Infection richtx.exe et mdefense.exeRésolu/Fermé

Question

Bonjour,

J'ai été infecté il y a deux semaines par les virus richtx.exe et mdefense.exe, et j'ai depuis pas mal de problèmes avec mon PC. Tout d'abord un processus IEXPLORE.exe suspect se lance au démarrage, et il m'est impossible de lancer un antivirus résident (avg, antivir, avast) ou un firewall, ce qui rend mon ordinateur particulièrement vulnérable. Certaines applications de désinfection tels que spybot ou ComboFix ne se lancent pas non plus. Je poste ci-dessous un log hidjackthis, merci d'avance pour votre aide!

Logfile of HijackThis v1.99.1
Scan saved at 11:30:29, on 06/01/2010
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijackthis\Hijack.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.cn/cdn/browser/sidesearch/sidesearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OutpostMonitor] "C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/28292782de5fac076023/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1448.g.akamai.net/7/1448/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E127F9-6102-4315-97B7-07B4EE6485CA}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5240FB0-BC5C-4FF7-938A-E8113870BD8D}: NameServer = 192.168.1.1,192.168.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe

moment de grace · Answer

bonjour

hijackthis pas à jour

desinstalles le et supprimes 

puis



• Télécharge Random's System Information Tool (RSIT) de Random/Random. 

http://images.malwareremoval.com/random/RSIT.exe 

• Enregistre le sur ton Bureau. 

• Double clique sur RSIT.exe pour lancer l'outil. 

• Clique sur "Continue" à l'écran Disclaimer. 

• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) 

et tu devras accepter la licence. 

• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

Les rapports se trouvent à cet endroit: 
C:\rsit\info.txt 
C:\rsit\log.txt

Elpicador · Answer

Voici le rapport log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by El picador at 2010-01-06 12:15:18
Microsoft Windows XP Professionnel 
System drive C: has 36 GB (35%) free of 103 GB
Total RAM: 511 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:45, on 06/01/2010
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\El picador\Bureau\stinger1001688.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Thunderbird	hunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\El picador\Bureau\RSIT.exe
C:\Program Files	rend micro\El picador.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.cn/cdn/browser/sidesearch/sidesearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OutpostMonitor] "C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/28292782de5fac076023/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1448.g.akamai.net/7/1448/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E127F9-6102-4315-97B7-07B4EE6485CA}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5240FB0-BC5C-4FF7-938A-E8113870BD8D}: NameServer = 192.168.1.1,192.168.1.5
O18 - Protocol: offline-8876480 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe

Elpicador · Answer

Et le fichier info.txt:

info.txt logfile of random's system information tool 1.06 2010-01-06 12:11:26

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OBnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7
ero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x40c UNINSTALL
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4BB1D52-679A-4CBA-8C8D-53244F10CF71}\SETUP.EXE" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
AFPL Ghostscript 7.04-->C:\gs\uninstgs.exe "C:\gs\gs7.04\uninstal.txt"
AFPL Ghostscript Fonts-->C:\gs\uninstgs.exe "C:\gs\fonts\uninstal.txt"
Analyseur et SDK XML Microsoft-->MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant Publication de sites Web Microsoft 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
ASUS Probe V2.20.03-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
Audacity 1.3.3 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus-->C:\Program Files\Azureus\Uninstall.exe
BeatJam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB249D2C-2B03-412F-B7FE-C8B1F5CD5A95}\Setup.exe" -l0x9 UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
Complément MSN pour Windows Messenger-->rundll32.exe "C:\Program Files\Messenger\MSGSC.dll",UnregisterMSNExt
ConvertXtoDVD 3.3.0.96-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]-->C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
Correctif Windows XP - Article Base de Connaissances 834707-->C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\spuninst\spuninst.exe
Correctif Windows XP - KB823559-->C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
Correctif Windows XP - KB824141-->C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
Correctif Windows XP - KB824146-->C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
Correctif Windows XP - KB825119-->C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe
Correctif Windows XP - KB828028-->C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe
Correctif Windows XP - KB828035-->C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
Correctif Windows XP - KB828741-->C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
Correctif Windows XP - KB833987-->C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe
Correctif Windows XP - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
Correctif Windows XP - KB837001-->C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
Correctif Windows XP - KB839645-->C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe
Correctif Windows XP - KB840315-->C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe
Correctif Windows XP - KB840374-->C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe
Correctif Windows XP - KB840987-->C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe
Correctif Windows XP - KB841356-->C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe
Correctif Windows XP - KB841533-->C:\WINDOWS\$NtUninstallKB841533$\spuninst\spuninst.exe
Correctif Windows XP - KB841873-->C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe
Correctif Windows XP - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Correctif Windows XP - KB873376-->C:\WINDOWS\$NtUninstallKB873376$\spuninst\spuninst.exe
Correctif Windows XP - KB887811-->C:\WINDOWS\$NtUninstallKB887811$\spuninst\spuninst.exe
Correctif Windows XP - KB887822-->C:\WINDOWS\$NtUninstallKB887822$\spuninst\spuninst.exe
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Subtitle Displayer 4.54-->"C:\Program Files\DivX Subtitle Displayer\unins000.exe"
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Divxpack (remove only)-->"C:\Program Files\Divxpack\uninstall.exe"
EAGLE 5.6.0-->cmd.exe /c start "EAGLE Uninstaller" /min "C:\Program Files\EAGLE-5.6.0\bin\uninstall.bat" C:\Program Files\EAGLE-5.6.0\bin
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Easy Video Splitter 1.28-->"C:\Program Files\Easy Video Splitter\unins000.exe"
eMule-->"C:\Program Files\laMule\Uninstall.exe"
ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
Google Earth-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9  -removeonly
GSview 4.8-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
GTK+ 2.8.9 runtime environment-->"C:\Program Files\Fichiers communs\GTK\2.0\unins000.exe"
Hackman Hex Editor-->"C:\Program Files\Hackman\Uninstall.exe" "C:\Program Files\Hackman\install.log"
HijackThis 1.99.1-->C:\Mes téléchargements\mozilla\HijackThis.exe /uninstall
HouseCall 6.6-->"C:\Documents and Settings\El picador\Application Data\HouseCall 6.6\uninstaller.exe"
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel iTouch de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x40c  UNINSTALL
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Logitech MouseWare 9.61 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x40c -l040c UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam-->MsiExec.exe /I{A488D63E-B3DD-4423-892F-2F2EC8909518}
Logitech Resource Center-->C:\PROGRA~1\Logitech\RESOUR~1em\UNWISE.EXE /s C:\PROGRA~1\Logitech\RESOUR~1em\INSTALL.LOG
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x40c mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x40c mmUninstall
Madrics Superbox Pro and Superbox3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E6CF6037-E6E8-4D84-8427-216306B32DB2}\setup.exe" -l0x9  -removeonly
Magic DVD Ripper V5.2.1 build 8-->"C:\Program Files\MagicDVDRipper\unins000.exe"
MaxTV Online-->"C:\WINDOWS\MaxTV Online\uninstall.exe" "/U:C:\Program Files\MaxTV Online\Uninstall\uninstall.xml"
MeuhMeuhTV 3.0.0.5-->"C:\Program Files\MeuhMeuhTV\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! pour Windows XP-->MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual Studio 6.0 Édition Entreprise (Français)-->"C:\Program Files\Microsoft Visual Studio\Common\Setup\1036\Setup.exe"
MiKTeX-->"C:\Program Files\MiKTeX\miktex\bin\copystart.exe" "C:\Program Files\MiKTeX\miktex\config\uninstall.dat"
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla (1.7.8) (fr)-->C:\WINDOWS\MozillaUninstall.exe /ua "1.7.8 (fr)"
Mozilla Firefox (3.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSIDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
Music Visualizer Library 1.4.00-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x40c 
Nero 7 Demo-->MsiExec.exe /I{C93369CB-B4E9-E095-9289-E6B5AE941036}
NoAdware v3.0-->"C:\Program Files\NoAdware3\unins000.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Display Driver-->C:\WINDOWS\System32
vudisp.exe Uninstall C:\WINDOWS\System32
vdisp.nvu,NVIDIA Display Driver
OpenMG Limited Patch 3.3-03-04-28-01-->C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix3.3-03-04-28-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3AD83857-257F-4DCB-8451-55012C9E0F55}\SETUP.EXE" -l0x40c UNINSTALL
OpenOffice.org 2.3-->MsiExec.exe /I{417E90DF-A9C4-43C4-90D9-FD7F107B68DB}
Outlook Express Q823353-->C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf
Outpost Firewall 2009-->"C:\Program Files\Agnitum\Outpost Firewall\unins000.exe"
Package du correctif Windows XP [voir Q329115 pour plus de détails]-->C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe
PDFCreator-->MsiExec.exe /I{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
Pilotes NVIDIA nForce pour Windows 2000/XP-->rundll32.exe C:\WINDOWS\System32\NVNFINST.DLL,NvUninstallCrush
Pinnacle PCTV-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C02ED4F-46B0-4E9E-87F7-47AEBA4031C8}\Setup.exe" -l0x40c -L0x40c UNINSTALL
Plug-in ma messagerie vocale Orange-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACBD0110-F243-11D4-BCEE-00104B1CB360}\Setup.exe" -l0x40c --AddRemove
Pro Evolution Soccer 6-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1036 
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealOne Player-->C:\Program Files\Fichiers communs\Real\Update_OBnuninst.exe RealNetworks|RealPlayer|6.0
Scilab 2.7.2-->"C:\Program Files\Scilab-2.7.2\unins000.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype™ 1.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Songbird 1.0.0 (20081124)-->"C:\Program Files\Songbird\Songbird-Uninstall.exe"
SopCast 1.1.1-->C:\Program Files\SopCast\uninst.exe
SoulSeek 157 NS 13c-->"C:\Program Files\SoulseekNS\uninstall.exe"
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StationRipper 2.50-->C:\Program Files\Ratajik Software\StationRipper\uninstall-StationRipper.exe
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Super DVD Ripper (remove only)-->"C:\Program Files\Super DVD Ripper\sdvd-uninst.exe"
TeXnicCenter Version 1 Beta 6.31 (Firenze)-->"C:\Program Files\TeXnicCenter\unins000.exe"
TexPoint 2.0.3-->MsiExec.exe /I{CAF79E64-F62A-499E-A282-E427CC5497A2}
The GIMP 2.2.10-->"C:\Program Files\GIMP-2.0\unins000.exe"
TVAnts 1.0-->C:\PROGRA~1	vants\UNWISE.EXE C:\PROGRA~1	vants\INSTALL.LOG
TVUPlayer 2.4.7.2-->C:\Program Files\TVUPlayer\uninst.exe
Veetle TV 0.9.15-->C:\Program Files\Veetle\UninstallVeetleTV.exe
VirtualDub 1.6.9 Fr-->C:\Program Files\VirtualDub\UnInstall_VirtualDub.exe
VisSim v7.0-->C:\VisSim70\unwise.exe C:\VisSim70\vissim70.log
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Application Compatibility Update[Q319580]-->C:\WINDOWS\$NtUninstallQ319580$\spuninst\spuninst.exe
Windows XP Hotfix - KB821557-->C:\WINDOWS\$NtUninstallKB821557$\spuninst\spuninst.exe
Windows XP Hotfix - KB823182-->C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe
Windows XP Hotfix - KB824105-->C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q309521 for more information]-->C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q311889 for more information]-->C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q311967 for more information]-->C:\WINDOWS\$NtUninstallQ311967$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q312370 for more information]-->C:\WINDOWS\$NtUninstallQ312370$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q313450 for more information]-->C:\WINDOWS\$NtUninstallQ313450$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q314862 for more information]-->C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q315000 for more information]-->C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q315403 for more information]-->C:\WINDOWS\$NtUninstallQ315403$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q317277 for more information]-->C:\WINDOWS\$NtUninstallQ317277$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q318138 for more information]-->C:\WINDOWS\$NtUninstallQ318138$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q323172 for more information]-->C:\WINDOWS\$NtUninstallQ323172$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q324096 for more information]-->C:\WINDOWS\$NtUninstallQ324096$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q324380 for more information]-->C:\WINDOWS\$NtUninstallQ324380$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q326830 for more information]-->C:\WINDOWS\$NtUninstallQ326830$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q328940 for more information]-->C:\WINDOWS\$NtUninstallQ328940$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329048 for more information]-->C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329390 for more information]-->C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329441 for more information]-->C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329834 for more information]-->C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q810833-->C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q811493-->C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q815021-->C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q817606-->C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
WinSCP 4.1.7-->"C:\Program Files\WinSCP\unins000.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

=====HijackThis Backups=====

O18 - Protocol: bwf0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw20 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw-0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwt0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw00s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwr0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bws0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwh0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwm0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwb0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [2007-05-28]
O18 - Protocol: bw80 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwk0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw90 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwn0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwf0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwy0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwc0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw90s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwx0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw30s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw70 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwk0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwc0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwb0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwi0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwp0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw40 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwi0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwq0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwd0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwg0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwo0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O2 - BHO: (no name) - {4D849D71-BABD-9320-AC43-67A172FD6EC4} - (no file) [2007-05-28]
O18 - Protocol: bwe0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwz0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw60 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwm0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwo0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwa0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw10 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bww0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwh0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwz0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw30 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw+0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bws0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwn0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw00 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank [2007-05-28]
O18 - Protocol: bw50s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwr0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwq0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwd0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw50 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwl0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwv0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwj0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O23 - Service: Norton AntiVirus Auto Protection (autopro) - Unknown owner - C:\WINDOWS\System32
avap32.exe" -service (file missing) [2007-05-28]
O18 - Protocol: bwy0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw20s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwg0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw70s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwj0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwe0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwt0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwp0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw10s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwl0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank [2007-05-28]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank [2007-05-28]
O18 - Protocol: bwu0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw60s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank [2007-05-28]
O18 - Protocol: bwx0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw-0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw40s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bww0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw+0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwu0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwv0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bw80s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O18 - Protocol: bwa0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2007-05-28]
O23 - Service: System Loader (Sysload) - Unknown owner - C:\WINDOWS\System32\systems.exe" -service (file missing) [2007-05-28]
O23 - Service: Windows Mini-Notepad (minpad) - Unknown owner - C:\WINDOWS\System32\windows-pad.exe" -service (file missing) [2007-05-28]
O23 - Service: Windos Video Link (WVL) - Unknown owner - C:\WINDOWS\System32\video_lnk32.exe" -service (file missing) [2007-05-28]
O23 - Service: Monitor (Monitor service) - Unknown owner - C:\WINDOWS\System32\explore.exe" -service (file missing) [2007-05-29]
O23 - Service: Network Service Manager (NSM) - Unknown owner - C:\WINDOWS\System32
etsvc.exe" -service (file missing) [2007-05-29]
O23 - Service: Windows Mini-Notepad (minpad) - Unknown owner - C:\WINDOWS\System32\windows-pad.exe" -service (file missing) [2007-05-29]
O23 - Service: Windows Mini-Notepad (minpad) - Unknown owner - C:\WINDOWS\System32\windows-pad.exe" -service (file missing) [2007-05-29]
O23 - Service: Network Service Manager (NSM) - Unknown owner - C:\WINDOWS\System32
etsvc.exe" -service (file missing) [2007-05-29]
O23 - Service: Monitor (Monitor service) - Unknown owner - C:\WINDOWS\System32\explore.exe" -service (file missing) [2007-05-29]
O23 - Service: Network Service Manager (NSM) - Unknown owner - C:\WINDOWS\System32
etsvc.exe" -service (file missing) [2007-05-29]
O23 - Service: Network Service Manager (NSM) - Unknown owner - C:\WINDOWS\System32
etsvc.exe" -service (file missing) [2007-05-29]

======Hosts File======

127.0.0.1 update.asdf.cn
127.0.0.1 msg.asdf.com
127.0.0.1 update.asdf.cn
127.0.0.1 msg.asdf.com
127.0.0.1 update.asdf.cn
127.0.0.1 msg.asdf.com
127.0.0.1 update.asdf.cn
127.0.0.1 msg.asdf.com

======System event log======

Computer Name: STEVEN
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 145125
Source Name: Service Control Manager
Time Written: 20091107151606.000000+060
Event Type: Informations
User: 

Computer Name: STEVEN
Event Code: 7036
Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution.

Record Number: 145124
Source Name: Service Control Manager
Time Written: 20091107151606.000000+060
Event Type: Informations
User: 

Computer Name: STEVEN
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 145123
Source Name: Service Control Manager
Time Written: 20091107151606.000000+060
Event Type: Informations
User: STEVEN\El picador

Computer Name: STEVEN
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

Record Number: 145122
Source Name: Service Control Manager
Time Written: 20091107151606.000000+060
Event Type: Informations
User: 

Computer Name: STEVEN
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

Record Number: 145121
Source Name: Service Control Manager
Time Written: 20091107151606.000000+060
Event Type: Informations
User: 

=====Application event log=====

Computer Name: STEVEN
Event Code: 2001
Message: Le service EAPOL a été démarré correctement

Record Number: 9742
Source Name: EAPOL
Time Written: 20071129094805.000000+060
Event Type: Informations
User: 

Computer Name: STEVEN
Event Code: 101
Message: msnmsgr (2264) Le moteur de base de données est arrêté.


Record Number: 9741
Source Name: ESENT
Time Written: 20071129015629.000000+060
Event Type: Informations
User: 

Computer Name: STEVEN
Event Code: 103
Message: msnmsgr (2264) \.\C:\Documents and Settings\El picador\Local Settings\Application Data\Microsoft\Messenger\elpicador@voila.fr\SharingMetadata\Working\database_E8E0_FA51_E0FA_258A\dfsr.db: Le moteur de base de données a arrêté une instance (0).


Record Number: 9740
Source Name: ESENT
Time Written: 20071129015629.000000+060
Event Type: Informations
User: 

Computer Name: STEVEN
Event Code: 102
Message: msnmsgr (2264) \.\C:\Documents and Settings\El picador\Local Settings\Application Data\Microsoft\Messenger\elpicador@voila.fr\SharingMetadata\Working\database_E8E0_FA51_E0FA_258A\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).


Record Number: 9739
Source Name: ESENT
Time Written: 20071129011536.000000+060
Event Type: Informations
User: 

Computer Name: STEVEN
Event Code: 100
Message: msnmsgr (2264) Le moteur de base de données 5.01.2600.0000 est démarré.


Record Number: 9738
Source Name: ESENT
Time Written: 20071129011536.000000+060
Event Type: Informations
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Adaptec Shared\System;C:\Program Files\Fichiers communs\GTK\2.0\bin
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


Merci!!

moment de grace · Answer

ok


Attention, avant de commencer, lit attentivement la procédure, et imprime la 

Télécharge ComboFix de sUBs en le renommant PICA.exe avant de l’enregistrer sur ton Bureau : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\ 
(si tu ne pouvais pas, continues)

---> Double-clique sur ComboFix.exe 
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter 

SURTOUT INSTALLES LA CONSOLE DE RECUPERATION 
(si il te le propose remets provisoirement internet)

---> Mets-le en langue française F 
Tape sur la touche 1 (Yes) pour démarrer le scan. 

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC 

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu 

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\ 

Note : Le rapport se trouve également là : C:\ComboFix.txt

Elpicador · Answer

Ok, voilà c'est fait, il m'a supprimé un certain nombres de fichiers et avast s'est enfin lancé au démarrage:

ComboFix 10-01-04.01 - El picador 06/01/2010  13:11:27.1.1 - x86
Microsoft Windows XP Professionnel  5.1.2600.0.1252.33.1036.18.511.289 [GMT 1:00]
Lancé depuis: c:\documents and settings\El picador\Bureau\PICA.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\El picador\Application Data\inst.exe
C:\LOG.TXT
C:\Thumbs.db
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\patch.exe
c:\windows\system32\drivers\H8SRTuypbxrqmny.sys
c:\windows\system32\drivers\kungsfvsoyqbfd.sys
c:\windows\system32\drivers\SKYNETextpdmlf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\H8SRTbctoswvihw.dat
c:\windows\system32\H8SRTbrerfvpefw.dll
c:\windows\system32\H8SRTielewqoerm.dll
c:\windows\system32\H8SRTnxnmfdjivc.dll
c:\windows\system32\kungsfablwhwax.dat
c:\windows\system32\kungsfbkieewbl.dll
c:\windows\system32\kungsfdcpiesru.dat
c:\windows\system32\kungsftklplmyr.dll
c:\windows\system32\musln.dll
c:\windows\System32
tSVc.ocx
c:\windows\system32\Process.exe
c:\windows\system32naph.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\srcr.dat
c:\windows\system32	mp.reg
c:\windows\system32	zhqs.dat

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Service_kungsfwkeqalqe
-------\Legacy_kungsfwkeqalqe
-------\Service_SKYNETpqjxvkse
-------\Legacy_SKYNETpqjxvkse
-------\Legacy_SYSLOAD
-------\Service_Sysload


(((((((((((((((((((((((((((((   Fichiers créés du 2009-12-06 au 2010-01-06  ))))))))))))))))))))))))))))))))))))
.

2010-01-06 11:10 . 2010-01-06 11:15	--------	d-----w-	c:\program files	rend micro
2010-01-06 11:10 . 2010-01-06 11:11	--------	d-----w-	C:sit
2010-01-06 09:52 . 2009-03-30 09:32	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-01-06 09:52 . 2009-02-13 11:28	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-01-06 09:52 . 2009-02-13 11:17	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-01-06 09:52 . 2010-01-06 09:52	--------	d-----w-	c:\program files\Avira
2010-01-06 09:52 . 2010-01-06 09:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2010-01-06 09:15 . 2010-01-06 09:15	--------	d-----w-	c:\documents and settings\El picador\Application Data\Uniblue
2010-01-03 17:25 . 2009-04-06 10:37	704384	----a-w-	c:\windows\system32\drivers\SandBox.sys
2010-01-03 17:25 . 2009-02-10 15:15	257432	----a-w-	c:\windows\system32\drivers\afwcore.sys
2010-01-03 17:23 . 2009-02-18 16:30	31128	----a-w-	c:\windows\system32\drivers\afw.sys
2010-01-03 17:23 . 2010-01-03 17:23	--------	d-----w-	c:\program files\Agnitum
2010-01-03 17:22 . 2010-01-03 17:22	--------	d-----w-	c:\documents and settings\All Users\Application Data\Agnitum
2010-01-03 17:06 . 2010-01-03 17:06	--------	d-----w-	c:\documents and settings\El picador\Application Data\AVG8
2009-12-23 12:51 . 2009-11-24 23:49	48560	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-12-23 12:51 . 2009-11-24 23:48	23120	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-12-23 12:51 . 2009-11-24 23:47	27408	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-12-23 12:51 . 2009-11-24 23:51	93424	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-12-23 12:51 . 2009-11-24 23:50	94160	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-12-23 12:51 . 2009-11-24 23:50	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-12-23 12:51 . 2009-11-24 23:47	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-12-23 12:51 . 2009-11-24 23:54	1280480	----a-w-	c:\windows\system32\aswBoot.exe
2009-12-23 11:57 . 2009-12-23 11:57	--------	d-----w-	c:\program files\Sunbelt Software
2009-12-23 01:35 . 2010-01-06 09:10	880	----a-w-	c:\windows\system32\krl32mainweq.dll
2009-12-13 17:47 . 2009-12-13 17:47	--------	d-----w-	c:\program files\VID_0E8F&PID_3013
2009-12-13 16:04 . 2009-12-13 16:04	--------	d-----w-	c:\program files\KONAMI
2009-12-12 18:48 . 2009-12-12 18:48	--------	d-----w-	c:	emp\FrankProtocol
2009-12-12 18:48 . 2009-12-12 18:48	--------	d-----w-	c:	emp\FrankPacManager
2009-12-12 18:48 . 2009-12-12 18:48	--------	d-----w-	c:	emp\FrankMedium
2009-12-12 18:48 . 2009-12-12 18:48	--------	d-----w-	c:	emp\FrankHandler
2009-12-12 18:48 . 2009-12-12 18:48	--------	d-----w-	c:	emp\FrankFormat
2009-12-12 18:48 . 2009-12-12 18:48	--------	d-----w-	c:	emp\FrankDevice
2009-12-12 18:48 . 2009-12-12 18:48	--------	d-----w-	c:	emp\FrankContents
2009-12-12 18:48 . 2009-12-12 18:48	--------	d-----w-	c:	emp\Frank

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 12:26 . 2001-09-28 12:00	445016	----a-w-	c:\windows\system32\perfh00C.dat
2010-01-06 12:26 . 2001-09-28 12:00	63614	----a-w-	c:\windows\system32\perfc00C.dat
2010-01-06 11:37 . 2006-10-05 16:59	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-01-06 09:45 . 2004-02-11 14:38	--------	d-----w-	c:\program files\Fichiers communs\Symantec Shared
2010-01-06 09:45 . 2004-02-11 14:38	--------	d-----w-	c:\program files\Symantec
2010-01-06 09:43 . 2004-10-17 18:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
2010-01-06 09:28 . 2007-05-20 13:30	--------	d-----w-	c:\program files\CCleaner
2010-01-05 18:05 . 2007-12-06 20:57	--------	d-----w-	c:\documents and settings\El picador\Application Data\uTorrent
2009-12-22 18:33 . 2008-09-20 23:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Soulseek
2009-12-20 13:09 . 2006-03-17 07:43	--------	d-----w-	c:\program files\laMule
2009-12-13 17:47 . 2004-01-08 07:18	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-12-12 17:16 . 2007-10-04 19:45	--------	d-----w-	c:\documents and settings\El picador\Application Data\OpenOffice.org2
2009-11-30 13:37 . 2007-09-05 20:22	--------	d-----w-	c:\documents and settings\El picador\Application Data\Audacity
2008-04-15 22:20 . 2008-04-15 17:17	81920	--sha-w-	c:\program files\Thumbs.db
2006-02-23 11:39 . 2005-10-21 17:18	278528	----a-w-	c:\program files\Fichiers communs\FDEUnInstaller.exe
.

------- Sigcheck -------

[-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\wscntfy.exe

[-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\xmlprov.dll

c:\windows\System32\wscntfy.exe ... manque !!
c:\windows\System32\xmlprov.dll ... manque !!
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-20 148888]
"OutpostMonitor"="c:\program files\Agnitum\Outpost Firewall\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-05-24 28672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-09-28 13312]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Scheduler.lnk
backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
???????? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iexplore.exe]
2001-09-28 12:00	91136	----a-w-	c:\program files\Internet Explorer\IEXPLORE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-07-09 15:34	36864	----a-w-	c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2003-12-16 21:37	188416	----a-w-	c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2003-12-16 21:39	77824	----a-w-	c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-04-26 09:06	98304	----a-w-	c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2004-08-17 15:44	10039488	----a-w-	c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2007-02-05 08:11	476728	----a-w-	c:\progra~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45	313472	----a-r-	c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2002-05-29 00:59	520192	----a-w-	c:\program files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [06/01/2010 10:52 22360]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23/12/2009 13:51 114768]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [06/01/2010 10:52 45416]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [03/01/2010 18:25 704384]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [03/01/2010 18:23 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [03/01/2010 18:25 257432]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [08/01/2004 08:19 6400]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [06/01/2010 10:52 108289]
S3 NETMDSHA;MDSHA031;c:\windows\system32\drivers\MDSHA031.sys [08/06/2005 19:27 35331]
S3 vaxscsi;vaxscsi;c:\windows\System32\Drivers\vaxscsi.sys --> c:\windows\System32\Drivers\vaxscsi.sys [?]
S4 autopro;Norton AntiVirus Auto Protection;"c:\windows\System32
avap32.exe" -service --> c:\windows\System32
avap32.exe [?]
S4 minpad;Windows Mini-Notepad;"c:\windows\System32\windows-pad.exe" -service --> c:\windows\System32\windows-pad.exe [?]
S4 Monitor service;Monitor;"c:\windows\System32\explore.exe" -service --> c:\windows\System32\explore.exe [?]
S4 NSM;Network Service Manager;"c:\windows\System32
etsvc.exe" -service --> c:\windows\System32
etsvc.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/03/2006 22:27 639224]
S4 WVL;Windos Video Link;"c:\windows\System32\video_lnk32.exe" -service --> c:\windows\System32\video_lnk32.exe [?]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.google.fr
uInternet Settings,ProxyOverride = localhost
TCP: {75E127F9-6102-4315-97B7-07B4EE6485CA} = 192.168.1.1
TCP: {E5240FB0-BC5C-4FF7-938A-E8113870BD8D} = 192.168.1.1,192.168.1.5
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\El picador\Application Data\Mozilla\Firefox\Profiles\kueb3mkv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\documents and settings\El picador\Application Data\Mozilla\Firefox\Profiles\kueb3mkv.default\extensions\firefox@tvunetworks.com\plugins
pTVUAx.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6
ppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6
prjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6
prpjplug.dll
FF - plugin: c:\program files\Veetle\Player
pvlc.dll
FF - plugin: c:\program files\Veetle\plugins
pVeetle.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-TkBellExe - c:\program files\Fichiers communs\Real\Update_OBealsched.exe
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
MSConfigStartUp-ccApp - c:\program files\Fichiers communs\Symantec Shared\ccApp.exe
MSConfigStartUp-HPDJ Taskbar Utility - c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe
MSConfigStartUp-Malware Defense - c:\program files\Malware Defense\mdefense.exe
MSConfigStartUp-ppmate - c:\program files\PPMate\PPMate\ppmate.exe
MSConfigStartUp-richtx64 - c:\docume~1\ELPICA~1\LOCALS~1\Tempichtx64.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 13:26
Windows 5.1.2600  NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1212)
c:\windows\system32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

- - - - - - - > 'lsass.exe'(1280)
c:\windows\system32\RASAPI32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3400)
c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\RASAPI32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32
vsvc32.exe
c:\windows\System32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2010-01-06  13:35:48 - La machine a redémarré
ComboFix-quarantined-files.txt  2010-01-06 12:35

Avant-CF: 37 289 443 328 octets libres
Après-CF: 37 309 857 792 octets libres

WinXP_FR_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect

- - End Of File - - E223A10275E3102D5605167FE90D7189

moment de grace · Answer

ok

Téléchargez MalwareByte's Anti-Malware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe
 
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation. 
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre. 
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés. 
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur  Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. 
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. 
. Rends toi dans l'onglet rapport/log 
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous 
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller 


Si tu as besoin d'aide regarde ces tutoriels : 
 Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
 http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

Elpicador · Answer

Voilà le rapport de Malwarebytes, trois fichiers infectés ont été trouvés:

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3507
Windows 5.1.2600
Internet Explorer 6.0.2600.0000

07/01/2010 11:56:41
mbam-log-2010-01-07 (11-56-41).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 253734
Temps écoulé: 2 hour(s), 2 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{14EA523C-74F7-468C-8574-1F415A2AF27C}\RP0\A0000096.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\Mes téléchargements\MagicDVDRipper.exe (Adware.UCMore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.

moment de grace · Answer

ok

comment va le pc ?

tu peux vider la quarantaine

relancer RSIT et poster juste le rapport log

Elpicador · Answer

Le PC se porte bien, plus de IEXPLORE.exe, l'antivirus et le firewall de lancent sans problème au démarrage, tout semble rentrer dans l'ordre.

Voici le log rsit:


Logfile of random's system information tool 1.06 (written by random/random)
Run by El picador at 2010-01-07 12:28:27
Microsoft Windows XP Professionnel 
System drive C: has 34 GB (33%) free of 103 GB
Total RAM: 511 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:39, on 07/01/2010
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\El picador\Bureau\RSIT.exe
C:\Program Files	rend micro\El picador.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1448.g.akamai.net/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E127F9-6102-4315-97B7-07B4EE6485CA}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5240FB0-BC5C-4FF7-938A-E8113870BD8D}: NameServer = 192.168.1.1,192.168.1.5
O18 - Protocol: offline-8876480 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe

moment de grace · Answer

ok

o, nettoie

1)
deux d'antivirus (ou restes)

desinstaller avast

https://www.commentcamarche.net/telecharger/securite/22859-utilitaire-de-desinstallation-de-avast/

......................

2)

Cherches et cliques sur C:\Program Files	rend micro\El picador.exe
Au menu principal, choisir do a scan only, puis cocher la case devant les lignes suivantes à corriger et cliquer en bas sur Fix Checked

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install     
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"     
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')     
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')     
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1448.g.akamai.net/..
O18 - Protocol: offline-8876480 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 

........................

3)

metrre à jour windows et intenet explorer !!!!!!!!!!!!!!!

http://www.windowsupdate.com/windowsupdate/v6/default.aspx

...........................
4)

Mets à jour Adobe Reader si ce n'est pas le cas (désinstalle avant la version antérieure) 
https://get2.adobe.com/reader/otherversions/

...............


5)
IMPORTANT

Purger la restauration systeme XP

http://www.bibou0007.com/windows-xp-f101/purger-la-restauration-du-systeme-sous-windows-xp-t151.htm

............................

6)
Télécharge ToolsCleaner2sur ton Bureau. 
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer. 
* Clique sur Recherche et laisse le scan agir. 
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options Facultatives. 
* Clique sur Quitter pour obtenir le rapport. 
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Elpicador · Answer

Voilà le rapport:


[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\Combofix.txt: trouvé !
C:\HijackThis: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\El picador\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\El picador\Bureau\Rsit.exe: trouvé !
C:\Hijackthis\hijackthis.log: trouvé !
C:\Mes téléchargements\hijackthis.log: trouvé !
C:\Mes téléchargements\mozilla\HijackThis.exe: trouvé !
C:\Mes téléchargements\mozilla\hijackthis.log: trouvé !
C:\Program Files	rend micro\HijackThis.exe: trouvé !
C:\Program Files	rend micro\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !

---------------------------------
--> Suppression: 

C:\Documents and Settings\El picador\Bureau\ComboFix.exe: supprimé !
C:\Mes téléchargements\mozilla\HijackThis.exe: supprimé !
C:\Program Files	rend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\El picador\Bureau\Rsit.exe: supprimé !
C:\Hijackthis\hijackthis.log: supprimé !
C:\Mes téléchargements\hijackthis.log: supprimé !
C:\Mes téléchargements\mozilla\hijackthis.log: supprimé !
C:\Program Files	rend micro\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\WINDOWS\mbr.exe: supprimé !
C:\HijackThis: supprimé !
C:\Qoobox: supprimé !
C:\Rsit: supprimé !

Fichiers temporaires nettoyés !

moment de grace · Answer

si tout est ok


tu peux mettre le topic en resolu 
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/


Bonne continuation et surtout , prudence et bon surf :)

Elpicador · Answer

Ok, un très grand merci pour ton aide précieuse.

Infection richtx.exe et mdefense.exe

13 réponses

Discussions similaires

Newsletters