publicites intempestives

pareto · le 5 février 2008

Bonjour,

Comme beaucoup d'autres, je suis gêné par des publicités intempestives avec ouvertures de pages non demandées. Je navigue sous mozilla firefox.

je souhaiterais une aide pour l'analyse et l'éradication du problème.

Merci par avance de vos conseils et de votre aide.

Voici une copie du rapport HijackYhis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:40:10, on 05/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\UberIcon\UberIcon Manager.exe

C:\Windows\System32\VisualTaskTips.exe

C:\Program Files\styler\Styler.exe

C:\WINDOWS\system32\topdesk.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Rainlendar\Rainlendar.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

S:\eMule\emule.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"

O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe

O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe

O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s

O4 - HKLM\..\Run: [styler] C:\Program Files\styler\Styler.exe

O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe

O4 - HKLM\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--

End of file - 8065 bytes

cauxboy · le 5 février 2008

Salut

les inscriptions a supprimer sont celles ci :

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')

Logiquement tu coches les éléments puis tu cliques sur le bouton "fix checked"

Ensuite tu télécharges VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Télécharge combofix.exe

(par sUBs) et sauvegarde le sur ton bureau.

Double-clique combofix.exe afin de l'exécuter et suis les instructions.

Lorsque l'analyse sera complétée, un rapport apparaîtra.

Copie et colle le rapport dans ta prochaine réponse.

Si tu as Spybot Search and destroy. Met le a jour et lance un scan complet mais il n'apparait pas dans le rapport donc tu ne l'as pas. Cet utilitaire est pas mal pour virer les malware, spyware,.... donc tu veux tu peux te l'installer.

Relance un nouveau rapport HijackThis! et poste le a nouveau dans ta prochaine réponse

Tiens moi au courant.

pareto · le 5 février 2008

Merci de très claires instructions

Voici les 2 rapports (je dois m'absenter, donc je lirai sans doute ta réponse plus tard. Encore merci...)

1. COMBOFIX

ComboFix 08-02.05.3 - Administrateur 2008-02-05 13:26:14.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1127 [GMT 1:00]

Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

c:\Documents and Settings\Administrateur\Local Settings\Application Data\oghopxyijr.dat

C:\Documents and Settings\Administrateur\Local Settings\Application Data\oghopxyijr.exe

C:\Documents and Settings\Administrateur\Local Settings\Application Data\oghopxyijr_nav.dat

C:\Documents and Settings\Administrateur\Local Settings\Application Data\oghopxyijr_navps.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible sites infectés -----

hxxp://www.download.windowsupdate.com

.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))))))))

.

2008-02-05 13:14 . 2008-02-05 13:14 <REP> d----c--- C:\VundoFix Backups

2008-02-05 13:08 . 2008-02-05 13:08 759 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-02-05 13:04 . 2007-10-11 00:49 1,159,680 --a------ C:\WINDOWS\system32\SETD4B.tmp

2008-02-05 13:04 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\SETD52.tmp

2008-02-05 13:04 . 2007-10-11 00:49 824,832 --a------ C:\WINDOWS\system32\SETD49.tmp

2008-02-05 13:04 . 2007-10-11 00:49 232,960 --a------ C:\WINDOWS\system32\SETD4A.tmp

2008-02-05 13:04 . 2007-10-11 00:49 105,984 --a------ C:\WINDOWS\system32\SETD4C.tmp

2008-02-05 13:02 . 2006-06-02 20:32 33,792 -----c--- C:\WINDOWS\system32\dllcache\custsat.dll

2008-02-05 12:42 . 2008-02-05 12:42 <REP> d-------- C:\Program Files\Navilog1

2008-02-05 12:39 . 2008-02-05 12:39 <REP> d-------- C:\Program Files\Trend Micro

2008-02-02 17:47 . 2008-02-05 12:28 <REP> d-------- C:\Program Files\Opera

2008-02-02 17:44 . 2008-02-02 17:46 6,583,976 --a------ C:\Program Files\opera_opera_9.25_francais_18773.exe

2008-02-02 17:40 . 2008-02-02 17:40 6,849 --a------ C:\Program Files\Analog -Simple- White Clock_5003_1.0.zip

2008-02-02 17:38 . 2008-02-02 17:38 <REP> d-------- C:\Program Files\js

2008-02-02 17:38 . 2008-02-02 17:38 <REP> d-------- C:\Program Files\img

2008-02-01 08:10 . 2008-02-05 13:04 <REP> d-------- C:\WINDOWS\LastGood

2008-01-29 21:12 . 2008-01-29 21:12 <REP> d-------- C:\Program Files\MSBuild

2008-01-29 21:12 . 2008-01-29 21:12 <REP> d-------- C:\Program Files\Microsoft Works

2008-01-29 21:10 . 2008-01-29 21:10 <REP> d-------- C:\Program Files\Microsoft.NET

2008-01-29 21:08 . 2008-01-29 21:08 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8

2008-01-29 21:07 . 2008-01-29 21:11 <REP> d-------- C:\WINDOWS\SHELLNEW

2008-01-29 21:06 . 2008-01-29 21:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-01-29 21:05 . 2008-01-29 21:05 <REP> dr-h-c--- C:\MSOCache

2008-01-25 10:38 . 2008-01-25 10:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-01-25 10:38 . 2008-01-25 11:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-01-25 10:35 . 2008-01-25 10:36 7,467,056 --a------ C:\Program Files\spybot-search-destroy_spybot_-_search_destroy_1.5.1.15_francais_10965.exe

2008-01-24 17:17 . 2008-01-24 17:17 2,733,928 --a------ C:\Program Files\ccsetup204.exe

2008-01-22 19:19 . 2008-01-22 19:20 485,614 --a------ C:\Program Files\SudoPlanet_setup.exe

2008-01-20 15:36 . 2008-01-20 15:42 <REP> d-------- C:\Program Files\CDex_150

2008-01-20 15:36 . 2008-01-20 15:36 2,000,324 --a------ C:\Program Files\CDex_1.51.exe

2008-01-14 20:29 . 2008-02-01 10:05 49 --a------ C:\WINDOWS\NeroDigital.ini

2008-01-14 20:25 . 2008-01-14 20:25 <REP> d----c--- C:\Documents and Settings\Administrateur\Application Data\Ahead

2008-01-14 20:23 . 2004-03-25 08:06 1,802,240 --------- C:\WINDOWS\UNNMP.exe

2008-01-14 20:23 . 2004-04-21 07:10 52,418 --------- C:\WINDOWS\UNNMP.cfg

2008-01-14 20:20 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-01-14 20:18 . 2004-04-19 04:37 1,814,528 --------- C:\WINDOWS\UNNeroVision.exe

2008-01-14 20:18 . 2004-04-21 07:10 96,891 --------- C:\WINDOWS\UNNeroVision.cfg

2008-01-14 20:18 . 2001-03-08 19:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-01-14 20:17 . 2008-01-14 20:17 <REP> d-------- C:\Program Files\Fichiers communs\Ahead

2008-01-14 20:17 . 2008-01-14 20:23 <REP> d-------- C:\Program Files\Ahead

2008-01-14 20:17 . 2008-01-14 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead

2008-01-14 20:17 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll

2008-01-14 20:17 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll

2008-01-14 20:17 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll

2008-01-14 20:17 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-01-14 20:17 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll

2008-01-12 11:46 . 2008-01-12 11:46 125 --ahs---- C:\WINDOWS\desktop.ini

2008-01-12 11:18 . 2008-01-12 11:18 <REP> d-------- C:\Program Files\Rainlendar

2008-01-12 11:18 . 2008-01-12 11:21 <REP> d----c--- C:\Documents and Settings\Administrateur\Application Data\Rainlendar

2008-01-12 11:16 . 2006-01-22 20:35 970,835 --a------ C:\Program Files\Rainlendar-0.22.1.exe

2008-01-10 20:46 . 2008-01-10 20:46 38,497 --a------ C:\WINDOWS\BricoPackUninst.cmd

2008-01-10 20:44 . 2008-01-10 20:46 4,839 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-01-10 20:42 . 2006-05-20 17:15 17,560,979 --a------ C:\Program Files\Pack Crystal Clear 1.0.exe

2008-01-10 17:47 . 2008-01-10 17:47 725,384 --a------ C:\Program Files\WindowsXP-KB935448-x86-FRA.exe

2008-01-10 14:44 . 2008-01-10 14:44 <REP> d-------- C:\Program Files\mozilla.org

2008-01-10 14:36 . 2008-01-10 14:36 <REP> d----c--- C:\Documents and Settings\Administrateur\Application Data\Avant Profiles

2008-01-10 14:35 . 2008-01-10 14:44 <REP> d-------- C:\Program Files\Avant Browser

2008-01-10 14:28 . 2008-01-10 14:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-01-09 16:47 . 2007-11-07 10:28 728,576 -----c--- C:\WINDOWS\system32\dllcache\lsasrv.dll

2008-01-09 05:09 . 2007-10-30 18:20 360,064 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys

2008-01-08 07:29 . 2008-01-08 07:29 <REP> d-------- C:\WINDOWS\PCHea'th

2008-01-08 07:26 . 2008-01-10 20:43 <REP> d-------- C:\WINDOWS\BricoPacks

2008-01-07 13:33 . 2008-01-07 13:33 <REP> d-------- C:\Program Files\Yahoo!

2008-01-07 13:33 . 2008-01-07 13:34 <REP> d-------- C:\Program Files\CCleaner

2008-01-06 19:42 . 2008-01-20 16:07 <REP> d----c--- C:\Documents and Settings\Administrateur\Application Data\dvdcss

2008-01-06 17:15 . 2008-01-06 17:15 <REP> d--hs---- C:\WINDOWS\ftpcache

2008-01-06 16:50 . 2008-01-06 16:50 <REP> d-------- C:\Program Files\Foxit Software

2008-01-06 16:32 . 2008-01-06 16:32 45 --a------ C:\WINDOWS\system32\initdebug.nfo

2008-01-06 15:36 . 2008-01-10 20:46 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-01-06 15:34 . 2008-01-07 18:30 <REP> d-------- C:\WINDOWS\Packs

2008-01-06 13:12 . 2008-01-30 09:08 <REP> d----c--- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2

2008-01-06 13:09 . 2008-01-06 13:10 <REP> d-------- C:\Program Files\OpenOffice.org 2.3

2008-01-06 13:09 . 2008-01-06 13:09 <REP> d-------- C:\Program Files\Java

2008-01-06 13:09 . 2008-01-06 13:09 <REP> d-------- C:\Program Files\Fichiers communs\Java

2008-01-06 13:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-01-06 12:50 . 2008-01-06 12:50 <REP> d-------- C:\Program Files\VideoLAN

2008-01-06 12:50 . 2008-01-06 12:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc

2008-01-06 11:58 . 2008-01-10 14:44 10,066 --a------ C:\WINDOWS\mozver.dat

2008-01-06 10:16 . 2008-01-09 16:44 <REP> d-------- C:\Program Files\RocketDock

2008-01-06 09:48 . 2008-01-06 09:48 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI

2008-01-05 22:06 . 2008-01-06 16:08 <REP> d----c--- C:\Documents and Settings\Administrateur\Application Data\Canon

2008-01-05 22:01 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-01-05 22:00 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-01-05 21:55 . 2008-01-05 21:55 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ

2008-01-05 21:55 . 2007-03-18 21:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8S.DLL

2008-01-05 21:54 . 2008-01-05 21:54 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information

2008-01-05 21:53 . 2008-01-05 21:53 <REP> d--h----- C:\Program Files\CanonBJ

2008-01-05 21:53 . 2007-03-23 08:30 1,400,832 --a------ C:\WINDOWS\system32\CNC210C.DLL

2008-01-05 21:53 . 2007-03-19 02:16 200,704 --a------ C:\WINDOWS\system32\CNC210L.DLL

2008-01-05 21:53 . 2007-03-15 06:12 188,416 --a------ C:\WINDOWS\system32\CNC210O.DLL

2008-01-05 21:53 . 2007-03-23 08:29 98,304 --a------ C:\WINDOWS\system32\CNC210I.DLL

2008-01-05 21:52 . 2008-01-10 15:45 <REP> d-------- C:\Program Files\Canon

2008-01-05 21:46 . 2008-01-05 21:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Xentient

2008-01-05 21:43 . 2005-06-17 01:18 31,744 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-01-05 21:43 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-01-05 21:43 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-01-05 21:43 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-01-05 21:43 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-01-05 21:39 . 2004-09-17 03:17 253,440 -ra------ C:\WINDOWS\system32\drivers\Mrv8000c.sys

2008-01-05 21:09 . 2008-02-05 13:06 <REP> d--h----- C:\WINDOWS\$hf_mig$

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-02 16:18 263 ----a-w C:\Program Files\KUpTime.ini

2008-01-29 06:06 216,467 ----a-w C:\Program Files\adblock_plus-0.7.2.2-fx+fl+zm+tb.xpi

2008-01-12 10:46 125 --sha-w C:\Program Files\desktop.ini

2008-01-12 10:38 --------- d-----r C:\Program Files\Ad-Aware

2008-01-07 17:28 --------- d-----w C:\Program Files\MSN Messenger

2008-01-07 14:42 408 ----a-w C:\Program Files\style.css

2008-01-07 14:42 29,496 ----a-w C:\Program Files\screenshot.jpg

2008-01-07 14:42 2,148 ----a-w C:\Program Files\skins.css

2008-01-06 14:35 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-01-05 20:45 1,722,880 ----a-w C:\Program Files\zune-desktop-theme_zune_desktop_theme_anglais_27348.msi

2008-01-05 17:45 --------- d-----w C:\Program Files\Fichiers communs\ODBC

2008-01-05 17:12 --------- d-----w C:\Program Files\Styler

2008-01-05 17:12 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Styler

2008-01-05 16:51 --------- d-----w C:\Program Files\Fichiers communs\MSSoap

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-04-29 17:27 37,874 ----a-w C:\Program Files\Background.png

2006-10-03 01:43 2,402,550 ----a-w C:\WINDOWS\inf\SETCFA.tmp

2006-09-01 07:47 8,636 ----a-w C:\WINDOWS\Media\SETD05.tmp

2006-09-01 07:47 29,444 ----a-w C:\WINDOWS\Media\SETD08.tmp

2006-09-01 07:47 20,336 ----a-w C:\WINDOWS\Media\SETD06.tmp

2006-08-17 12:58 6,042 ----a-w C:\Program Files\clock_white_simple.swf

2006-08-17 12:57 573 ----a-w C:\Program Files\config.xml

2006-08-17 12:57 116 ----a-w C:\Program Files\index.html

2006-04-04 12:38 2,626 ----a-w C:\Program Files\Help.txt

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-12-06 17:56 25088]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2006-08-16 07:00 364544]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 08:28 16126464 C:\WINDOWS\RTHDCPL.exe]

"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 20:52 180224]

"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 15:00 36864]

"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]

"TransBar"="C:\Windows\System32\TransBar.exe" [2001-08-28 13:00 65536]

"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 10:48 307200]

"TopDesk"="C:\WINDOWS\system32\topdesk.exe" [2006-11-06 20:31 195584]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 17:50 1603152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2006-09-08 14:12 678912]

"NoIE4StubProcessing"="C:\WINDOWS\system32\reg.exe" [2004-08-04 01:55 53248]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 13:31:46 118784]

RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 21:47:48 344064]

UberIcon.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 13:20:14 180224]

Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe [2002-09-30 20:09:06 131072]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2004-08-04 13:55]

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 00:58]

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

*Newly Created Service* - APPMGMT

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-02-05 00:41:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-05 13:27:31

Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès

Les fichiers cachés: 0

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\WINDOWS\system32\topdesk.dll

-> C:\Windows\System32\VttHooks.dll

-> C:\Program Files\UberIcon\UberIcon.dll

.

Temps d'accomplissement: 2008-02-05 13:27:53

ComboFix-quarantined-files.txt 2008-02-05 12:27:45

.

2008-02-01 10:44:26 --- E O F ---

ET HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:33, on 05/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\UberIcon\UberIcon Manager.exe

C:\Windows\System32\VisualTaskTips.exe

C:\Program Files\styler\Styler.exe

C:\WINDOWS\system32\topdesk.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Rainlendar\Rainlendar.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"

O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe

O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe

O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s

O4 - HKLM\..\Run: [styler] C:\Program Files\styler\Styler.exe

O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe

O4 - HKLM\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f