comment me débarasser virus gzmrt.dll (windows vista)
Forum Sécurité - Virus : comment me débarasser virus gzmrt.dll (windows vista)
Je n'y connais rien, mon ordi a ralenti beaucoup.
Merci
![[:arslan:1]](http://img.infos-du-net.com/forum/images/perso/1/arslan.gif "[:arslan:1]")
(RESOLU)
Message édité par picotine le 21-02-2008 à 23:11:39
ON PATIENTE ET ON N'ALERTE PAS POUR UNE AIDE !
ET ON DIT BONJOUR !
/ça c'est fait
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
Bonjour, je m'excuse je ne voulais pas du tout être brusque. Pour l'alerte c'est sûrement une erreur de ma part, je veux juste que quelqu'un soit gentil pour accepter de m'aider.
J'ai joint mon rapport. Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:10, on 2008-02-13
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\brigitte\AppData\Local\Temp\wz67f5\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1 [...] 586-jc.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7959 bytes
Re,
Désactive tes protections résidentes (antivirus, Spybot...) !
- Télécharge Combofix (sUBs) sur ton Bureau.
- Double clique sur combofix.exe afin de le lancer.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Répondre à Angeldark
merci voici le rapport,
ComboFix 08-02-14.2 - brigitte 2008-02-14
8:53:57.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1153 [GMT -4:00]
Endroit: C:\Users\brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETH21COG\ComboFix[1].exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\jusched.exe
C:\Windows\system32\x64
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 22:36 --------- d-----w C:\ProgramData\Apple Computer
2008-02-13 13:46 --------- d-----w C:\Program Files\Trend Micro
2008-02-12 23:20 --------- d-----w C:\ProgramData\Symantec
2008-02-12 23:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-12 22:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-12 22:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-12 22:53 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-12 22:53 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-12 22:53 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-12 22:53 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-12 22:53 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-12 22:53 6,656 ----a-w C:\Windows\System32\kbd106.dll
2008-02-12 22:53 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-12 22:53 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-12 22:53 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-12 22:53 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-12 22:53 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-12 22:53 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-12 22:53 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-12 22:53 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-12 22:53 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-12 22:53 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-12 22:53 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-12 22:53 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-12 22:53 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-12 22:53 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-12 22:53 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-12 22:53 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-12 22:53 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-12 22:53 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-12 22:53 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-12 22:53 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-12 22:53 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-12 22:51 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-12 22:51 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-12 22:51 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-12 22:51 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-12 22:51 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-12 22:51 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-12 22:51 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-12 22:51 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-12 22:51 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-12 22:51 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-12 22:51 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-12 22:51 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-12 22:51 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-12 22:51 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-12 22:51 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-12 22:51 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-12 22:51 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-12 22:51 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-12 22:49 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-12 22:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-12 22:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-12 22:49 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 22:49 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-12 22:39 --------- d-----w C:\Program Files\Alwil Software
2008-02-11 19:27 --------- d-----w C:\Users\brigitte\AppData\Roaming\LimeWire
2008-02-11 18:37 80,090 ----a-w C:\Windows\System32\adssite-remove.exe
2008-02-11 18:37 40,724 ----a-w C:\Windows\System32\rightonadz-uninst.exe
2008-02-11 18:20 --------- d-----w C:\Users\brigitte\AppData\Roaming\WinBatch
2008-02-10 02:51 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-10 02:49 --------- d-----w C:\Program Files\MSBuild
2008-02-10 02:49 --------- d-----w C:\Program Files\Microsoft Works
2008-02-10 02:35 --------- d-----w C:\Program Files\LimeWire
2008-02-09 02:18 102 ----a-w C:\Users\brigitte\AppData\Roaming\wklnhst.dat
2008-02-08 00:47 --------- d-----w C:\Users\brigitte\AppData\Roaming\Template
2008-02-07 21:21 --------- d-----w C:\Program Files\QuickTime
2008-02-07 20:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 18:27 --------- d-----w C:\Program Files\Java
2008-02-03 18:10 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-02-03 18:03 --------- d-----w C:\ProgramData\LightScribe
2008-02-02 22:41 --------- d-----w C:\ProgramData\DVD Shrink
2008-02-02 20:29 --------- d-----w C:\Users\brigitte\AppData\Roaming\Roxio
2008-02-02 20:16 --------- d-----w C:\ProgramData\Roxio
2008-02-02 05:29 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
2008-01-31 20:06 --------- d-----w C:\Users\brigitte\AppData\Roaming\Apple Computer
2008-01-31 20:05 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-24 03:22 --------- d-----w C:\Program Files\OLYMPUS
2008-01-24 03:17 --------- d-----w C:\ProgramData\WinZip
2008-01-23 02:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-22 19:14 --------- d-----w C:\Program Files\Bonjour
2008-01-22 19:13 --------- d-----w C:\ProgramData\Apple
2008-01-22 19:13 --------- d-----w C:\Program Files\Apple Software Update
2008-01-18 00:11 --------- d-----w C:\Users\brigitte\AppData\Roaming\Hewlett-Packard
2008-01-10 04:10 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 04:10 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 03:13 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 03:13 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-10 03:12 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 01:37 --------- d-----w C:\ProgramData\Xerox
2008-01-10 01:00 --------- d-----w C:\ProgramData\OLYMPUS
2008-01-10 00:57 --------- d-----w C:\ProgramData\QuickTime
2008-01-10 00:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-04 09:48 --------- d---a-w C:\ProgramData\TEMP
2008-01-02 21:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-01-02 21:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-01-02 21:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-01-02 21:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-01-02 21:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:12 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 18:54 95536]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-14 16:59 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 07:06 4669440 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 08:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-09-25 01:11 54672]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 18:11 49152]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 18:54 54576]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 79224]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 15:10:02 394856]
Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-26 01:32:08 421888]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 10:52]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 05:32]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-07 10:26]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-05-04 08:43]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 04:13]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-18 00:56:05 C:\Windows\Tasks\HPCeeScheduleForbrigitte.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe HPCeeScheduleForbrigitte (null)
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 08:55:11
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-14 8:55:40
ComboFix-quarantined-files.txt 2008-02-14 12:55:38
.
2008-02-12 22:42:04 --- E O F ---
Reposte un rapport Hijackthis.
Répondre à Angeldark
voici le nouveau rapport, merci encore.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:43:22, on 2008-02-15
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\KbdStub.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Users\brigitte\AppData\Local\Temp\wze9b2\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1 [...] 586-jc.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7636 bytes
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Répondre à Angeldark
voici le résultat, merci
AntiVir PersonalEdition Classic
Report file date: 15 février 2008 15:01
Scanning for 1110678 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: PC-DE-BRIGITTE
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 18:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 17:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 20:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 17:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 19:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 18:58:01
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 18:58:01
ANTIVIR3.VDF : 7.0.2.148 201216 Bytes 2008-02-15 18:58:01
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 2008-02-15 18:58:04
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 15:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 12:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 18:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-15 18:58:04
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 12:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 17:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 12:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 16:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 17:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 17:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 14:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 15 février 2008 15:01
The scan of running processes will be started
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'FlashUtil9e.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ieuser.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'WlanCU.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'schtasks.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'jureg.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'OSD.exe' - '1' Module(s) have been scanned
Scan process 'KbdStub.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
67 processes with 67 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '17' files ).
Starting the file scan:
Begin scan in 'C:\' <HP>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <FACTORY_IMAGE>
End of the scan: 15 février 2008 15:21
Used time: 19:53 min
The scan has been done completely.
15443 Scanning directories
257666 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
257666 Files not concerned
1590 Archives were scanned
2 Warnings
10 Notes
Reposte un rapport Hijackthis.
Répondre à Angeldark
voici le rapport,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:31, on 2008-02-16
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Users\brigitte\AppData\Local\Temp\wz1a05\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: rightonads optimizer - {7D9362F8-77D8-4b29-97B5-621D550890C0} - C:\Windows\system32\gzmrt.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\Windows\system32\nsiEEE9.dll
O2 - BHO: BrowsingSoftware - {B886C1F4-D1D3-45F5-F45E-75EB024320AC} - C:\Program Files\BrowsingSoftware\BrowsingSoftware-2.dll
O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\Windows\system32\mysidesearch_sidebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [postSetupCheck] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrt.dll" DllStart
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1 [...] 586-jc.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8016 bytes
Refais un scan Combofix.
Répondre à Angeldark
voici le nouveau rapport combofix
ComboFix 08-02-17.2 - brigitte 2008-02-17 10:27:22.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1186 [GMT -4:00]
Endroit: C:\Users\brigitte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MT7AI1KS\ComboFix[1].exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\nsiEEE9.dll
C:\Windows\system32\TEVPXCW60.DLL
C:\Windows\TDEVXCW60.DLL
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 21:49 --------- d-----w C:\Program Files\BrowsingSoftware
2008-02-16 02:51 80,090 ----a-w C:\Windows\System32\adssite-remove.exe
2008-02-16 02:51 40,724 ----a-w C:\Windows\System32\rightonadz-uninst.exe
2008-02-16 02:39 --------- d-----w C:\Users\brigitte\AppData\Roaming\LimeWire
2008-02-16 02:26 --------- d-----w C:\Users\brigitte\AppData\Roaming\TurboDemo
2008-02-16 02:10 --------- d-----w C:\Program Files\Microsoft Works
2008-02-15 18:47 --------- d-----w C:\ProgramData\Avira
2008-02-15 18:47 --------- d-----w C:\Program Files\Avira
2008-02-13 22:36 --------- d-----w C:\ProgramData\Apple Computer
2008-02-13 13:46 --------- d-----w C:\Program Files\Trend Micro
2008-02-12 23:20 --------- d-----w C:\ProgramData\Symantec
2008-02-12 23:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-12 22:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-12 22:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-12 22:51 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-12 22:49 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-12 22:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-12 22:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-12 22:49 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 22:49 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-12 22:39 --------- d-----w C:\Program Files\Alwil Software
2008-02-11 18:20 --------- d-----w C:\Users\brigitte\AppData\Roaming\WinBatch
2008-02-10 02:51 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-10 02:49 --------- d-----w C:\Program Files\MSBuild
2008-02-10 02:35 --------- d-----w C:\Program Files\LimeWire
2008-02-09 02:18 102 ----a-w C:\Users\brigitte\AppData\Roaming\wklnhst.dat
2008-02-08 00:47 --------- d-----w C:\Users\brigitte\AppData\Roaming\Template
2008-02-07 21:21 --------- d-----w C:\Program Files\QuickTime
2008-02-07 20:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 18:27 --------- d-----w C:\Program Files\Java
2008-02-03 18:10 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-02-03 18:03 --------- d-----w C:\ProgramData\LightScribe
2008-02-02 22:41 --------- d-----w C:\ProgramData\DVD Shrink
2008-02-02 20:29 --------- d-----w C:\Users\brigitte\AppData\Roaming\Roxio
2008-02-02 20:16 --------- d-----w C:\ProgramData\Roxio
2008-02-02 05:29 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
2008-01-31 20:06 --------- d-----w C:\Users\brigitte\AppData\Roaming\Apple Computer
2008-01-31 20:05 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-24 03:22 --------- d-----w C:\Program Files\OLYMPUS
2008-01-24 03:17 --------- d-----w C:\ProgramData\WinZip
2008-01-23 02:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-22 19:14 --------- d-----w C:\Program Files\Bonjour
2008-01-22 19:13 --------- d-----w C:\ProgramData\Apple
2008-01-22 19:13 --------- d-----w C:\Program Files\Apple Software Update
2008-01-18 00:11 --------- d-----w C:\Users\brigitte\AppData\Roaming\Hewlett-Packard
2008-01-10 04:10 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 04:10 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 03:13 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 03:13 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-10 03:12 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 01:37 --------- d-----w C:\ProgramData\Xerox
2008-01-10 01:00 --------- d-----w C:\ProgramData\OLYMPUS
2008-01-10 00:57 --------- d-----w C:\ProgramData\QuickTime
2008-01-10 00:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-04 09:48 --------- d---a-w C:\ProgramData\TEMP
2008-01-02 21:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-01-02 21:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-01-02 21:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-01-02 21:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-01-02 21:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-01-02 21:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2008-01-02 21:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-01-02 21:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-01-02 20:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
2008-01-02 20:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll
2008-01-02 20:48 2,016,256 ----a-w C:\Windows\system32\drivers\igdkmd32.sys
2008-01-02 20:47 1,953,696 ----a-w C:\Windows\System32\igklg400.dll
2008-01-02 20:47 1,533,360 ----a-w C:\Windows\System32\igklg450.dll
2008-01-02 20:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll
2008-01-02 20:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
2008-01-02 20:37 184,320 ----a-w C:\Windows\System32\igfxres.dll
2008-01-02 20:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll
2008-01-02 20:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
2008-01-02 20:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
2008-01-02 20:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll
2008-01-02 20:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll
2008-01-02 20:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
2008-01-02 20:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll
2008-01-02 20:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll
2008-01-02 20:33 102,400 ----a-w C:\Windows\System32\hccutils.dll
2007-12-29 21:06 --------- d-----w C:\Program Files\TRENDnet
2007-12-23 18:33 --------- d-----w C:\Users\brigitte\AppData\Roaming\muvee Technologies
2007-12-21 14:39 10,752 ----a-w C:\Windows\System32\WhoisCL.exe
2007-12-17 22:32 174 --sha-w C:\Program Files\desktop.ini
2007-12-17 22:28 --------- d-----w C:\Program Files\Windows Calendar
2007-12-17 22:22 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-17 22:22 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-17 22:22 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-17 22:22 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-17 22:22 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-17 22:22 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-17 22:22 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-17 22:22 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-17 22:22 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-17 22:22 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-17 22:22 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2007-12-17 22:21 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-17 22:19 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-12-17 22:18 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-17 22:17 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D9362F8-77D8-4b29-97B5-621D550890C0}]
C:\Windows\system32\gzmrt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B886C1F4-D1D3-45F5-F45E-75EB024320AC}]
2007-12-30 16:48 1019904 --a------ C:\Program Files\BrowsingSoftware\BrowsingSoftware-3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:12 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 18:54 95536]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-14 16:59 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 07:06 4669440 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 08:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-09-25 01:11 54672]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 18:11 49152]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 18:54 54576]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-15 14:58 249896]
"postSetupCheck"="C:\Windows\system32\gzmrt.dll" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 15:10:02 394856]
Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-26 01:32:08 421888]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 05:32]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-07 10:26]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-05-04 08:43]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 04:13]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-18 00:56:05 C:\Windows\Tasks\HPCeeScheduleForbrigitte.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe HPCeeScheduleForbrigitte (null)
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 10:28:39
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-17 10:29:04
ComboFix-quarantined-files.txt 2008-02-17 14:29:02
ComboFix2.txt 2008-02-14 12:55:40
.
2008-02-14 17:56:28 --- E O F ---
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
Voici le rapport de combComboFix 08-02-18.1 - brigitte 2008-02-17 18:09:29.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1096 [GMT -4:00]
Endroit: C:\Users\brigitte\Desktop\ComboFix.exe
Command switches used :: C:\Users\brigitte\Desktop\CFScript.txt..txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\System32\adssite-remove.exe
C:\Windows\System32\rightonadz-uninst.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 02:39 --------- d-----w C:\Users\brigitte\AppData\Roaming\LimeWire
2008-02-16 02:26 --------- d-----w C:\Users\brigitte\AppData\Roaming\TurboDemo
2008-02-16 02:10 --------- d-----w C:\Program Files\Microsoft Works
2008-02-15 18:47 --------- d-----w C:\ProgramData\Avira
2008-02-15 18:47 --------- d-----w C:\Program Files\Avira
2008-02-13 22:36 --------- d-----w C:\ProgramData\Apple Computer
2008-02-13 13:46 --------- d-----w C:\Program Files\Trend Micro
2008-02-12 23:20 --------- d-----w C:\ProgramData\Symantec
2008-02-12 23:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-12 22:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-12 22:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-12 22:51 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-12 22:49 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-12 22:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-12 22:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-12 22:49 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 22:49 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-12 22:39 --------- d-----w C:\Program Files\Alwil Software
2008-02-11 18:20 --------- d-----w C:\Users\brigitte\AppData\Roaming\WinBatch
2008-02-10 02:51 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-10 02:49 --------- d-----w C:\Program Files\MSBuild
2008-02-10 02:35 --------- d-----w C:\Program Files\LimeWire
2008-02-09 02:18 102 ----a-w C:\Users\brigitte\AppData\Roaming\wklnhst.dat
2008-02-08 00:47 --------- d-----w C:\Users\brigitte\AppData\Roaming\Template
2008-02-07 21:21 --------- d-----w C:\Program Files\QuickTime
2008-02-07 20:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 18:27 --------- d-----w C:\Program Files\Java
2008-02-03 18:10 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-02-03 18:03 --------- d-----w C:\ProgramData\LightScribe
2008-02-02 22:41 --------- d-----w C:\ProgramData\DVD Shrink
2008-02-02 20:29 --------- d-----w C:\Users\brigitte\AppData\Roaming\Roxio
2008-02-02 20:16 --------- d-----w C:\ProgramData\Roxio
2008-02-02 05:29 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
2008-01-31 20:06 --------- d-----w C:\Users\brigitte\AppData\Roaming\Apple Computer
2008-01-31 20:05 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-24 03:22 --------- d-----w C:\Program Files\OLYMPUS
2008-01-24 03:17 --------- d-----w C:\ProgramData\WinZip
2008-01-23 02:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-22 19:14 --------- d-----w C:\Program Files\Bonjour
2008-01-22 19:13 --------- d-----w C:\ProgramData\Apple
2008-01-22 19:13 --------- d-----w C:\Program Files\Apple Software Update
2008-01-18 00:11 --------- d-----w C:\Users\brigitte\AppData\Roaming\Hewlett-Packard
2008-01-10 04:10 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 04:10 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 03:13 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 03:13 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-10 03:12 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 01:37 --------- d-----w C:\ProgramData\Xerox
2008-01-10 01:00 --------- d-----w C:\ProgramData\OLYMPUS
2008-01-10 00:57 --------- d-----w C:\ProgramData\QuickTime
2008-01-10 00:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-04 09:48 --------- d---a-w C:\ProgramData\TEMP
2008-01-02 21:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-01-02 21:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-01-02 21:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-01-02 21:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-01-02 21:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-01-02 21:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2008-01-02 21:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-01-02 21:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-01-02 20:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
2008-01-02 20:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll
2008-01-02 20:48 2,016,256 ----a-w C:\Windows\system32\drivers\igdkmd32.sys
2008-01-02 20:47 1,953,696 ----a-w C:\Windows\System32\igklg400.dll
2008-01-02 20:47 1,533,360 ----a-w C:\Windows\System32\igklg450.dll
2008-01-02 20:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll
2008-01-02 20:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
2008-01-02 20:37 184,320 ----a-w C:\Windows\System32\igfxres.dll
2008-01-02 20:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll
2008-01-02 20:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
2008-01-02 20:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
2008-01-02 20:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll
2008-01-02 20:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll
2008-01-02 20:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
2008-01-02 20:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll
2008-01-02 20:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll
2008-01-02 20:33 102,400 ----a-w C:\Windows\System32\hccutils.dll
2007-12-29 21:06 --------- d-----w C:\Program Files\TRENDnet
2007-12-23 18:33 --------- d-----w C:\Users\brigitte\AppData\Roaming\muvee Technologies
2007-12-21 14:39 10,752 ----a-w C:\Windows\System32\WhoisCL.exe
2007-12-17 22:32 174 --sha-w C:\Program Files\desktop.ini
2007-12-17 22:22 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-17 22:22 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-17 22:22 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-17 22:22 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-17 22:22 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-17 22:22 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-17 22:22 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-17 22:22 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-17 22:22 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-17 22:22 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2007-12-17 22:21 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-17 22:20 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-12-17 22:20 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-17 22:20 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-17 22:20 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-12-17 22:20 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-17 22:20 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-12-17 22:20 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-12-17 22:20 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:12 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 18:54 95536]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-14 16:59 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 07:06 4669440 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 08:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-09-25 01:11 54672]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 18:11 49152]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 18:54 54576]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-15 14:58 249896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 15:10:02 394856]
Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-26 01:32:08 421888]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 05:32]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-07 10:26]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-05-04 08:43]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 04:13]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-18 00:56:05 C:\Windows\Tasks\HPCeeScheduleForbrigitte.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe HPCeeScheduleForbrigitte (null)
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 18:10:25
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-18 18:10:54
.
2008-02-14 17:56:28 --- E O F ---
o fix
Le rapport Hidjackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:03, on 2008-02-18
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Users\brigitte\AppData\Local\Temp\wz8066\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1 [...] 586-jc.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7467 bytes
C'est mieux ?
Répondre à Angeldark
Super, je crois que tout va bien 
Il n'y a plus de fenêtre qui apparait pour le fameux gzmrt.dll
Je te suis tres reconnaissante pour l'aide apportée.
MERCI BEAUCOUP.
Pourrais-tu m'expliquer où j'ai pris ça?Je ne veux pas refaire cette erreur.
[PROBLEME RESOLU
Tout est indiqué dans le lien suivant 
- Télécharge ToolsCleaner sur ton Bureau.
- Clique sur Recherche et laisse le scan se terminer.
- Clique sur Suppression pour finaliser.
- Clique sur Quitter, pour que le rapport puisse se créer.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)
Désactive puis réactive la restauration du système : Voir aide
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer" 
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :
Répondre à Angeldark
Bonjour, je ne peux quitter ToolCleaner: Impossible de creer fichier c
TCleaner.txt acces refusé
Qu'est-ce que j'ai mal fait ?
merci alp
Lance-le en faisant clic-droit/exécuter en tant qu'administrateur
Répondre à Angeldark
voici le rapport,
-->- Recherche:
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Users\IUSR_NMPR\Desktop\HijackThis.lnk: trouvé !
---------------------------------
-->- Suppression:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Users\IUSR_NMPR\Desktop\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Pour la restauration du systeme, avec Vista je n'ai pas les mêmes
tableaux et cela n'est pas dit de la même façon. Je n'ai rien fait je ne suis pas certaine.
Merci de ta patience
C'est n'est pas grave pour la resto
Répondre à Angeldark
Peux-tu m'expliquer pourquoi quand je quitte le forum, qu'il y a une multitude de fenêtre qui souvre. Je finis par les fermer, mais c'est un peu capotant.
Merci
Des fenêtres ?
Répondre à Angeldark
Je veux dire des onglets.Celle du site souvre a répétition soit environ 25fois.
Et quand je ferme l'ordi, j'ai le message suivant:
application n'a pas réussi à s'initialiser 0xc0000142
Merci
Tu peux faire un screen ?
Répondre à Angeldark
c'est quoi un screen?
Il y a 649 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
