21 17:21:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------  
 
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qbvngrxx69774D3.dll
.
**************************************************************************
 
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 17:37:23
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...
 
scanning hidden autostart entries ...
 
scanning hidden files ...
 
scan completed successfully  
hidden files: 0  
 
**************************************************************************
.
Completion time: 2007-12-11 17:38:46 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-11 17:07
.
 --- E O F ---
 
 
Merci !