Slt
tu as evidence eliminator qui est un espion: vire le!

http://www.informatiquepourtous.com/...
_____________


Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : http://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t121.htm

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

______________

telecharge smitfraudfix, lance l'option 1 et colle le rapport: http://siri.urz.free.fr/Fix/

Bonsoir jlpjlp et déjà merci...

J'ai désinstallé Evidence Eliminator (logiciel espion ??...)

J'ai installé Combofix dont voici le rapport. Je t'envoie celui de smitfraudix dès que je l'ai.

ComboFix 08-04-29.3 - Gwenaël 2008-04-30 18:33:57.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1944 [GMT 2:00]
Endroit: C:\Users\Gwenaël\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\jusched.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))))))))
.

2008-04-30 00:41 . 2008-04-30 00:41 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:26 . 2008-04-21 16:26 <REP> d-------- C:\Program Files\Windows Installer Clean Up
2008-04-21 05:58 . 2008-04-21 16:25 <REP> d-------- C:\Program Files\MSECACHE
2008-04-18 23:45 . 2008-04-18 23:45 <REP> d-------- C:\Users\All Users\Apple
2008-04-18 23:45 . 2008-04-18 23:45 <REP> d-------- C:\ProgramData\Apple
2008-04-18 23:45 . 2008-04-18 23:45 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-18 17:35 . 2008-04-18 17:35 <REP> d-------- C:\Users\Gwenaël\AppData\Roaming\NeroDCTemplates
2008-04-17 05:46 . 2008-04-17 05:46 <REP> d-------- C:\PerfLogs
2008-04-17 05:12 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-17 05:11 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-17 05:10 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-17 05:10 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-17 05:10 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-17 05:10 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-17 05:10 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-17 05:10 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-17 05:10 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-17 05:10 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-17 05:10 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-17 05:10 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-04-15 14:45 . 2008-04-15 14:45 <REP> d-------- C:\Program Files\Shareaza
2008-04-14 20:38 . 2001-06-12 01:20 28,944 --a------ C:\Windows\System32\temp.04C
2008-04-14 20:38 . 2001-08-17 00:00 22,528 --a------ C:\Windows\System32\temp.04B
2008-04-14 20:37 . 2006-11-27 15:54 433,152 --a------ C:\Windows\System32\temp.049
2008-04-14 20:37 . 2004-08-04 13:00 276,992 --a------ C:\Windows\System32\temp.04A
2008-04-14 20:37 . 2004-08-04 13:00 3,584 --a------ C:\Windows\System32\temp.048
2008-04-14 20:34 . 2001-03-13 15:53 326,656 --a------ C:\Windows\System32\temp.047
2008-04-14 20:33 . 2000-08-20 22:00 1,388,544 --a------ C:\Windows\System32\temp.046
2008-04-14 20:33 . 2001-03-13 15:47 598,288 --a------ C:\Windows\System32\temp.042
2008-04-14 20:33 . 2001-03-13 15:47 164,112 --a------ C:\Windows\System32\temp.043
2008-04-14 20:33 . 2001-03-13 15:45 147,728 --a------ C:\Windows\System32\temp.044
2008-04-14 20:33 . 2001-03-13 15:47 17,920 --a------ C:\Windows\System32\temp.045
2008-04-11 22:28 . 2008-04-20 18:59 <REP> d-------- C:\Users\Gwenaël\AppData\Roaming\Roxio
2008-04-09 02:29 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-09 02:29 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-09 02:29 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-09 02:29 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-09 02:29 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 02:29 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-09 02:29 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 02:29 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 02:29 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 02:29 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 02:26 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-09 02:25 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-09 02:25 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-09 02:25 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-04 21:37 . 2008-04-04 21:37 <REP> d-------- C:\Users\All Users\Apple Computer
2008-04-04 21:37 . 2008-04-04 21:37 <REP> d-------- C:\ProgramData\Apple Computer
2008-04-04 21:37 . 2008-04-04 21:38 <REP> d-------- C:\Program Files\QuickTime
2008-03-30 04:16 . 2005-07-05 04:09 77,472 --a------ C:\Windows\System32\drivers\U81xmgmt.sys
2008-03-30 04:15 . 2005-07-05 04:09 75,456 --a------ C:\Windows\System32\drivers\U81xobex.sys
2008-03-30 04:13 . 2005-07-05 04:09 84,480 --a------ C:\Windows\System32\drivers\U81xmdm.sys
2008-03-30 04:13 . 2005-07-05 04:09 6,144 --a------ C:\Windows\System32\drivers\U81xcmnt.sys
2008-03-30 04:13 . 2005-07-05 04:09 6,144 --a------ C:\Windows\System32\drivers\U81xcm.sys
2008-03-30 04:13 . 2005-07-05 04:09 6,064 --a------ C:\Windows\System32\drivers\U81xmdfl.sys
2008-03-30 04:12 . 2005-07-05 04:09 52,352 --a------ C:\Windows\System32\drivers\U81xbus.sys
2008-03-30 04:12 . 2005-07-05 04:09 5,744 --a------ C:\Windows\System32\drivers\U81xwhnt.sys
2008-03-30 04:12 . 2005-07-05 04:09 5,744 --a------ C:\Windows\System32\drivers\U81xwh.sys
2008-03-30 03:29 . 2008-03-30 03:29 <REP> d-------- C:\Program Files\Audacity
2008-03-29 02:24 . 2008-03-29 19:02 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-29 02:24 . 2008-03-29 19:02 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-29 02:24 . 2008-03-29 19:04 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-03-27 22:09 . 2008-01-08 14:10 98,304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE
2008-03-27 22:09 . 2007-11-14 16:18 553 --a------ C:\Windows\USetup.iss
2008-03-27 22:08 . 2008-01-15 12:26 4,874,240 --a------ C:\Windows\RtHDVCpl.exe
2008-03-27 22:08 . 2008-01-15 20:19 2,047,576 --a------ C:\Windows\System32\drivers\RTKVHDA.sys
2008-03-27 22:08 . 2007-11-07 18:31 1,191,936 --a------ C:\Windows\RtlUpd.exe
2008-03-27 22:08 . 2008-01-09 19:52 636,416 --a------ C:\Windows\System32\RtkPgExt.dll
2008-03-27 22:08 . 2007-11-13 13:35 532,480 --a------ C:\Windows\System32\RTSndMgr.cpl
2008-03-27 22:08 . 2007-07-25 10:33 135,168 --a------ C:\Windows\System32\SRSWOW.dll
2008-03-27 22:08 . 2008-01-14 17:18 29,696 --a------ C:\Windows\System32\RtkCoInst.dll
2008-03-24 17:56 . 2008-03-24 17:56 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-24 06:44 . 2008-03-24 06:44 <REP> d-------- C:\Program Files\Common Files\xing shared
2008-03-24 02:55 . 2000-08-20 22:00 1,388,544 --a------ C:\Windows\System32\temp.030
2008-03-24 02:55 . 2001-03-13 15:47 598,288 --a------ C:\Windows\System32\temp.02C
2008-03-24 02:55 . 2006-11-27 16:54 433,152 --a------ C:\Windows\System32\temp.033
2008-03-24 02:55 . 2001-03-13 15:53 326,656 --a------ C:\Windows\System32\temp.031
2008-03-24 02:55 . 2004-08-04 14:00 276,992 --a------ C:\Windows\System32\temp.034
2008-03-24 02:55 . 2001-03-13 15:47 164,112 --a------ C:\Windows\System32\temp.02D
2008-03-24 02:55 . 2001-03-13 15:45 147,728 --a------ C:\Windows\System32\temp.02E
2008-03-24 02:55 . 2001-06-12 02:20 28,944 --a------ C:\Windows\System32\temp.036
2008-03-24 02:55 . 2001-08-17 01:00 22,528 --a------ C:\Windows\System32\temp.035
2008-03-24 02:55 . 2001-03-13 15:47 17,920 --a------ C:\Windows\System32\temp.02F
2008-03-24 02:55 . 2004-08-04 14:00 3,584 --a------ C:\Windows\System32\temp.032
2008-03-24 02:49 . 2008-04-30 18:15 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-03-22 02:38 . 2000-08-20 22:00 1,388,544 --a------ C:\Windows\System32\temp.01A
2008-03-22 02:38 . 2001-03-13 15:47 598,288 --a------ C:\Windows\System32\temp.016
2008-03-22 02:38 . 2006-11-27 16:54 433,152 --a------ C:\Windows\System32\temp.01D
2008-03-22 02:38 . 2001-03-13 15:53 326,656 --a------ C:\Windows\System32\temp.01B
2008-03-22 02:38 . 2004-08-04 14:00 276,992 --a------ C:\Windows\System32\temp.01E
2008-03-22 02:38 . 2001-03-13 15:47 164,112 --a------ C:\Windows\System32\temp.017
2008-03-22 02:38 . 2001-03-13 15:45 147,728 --a------ C:\Windows\System32\temp.018
2008-03-22 02:38 . 2001-06-12 02:20 28,944 --a------ C:\Windows\System32\temp.020
2008-03-22 02:38 . 2001-08-17 01:00 22,528 --a------ C:\Windows\System32\temp.01F
2008-03-22 02:38 . 2001-03-13 15:47 17,920 --a------ C:\Windows\System32\temp.019
2008-03-22 02:38 . 2004-08-04 14:00 3,584 --a------ C:\Windows\System32\temp.01C
2008-03-18 19:04 . 2008-03-18 19:04 <REP> d-------- C:\Users\Gwenaël\AppData\Roaming\Canon
2008-03-18 19:01 . 2008-03-18 19:01 <REP> d-------- C:\Users\Gwenaël\AppData\Roaming\ArcSoft
2008-03-18 18:41 . 1997-10-14 06:19 11,776 --a------ C:\Windows\System32\pmsbfn32.dll
2008-03-18 18:41 . 2005-06-01 01:28 9,606 --a------ C:\Windows\System32\NEWSOFT
2008-03-18 18:41 . 2008-03-18 18:41 264 --a------ C:\Windows\setup.iss
2008-03-18 18:39 . 2008-03-18 18:39 <REP> d-------- C:\Windows\System32\Color
2008-03-18 18:39 . 2008-03-18 18:39 <REP> d-------- C:\Users\Gwenaël\AppData\Roaming\ScanSoft
2008-03-18 18:39 . 2008-03-18 18:39 <REP> d-------- C:\Users\All Users\ScanSoft
2008-03-18 18:39 . 2008-03-18 18:39 <REP> d-------- C:\Users\All Users\InstallShield
2008-03-18 18:39 . 2008-03-18 18:39 <REP> d-------- C:\ProgramData\ScanSoft
2008-03-18 18:39 . 2008-03-18 18:39 <REP> d-------- C:\ProgramData\InstallShield
2008-03-18 18:39 . 2008-03-18 18:39 <REP> d-------- C:\Program Files\NewSoft
2008-03-18 18:39 . 2008-03-18 18:39 <REP> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-03-18 18:39 . 2008-03-18 18:41 <REP> d-------- C:\Program Files\Common Files\PDFView
2008-03-18 18:39 . 2008-03-18 18:39 416 --a------ C:\Windows\MAXLINK.INI
2008-03-18 18:38 . 2008-03-18 18:38 <REP> d-------- C:\Program Files\ScanSoft
2008-03-18 18:37 . 2008-03-18 18:37 <REP> d-------- C:\Program Files\Common Files\CANON
2008-03-18 18:37 . 2008-03-18 18:37 <REP> d-------- C:\Program Files\ArcSoft
2008-03-18 18:37 . 1995-07-31 14:44 212,480 --a------ C:\Windows\PCDLIB32.DLL
2008-03-18 18:36 . 2008-03-18 18:36 <REP> d--h----- C:\Windows\System32\CanonIJ Uninstaller Information
2008-03-18 18:35 . 2008-03-18 18:35 <REP> d--h----- C:\Program Files\CanonBJ
2008-03-18 18:35 . 2006-07-20 17:51 1,298,432 --a------ C:\Windows\System32\CNQC4803.DLL
2008-03-18 18:35 . 2007-08-09 13:17 229,376 --a------ C:\Windows\System32\CNQL4803.DLL
2008-03-18 18:35 . 2006-06-29 16:29 106,496 --a------ C:\Windows\System32\cnqo4803.dll
2008-03-18 18:35 . 2006-07-20 17:51 57,344 --a------ C:\Windows\System32\CNQI4803.DLL
2008-03-18 18:34 . 2008-03-18 18:36 <REP> d-------- C:\Program Files\Canon

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 16:39 4,456,448 --sha-w C:\Users\Gwenaël\NTUSER.DAT
2008-04-30 16:39 4,456,448 --sha-w C:\Users\Gwenaël\NTUSER.DAT
2008-04-30 16:16 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs
2008-04-22 02:20 --------- d-----w C:\ProgramData\Symantec
2008-04-20 16:59 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\Roxio
2008-04-18 23:15 --------- d-----w C:\Program Files\Paint.NET
2008-04-18 21:47 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-18 15:35 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\NeroDCTemplates
2008-04-18 04:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 04:03 --------- d-----w C:\Program Files\LG PC Suite
2008-04-18 03:41 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\POP Peeper
2008-04-17 03:56 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Mail
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 03:28 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-17 03:28 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-16 22:34 --------- d-----w C:\Program Files\POP Peeper
2008-04-16 12:25 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-04-11 20:26 --------- d-----w C:\ProgramData\Sonic
2008-04-10 16:21 --------- d-s---w C:\Users\Gwenaël\AppData\Roaming\Microsoft
2008-04-09 04:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-29 14:44 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-27 20:08 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-27 20:08 --------- d-----w C:\Program Files\Realtek
2008-03-18 17:04 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\Canon
2008-03-18 17:01 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\ArcSoft
2008-03-18 16:39 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\ScanSoft
2008-03-18 16:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-13 23:04 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\Adobe
2008-03-10 23:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-09 00:29 --------- d-----w C:\Program Files\Google
2008-03-08 15:07 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\Real
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-03-04 00:09 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\LG Electronics
2008-02-29 15:46 --------- d-----w C:\ProgramData\Messenger Plus!
2008-02-20 17:56 118,784 ------r C:\Windows\bwUnin-7.2.0.157-8876480SL.exe
2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-19 07:36 996,352 ----a-w C:\Windows\System32\WMNetMgr.dll
2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-19 07:32 879,616 ----a-w C:\Windows\System32\Bubbles.scr
2008-01-19 07:32 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-19 07:32 5,714,432 ----a-w C:\Windows\System32\logon.scr
2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
2008-01-19 07:32 221,184 ----a-w C:\Windows\System32\Mystify.scr
2008-01-19 07:32 220,672 ----a-w C:\Windows\System32\Ribbons.scr
2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
2008-01-19 07:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
2008-01-19 07:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
2008-01-19 07:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
2008-01-19 07:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2008-01-19 07:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2008-01-19 07:30 17,920 ----a-w C:\Windows\System32\netevent.dll
2008-01-19 07:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
2008-01-19 07:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
2008-01-19 07:28 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-01-19 07:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-19 06:01 14,336 ----a-w C:\Windows\System32\tsddd.dll
2008-01-19 06:01 134,656 ----a-w C:\Windows\System32\rdpdd.dll
2008-01-19 05:52 56,320 ----a-w C:\Windows\System32\vga256.dll
2008-01-19 05:52 21,504 ----a-w C:\Windows\System32\vga64k.dll
2008-01-19 05:52 11,776 ----a-w C:\Windows\System32\framebuf.dll
2008-01-19 05:52 10,752 ----a-w C:\Windows\System32\vga.dll
2008-01-19 05:50 14,848 ----a-w C:\Windows\System32\iscsilog.dll
2008-01-19 05:49 2,048 ----a-w C:\Windows\System32\dmdskres2.dll
2008-01-19 05:48 20,992 ----a-w C:\Windows\System32\msdtcVSp1res.dll
2008-01-19 05:48 1,291,264 ----a-w C:\Windows\System32\comres.dll
2008-01-19 05:46 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-19 05:39 13,312 ----a-w C:\Windows\System32\WsmRes.dll
2008-01-19 05:39 1,536 ----a-w C:\Windows\System32\WsmCl.dll
2008-01-19 05:36 289,792 ----a-w C:\Windows\System32\atmfd.dll
2008-01-19 05:33 56,320 ----a-w C:\Windows\System32\graftabl.com
2008-01-19 05:31 8,322,048 ----a-w C:\Windows\System32\spwizimg.dll
2008-01-19 05:27 2,560 ----a-w C:\Windows\System32\bootstr.dll
2008-01-19 05:26 605,696 ----a-w C:\Windows\System32\adtschema.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 13:40 1783400]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-03-12 01:09 1429504]
"Meteo Fusion"="C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe" [2007-04-12 14:01 294912]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"Evidence Eliminator"="C:\Program Files\Evidence Eliminator\ee.exe" [ ]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\" [2008-02-20 19:56 8192]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-09 02:29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 20:31 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 16:59 115816]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 09:35 20480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-24 06:43 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-20 19:56:08 196608]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-09 02:29:27 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C811BB3A-C6BF-48F1-A9B2-9E3A25CD7478}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{EF6CA61F-9863-45F4-8549-FD48443B7E7E}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AD63F5DE-D4D5-42A6-8136-9102C7EF05E3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{0AB6ED54-0E52-40D4-9621-20AB7D749574}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{66FF50A4-40D9-4C3E-A4CD-BC4C3A933208}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{DBCB39EF-C1D7-4419-9ECE-DE15D7C52483}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{2B83BC5B-2FC0-449C-91AE-F09F87BA0CCF}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{069B212C-2947-402F-BD6A-6350E37F07BA}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{800E623B-F966-404B-BD1A-EFB2E7600C37}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15BAABF4-066D-4AC3-9084-0EA894789355}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{88CF437A-59B2-47DF-826A-CFB3369FAFDE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B14462A1-9BF8-4428-865B-2D8469B489FC}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{0244B739-83BE-4C7C-BB8F-2C5ED85337F0}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{31E4C11F-CF60-452F-88C0-0F674221F709}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6D084173-29C1-4B27-8106-794BD37F6CA7}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080429.001\IDSvix86.sys [2008-02-14 03:51]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 02:35]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-28 18:46:06 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Gwenaël.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 18:39:50
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-30 18:49:04
ComboFix-quarantined-files.txt 2008-04-30 16:48:01

Pre-Run: 86,614,179,840 octets libres
Post-Run: 85,845,536,768 octets libres

345 --- E O F --- 2008-04-26 22:40:13


Voilà... bon courage pour la recherche d'infos dans tout ça !

Merci!

Re-bonsoir!

Voici le rapport de SmitFraudFix :

SmitFraudFix v2.319

Scan done at 19:12:24,28, 30/04/2008
Run from C:\Users\Gwena‰l\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFont­Cache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Gwena‰l


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Gwena‰l\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\GWENAL~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Connexion réseau Intel(R) PRO/100
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C346D611-8134-4E60-AA6F-78F4B278F589}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C346D611-8134-4E60-AA6F-78F4B278F589}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C346D611-8134-4E60-AA6F-78F4B278F589}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Merci encore !

Redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

___________________

colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

Kaspersky en ligne
http://webscanner.kaspersky.fr/

Bonjour,

J'ai fait ce que tu as indiqué.

J'ai ensuite fait un scan avec Panda ( une heure, quand même ! :-)).

Voici le seul rapport que j'ai :
;***********************************************************­************************************************************­************************************************************­
ANALYSIS: 2008-05-01 03:18:47
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;***********************************************************­************************************************************­************************************************************­
PROTECTIONS
Description Version Active Updated
;===========================================================­============================================================­============================================================­
Norton Internet Security 2007 Yes Yes
;===========================================================­============================================================­============================================================­
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===========================================================­============================================================­============================================================­
00139535 Application/Processor HackTools No 0 Yes No C:\Users\Gwenaël\Desktop\SmitfraudFix\Process.exe
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Gwenaël\AppData\Roaming\Microsoft\Windows\Cookies\L­ow\gwenaël@xiti[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Gwenaël\AppData\Roaming\Microsoft\Windows\Cookies\L­ow\gwenaël@xiti[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Gwenaël\AppData\Roaming\Microsoft\Windows\Cookies\L­ow\gwenaël@weborama[1].txt
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Users\Gwenaël\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.­cfexe]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Users\Gwenaël\Desktop\SmitfraudFix\Reboot.exe
;===========================================================­============================================================­============================================================­
SUSPECTS
Sent Location ����!

3

;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ����!

3


Je trouve ça un peu court ... est-ce normal ?

Autre chose, pendant que Smitfraudfix était "au travail", j'ai été surpris de voir passer des éléments "Skype"... alors que je pensais avoir tout supprimé.... Bizarre ?

Merci.

Ok rien dans panda

_____________


utilise pour supprimer tes traces de surf, de skype....

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

http://www.01net.com/...

http://www.malekal.com/Procedure_Desinfection_virus.php

______________

recolle un rapport hijackhtis et essyae de remettre skype pour voir si le souci persiste

a plus

Bonjour,

CCleaner, je l'avais déjà, donc j'ai fait comme tu m'as dit de faire.

Voici le rapport de Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:42:02, on 30/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Evidence Eliminator\Ee.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [Meteo Fusion] "C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: bw+0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
End of file - 25343 bytes

Je vais tenter d'installer Skype.

Merci .

Re !

ECHEC !....

J'ai toujours le message :

"impossible d'ouvrir la clé HKEY_CURRENT_ USERS \Software\ Skype\ Phone\ UI . vérifiez que vous disposez des droits suffisants pour cette clé ou contactez votre service de support technique."

C'est quoi cette histoire de fous ?

Au fait, j'avais donc un virus ? Quel type de virus ?

Merci ...!

J'ai aussi à nouveau eu le message de Skype : "erreur 1603"...

Il reste des traces de skype


sinon: tu as toujours Evidence Eliminator (c'est un rogue)

____________


telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !



Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :




File::
C:\Program Files\Evidence Eliminator
C:\Program Files\Evidence Eliminator\ee.exe



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_________________


tu as mis le SP1 de windows: peut etre qu'il interfere avec skype
essaye de retelecharger skype qui est sorti il y a deux jours pour le remettre (désactive ton antivirus et parefeu le temps de l'installer):

http://www.01net.com/telecharger/windows/Internet/communication/fiches/27115.html

__________________

si cela persiste:


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

Kaspersky en ligne
http://webscanner.kaspersky.fr/

Re!

Voici le nouveau rapport de combofix ( j'espère avoir bien fait les choses lors du glisser/déposer...je ne suis pas sûr).

ComboFix 08-04-29.3 - Gwenaël 2008-05-01 18:48:23.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1921 [GMT 2:00]
Endroit: C:\Users\Gwenaël\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.

2008-05-01 02:10 . 2008-05-01 02:11 <REP> d-------- C:\Program Files\Panda Security
2008-05-01 02:06 . 2008-05-01 02:06 <REP> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-01 02:03 . 2008-05-01 02:03 <REP> d-------- C:\Windows\BDOSCAN8
2008-05-01 01:55 . 2008-05-01 01:55 691 --a------ C:\Users\Gwenaël\AppData\Roaming\GetValue.vbs
2008-05-01 01:55 . 2008-05-01 01:55 35 --a------ C:\Users\Gwenaël\AppData\Roaming\SetValue.bat
2008-04-30 19:12 . 2008-05-01 01:55 5,584 --a------ C:\Windows\System32\tmp.reg
2008-04-30 00:41 . 2008-04-30 00:41 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:26 . 2008-04-21 16:26 <REP> d-------- C:\Program Files\Windows Installer Clean Up
2008-04-21 05:58 . 2008-04-21 16:25 <REP> d-------- C:\Program Files\MSECACHE
2008-04-18 23:45 . 2008-04-18 23:45 <REP> d-------- C:\Users\All Users\Apple
2008-04-18 23:45 . 2008-04-18 23:45 <REP> d-------- C:\ProgramData\Apple
2008-04-18 23:45 . 2008-04-18 23:45 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-18 17:35 . 2008-04-18 17:35 <REP> d-------- C:\Users\Gwenaël\AppData\Roaming\NeroDCTemplates
2008-04-17 05:46 . 2008-04-17 05:46 <REP> d-------- C:\PerfLogs
2008-04-17 05:12 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-17 05:11 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-17 05:10 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-17 05:10 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-17 05:10 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-17 05:10 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-17 05:10 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-17 05:10 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-17 05:10 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-17 05:10 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-17 05:10 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-17 05:10 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-04-15 14:45 . 2008-04-15 14:45 <REP> d-------- C:\Program Files\Shareaza
2008-04-14 20:38 . 2001-06-12 01:20 28,944 --a------ C:\Windows\System32\temp.04C
2008-04-14 20:38 . 2001-08-17 00:00 22,528 --a------ C:\Windows\System32\temp.04B
2008-04-14 20:37 . 2006-11-27 15:54 433,152 --a------ C:\Windows\System32\temp.049
2008-04-14 20:37 . 2004-08-04 13:00 276,992 --a------ C:\Windows\System32\temp.04A
2008-04-14 20:37 . 2004-08-04 13:00 3,584 --a------ C:\Windows\System32\temp.048
2008-04-14 20:34 . 2001-03-13 15:53 326,656 --a------ C:\Windows\System32\temp.047
2008-04-14 20:33 . 2000-08-20 22:00 1,388,544 --a------ C:\Windows\System32\temp.046
2008-04-14 20:33 . 2001-03-13 15:47 598,288 --a------ C:\Windows\System32\temp.042
2008-04-14 20:33 . 2001-03-13 15:47 164,112 --a------ C:\Windows\System32\temp.043
2008-04-14 20:33 . 2001-03-13 15:45 147,728 --a------ C:\Windows\System32\temp.044
2008-04-14 20:33 . 2001-03-13 15:47 17,920 --a------ C:\Windows\System32\temp.045
2008-04-11 22:28 . 2008-04-20 18:59 <REP> d-------- C:\Users\Gwenaël\AppData\Roaming\Roxio
2008-04-09 02:29 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-09 02:29 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-09 02:29 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-09 02:29 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-09 02:29 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 02:29 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-09 02:29 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 02:29 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 02:29 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 02:29 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 02:26 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-09 02:25 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-09 02:25 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-09 02:25 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-04 21:37 . 2008-04-04 21:37 <REP> d-------- C:\Users\All Users\Apple Computer
2008-04-04 21:37 . 2008-04-04 21:37 <REP> d-------- C:\ProgramData\Apple Computer
2008-04-04 21:37 . 2008-04-04 21:38 <REP> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 16:54 4,456,448 --sha-w C:\Users\Gwenaël\NTUSER.DAT
2008-05-01 16:54 4,456,448 --sha-w C:\Users\Gwenaël\NTUSER.DAT
2008-05-01 16:33 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs
2008-05-01 02:43 --------- d-----w C:\ProgramData\Google Updater
2008-04-30 23:55 691 ----a-w C:\Users\Gwenaël\AppData\Roaming\GetValue.vbs
2008-04-30 23:55 35 ----a-w C:\Users\Gwenaël\AppData\Roaming\SetValue.bat
2008-04-30 16:15 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-04-22 02:20 --------- d-----w C:\ProgramData\Symantec
2008-04-20 16:59 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\Roxio
2008-04-18 23:15 --------- d-----w C:\Program Files\Paint.NET
2008-04-18 21:47 --------- d---a-w C:\ProgramData\TEMP
2008-04-18 21:47 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-18 15:35 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\NeroDCTemplates
2008-04-18 04:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 04:03 --------- d-----w C:\Program Files\LG PC Suite
2008-04-18 03:41 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\POP Peeper
2008-04-17 03:56 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Mail
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 03:28 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-17 03:28 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-16 22:34 --------- d-----w C:\Program Files\POP Peeper
2008-04-16 12:25 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-04-11 20:26 --------- d-----w C:\ProgramData\Sonic
2008-04-10 16:21 --------- d-s---w C:\Users\Gwenaël\AppData\Roaming\Microsoft
2008-04-09 04:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-30 01:29 --------- d-----w C:\Program Files\Audacity
2008-03-29 17:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-29 17:02 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-29 14:44 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-27 20:08 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-27 20:08 --------- d-----w C:\Program Files\Realtek
2008-03-24 15:56 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-24 04:44 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-24 04:43 --------- d-----w C:\Program Files\Common Files\Real
2008-03-18 17:04 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\Canon
2008-03-18 17:01 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\ArcSoft
2008-03-18 16:41 --------- d-----w C:\Program Files\Common Files\PDFView
2008-03-18 16:39 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\ScanSoft
2008-03-18 16:39 --------- d-----w C:\ProgramData\ScanSoft
2008-03-18 16:39 --------- d-----w C:\ProgramData\InstallShield
2008-03-18 16:39 --------- d-----w C:\Program Files\NewSoft
2008-03-18 16:39 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-03-18 16:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-18 16:38 --------- d-----w C:\Program Files\ScanSoft
2008-03-18 16:37 --------- d-----w C:\Program Files\Common Files\CANON
2008-03-18 16:37 --------- d-----w C:\Program Files\ArcSoft
2008-03-18 16:36 --------- d-----w C:\Program Files\Canon
2008-03-18 16:35 --------- d--h--w C:\Program Files\CanonBJ
2008-03-18 00:29 --------- d-----w C:\Program Files\CamStudio
2008-03-13 23:04 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\Adobe
2008-03-10 23:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-09 00:29 --------- d-----w C:\Program Files\Google
2008-03-08 15:07 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\Real
2008-03-08 15:05 --------- d-----w C:\Program Files\Real
2008-03-07 12:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-03-07 12:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-03-07 12:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
2008-03-07 12:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-03-07 12:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-03-07 12:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-03-07 12:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-03-07 12:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-03-06 21:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-03-04 20:00 --------- d--h--w C:\Program Files\Common Files\Soap218
2008-03-04 12:39 --------- d-----w C:\Program Files\IrfanView
2008-03-04 00:09 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\LG Electronics
2008-03-02 16:19 494,248 ----a-w C:\Windows\System32\24-FR.scr
2008-03-02 16:18 --------- d-----w C:\Program Files\24-FR
2008-03-02 15:32 --------- d-----w C:\Program Files\SunTimes
2008-02-20 17:56 118,784 ------r C:\Windows\bwUnin-7.2.0.157-8876480SL.exe
.

((((((((((((((((((((((((((((( snapshot_2008-05-01_18.44.20,79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-01 16:36:25 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-01 16:49:00 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-01 16:36:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-01 16:48:36 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-01 16:25:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-01 16:44:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-01 16:25:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-01 16:44:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-01 16:25:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-01 16:44:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 13:40 1783400]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-03-12 01:09 1429504]
"Meteo Fusion"="C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe" [2007-04-12 14:01 294912]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\" [2008-02-20 19:56 8192]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-09 02:29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 20:31 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 16:59 115816]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 09:35 20480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-24 06:43 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-20 19:56:08 196608]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-09 02:29:27 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C811BB3A-C6BF-48F1-A9B2-9E3A25CD7478}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{EF6CA61F-9863-45F4-8549-FD48443B7E7E}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AD63F5DE-D4D5-42A6-8136-9102C7EF05E3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{0AB6ED54-0E52-40D4-9621-20AB7D749574}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{66FF50A4-40D9-4C3E-A4CD-BC4C3A933208}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{DBCB39EF-C1D7-4419-9ECE-DE15D7C52483}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{2B83BC5B-2FC0-449C-91AE-F09F87BA0CCF}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{069B212C-2947-402F-BD6A-6350E37F07BA}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{800E623B-F966-404B-BD1A-EFB2E7600C37}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15BAABF4-066D-4AC3-9084-0EA894789355}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{88CF437A-59B2-47DF-826A-CFB3369FAFDE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B14462A1-9BF8-4428-865B-2D8469B489FC}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{0244B739-83BE-4C7C-BB8F-2C5ED85337F0}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{31E4C11F-CF60-452F-88C0-0F674221F709}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6D084173-29C1-4B27-8106-794BD37F6CA7}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080429.001\IDSvix86.sys [2008-02-14 03:51]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 02:35]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39]

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-28 18:46:06 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Gwenaël.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 18:56:25
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-05-01 19:07:33
ComboFix-quarantined-files.txt 2008-05-01 17:03:48
ComboFix2.txt 2008-05-01 16:46:20
ComboFix3.txt 2008-04-30 16:49:13

Pre-Run: 99,803,164,672 octets libres
Post-Run: 98,295,459,840 octets libres

262 --- E O F --- 2008-04-30 23:34:11

A suivre : le rapport de Hijackthis.

Voici le nouveau rapport de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:42:02, on 30/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Evidence Eliminator\Ee.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [Meteo Fusion] "C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: bw+0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {48546A79-9426-42B0-A3EB-678A0350442B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
End of file - 25343 bytes


Je vais maintenant essayer de ré-installer Skype à partir du lien que tu m'as donné. C'était d'ailleurs ma première idée, à savoir que je m'étais demandé s'il n'y avait pas un lien entre le fait que j'aie installé le Service Pack 1 et le fait que Skype ne fonctionne plus.

Re!

Eh bien c'est à nouveau l'échec... avec toujours les mêmes messages d'erreur :

1/ "impossible d'ouvrir la clé HKEY_CURRENT_ USERS \Software\ Skype\ Phone\ UI . vérifiez que vous disposez des droits suffisants pour cette clé ou contactez votre service de support technique."...


2/Skype information :" L'installation de Skype a échoué : erreur 1603."

On n'en sort pas ...

Je vais faire un scan avec Panda comme hier soir ... je vais m'absenter pendant ce temps-là. Je te poste le résultat à mon retour.

Merci !!

Tu as mal fais ceci:

regarde ce lien:

pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif



___________


telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !



Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :




File::
C:\Program Files\Evidence Eliminator
C:\Program Files\Evidence Eliminator\ee.exe



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

___________________

desactive windows defender et norton puis esssyae de remettre skype

________________
si cela persiste: fais un scan en ligne

Merci pour ta réponse.

Je verrai demain ce que j'ai mal fait ....

Je ne sais pas ce qu'est Windows defender, on le désactive comment ?

En attendant, voici le rapport de Panda :

;***********************************************************­************************************************************­************************************************************­
ANALYSIS: 2008-05-01 23:33:04
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 0
;***********************************************************­************************************************************­************************************************************­
PROTECTIONS
Description Version Active Updated
;===========================================================­============================================================­============================================================­
Norton Internet Security 2007 Yes Yes
;===========================================================­============================================================­============================================================­
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===========================================================­============================================================­============================================================­
00139535 Application/Processor HackTools No 0 Yes No C:\Users\Gwenaël\Desktop\SmitfraudFix\Process.exe
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Gwenaël\AppData\Roaming\Microsoft\Windows\Cookies\L­ow\gwenaël@xiti[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Gwenaël\AppData\Roaming\Microsoft\Windows\Cookies\L­ow\gwenaël@xiti[1].txt
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Users\Gwenaël\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.­cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\Windows\PSEXESVC.EXE
;===========================================================­============================================================­============================================================­
SUSPECTS
Sent Location �R��`�
3

;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �R��`�
3

;===================================================================================================================================================================================
;===================================================================================================================================================================================

Merci, à demain!

Je me permets de te laisser un dernier message pour te dire que j'ai regardé le lien (gif) que tu m'as donné pour fusionner. C'est bien ce que j'ai fait pourtant...

J'ai mis ceci...: File::
C:\Program Files\Evidence Eliminator
C:\Program Files\Evidence Eliminator\ee.exe

...dans un fichier texte sur mon bureau que j'ai renommé ( différent d'enregister?...) CFscript avant de le fusionner...

Enfin, je recommencerai demain.

Une dernière interrogation : en regardant dans les propriétés de ComboFix, je ne vois pas qu'il soit compatible avec Vista ... mais comme je n'y connais rien, ça n'a sans doute rien à voir !

Bonne nuit !

Ok essaye de refaire

sinon:


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur http://up.sur-la-toile.com/sadW
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Windows\PSEXESVC.EXE
C:\Program Files\Evidence Eliminator
C:\Program Files\Evidence Eliminator\ee.exe


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

Bonsoir,

J'ai recommencé la manip' avec Combofix. J'espère avoir bien fait cette fois. Par contre , je n'ai jamais eu ceci : "Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. " Le programme s'est mis en route tout seul dès que j'ai glissé-collé le fichier texte CFscript...

Voici le rapport :

ComboFix 08-04-29.3 - Gwenaël 2008-05-02 18:18:15.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1962 [GMT 2:00]
Endroit: C:\Users\Gwenaël\Desktop\ComboFix.exe
Command switches used :: C:\Users\Gwenaël\Desktop\CFscript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Program Files\Evidence Eliminator
C:\Program Files\Evidence Eliminator\ee.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.

2008-05-01 02:10 . 2008-05-01 02:11 <REP> d-------- C:\Program Files\Panda Security
2008-05-01 02:06 . 2008-05-01 02:06 <REP> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-01 02:03 . 2008-05-01 02:03 <REP> d-------- C:\Windows\BDOSCAN8
2008-05-01 01:55 . 2008-05-01 01:55 691 --a------ C:\Users\Gwenaël\AppData\Roaming\GetValue.vbs
2008-05-01 01:55 . 2008-05-01 01:55 35 --a------ C:\Users\Gwenaël\AppData\Roaming\SetValue.bat
2008-04-30 19:12 . 2008-05-01 01:55 5,584 --a------ C:\Windows\System32\tmp.reg
2008-04-30 00:41 . 2008-04-30 00:41 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:26 . 2008-04-21 16:26 <REP> d-------- C:\Program Files\Windows Installer Clean Up
2008-04-21 05:58 . 2008-04-21 16:25 <REP> d-------- C:\Program Files\MSECACHE
2008-04-18 23:45 . 2008-04-18 23:45 <REP> d-------- C:\Users\All Users\Apple
2008-04-18 23:45 . 2008-04-18 23:45 <REP> d-------- C:\ProgramData\Apple
2008-04-18 23:45 . 2008-04-18 23:45 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-18 17:35 . 2008-04-18 17:35 <REP> d-------- C:\Users\Gwenaël\AppData\Roaming\NeroDCTemplates
2008-04-17 05:46 . 2008-04-17 05:46 <REP> d-------- C:\PerfLogs
2008-04-17 05:12 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-17 05:11 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-17 05:10 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-17 05:10 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-17 05:10 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-17 05:10 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-17 05:10 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-17 05:10 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-17 05:10 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-17 05:10 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-17 05:10 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-17 05:10 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-04-15 14:45 . 2008-04-15 14:45 <REP> d-------- C:\Program Files\Shareaza
2008-04-14 20:38 . 2001-06-12 01:20 28,944 --a------ C:\Windows\System32\temp.04C
2008-04-14 20:38 . 2001-08-17 00:00 22,528 --a------ C:\Windows\System32\temp.04B
2008-04-14 20:37 . 2006-11-27 15:54 433,152 --a------ C:\Windows\System32\temp.049
2008-04-14 20:37 . 2004-08-04 13:00 276,992 --a------ C:\Windows\System32\temp.04A
2008-04-14 20:37 . 2004-08-04 13:00 3,584 --a------ C:\Windows\System32\temp.048
2008-04-14 20:34 . 2001-03-13 15:53 326,656 --a------ C:\Windows\System32\temp.047
2008-04-14 20:33 . 2000-08-20 22:00 1,388,544 --a------ C:\Windows\System32\temp.046
2008-04-14 20:33 . 2001-03-13 15:47 598,288 --a------ C:\Windows\System32\temp.042
2008-04-14 20:33 . 2001-03-13 15:47 164,112 --a------ C:\Windows\System32\temp.043
2008-04-14 20:33 . 2001-03-13 15:45 147,728 --a------ C:\Windows\System32\temp.044
2008-04-14 20:33 . 2001-03-13 15:47 17,920 --a------ C:\Windows\System32\temp.045
2008-04-11 22:28 . 2008-04-20 18:59 <REP> d-------- C:\Users\Gwenaël\AppData\Roaming\Roxio
2008-04-09 02:29 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-09 02:29 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-09 02:29 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-09 02:29 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-09 02:29 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 02:29 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-09 02:29 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 02:29 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 02:29 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 02:29 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 02:26 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-09 02:25 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-09 02:25 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-09 02:25 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-04 21:37 . 2008-04-04 21:37 <REP> d-------- C:\Users\All Users\Apple Computer
2008-04-04 21:37 . 2008-04-04 21:37 <REP> d-------- C:\ProgramData\Apple Computer
2008-04-04 21:37 . 2008-04-04 21:38 <REP> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 16:22 4,456,448 --sha-w C:\Users\Gwenaël\NTUSER.DAT
2008-05-02 16:22 4,456,448 --sha-w C:\Users\Gwenaël\NTUSER.DAT
2008-05-02 16:11 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs
2008-05-02 03:43 --------- d-----w C:\ProgramData\Google Updater
2008-04-30 23:55 691 ----a-w C:\Users\Gwenaël\AppData\Roaming\GetValue.vbs
2008-04-30 23:55 35 ----a-w C:\Users\Gwenaël\AppData\Roaming\SetValue.bat
2008-04-30 16:15 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-04-22 02:20 --------- d-----w C:\ProgramData\Symantec
2008-04-20 16:59 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\Roxio
2008-04-18 23:15 --------- d-----w C:\Program Files\Paint.NET
2008-04-18 21:47 --------- d---a-w C:\ProgramData\TEMP
2008-04-18 21:47 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-18 15:35 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\NeroDCTemplates
2008-04-18 04:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 04:03 --------- d-----w C:\Program Files\LG PC Suite
2008-04-18 03:41 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\POP Peeper
2008-04-17 03:56 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Mail
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 03:48 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 03:28 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-17 03:28 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-16 22:34 --------- d-----w C:\Program Files\POP Peeper
2008-04-16 12:25 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-04-11 20:26 --------- d-----w C:\ProgramData\Sonic
2008-04-10 16:21 --------- d-s---w C:\Users\Gwenaël\AppData\Roaming\Microsoft
2008-04-09 04:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-30 01:29 --------- d-----w C:\Program Files\Audacity
2008-03-29 17:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-29 17:02 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-29 14:44 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-27 20:08 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-27 20:08 --------- d-----w C:\Program Files\Realtek
2008-03-24 15:56 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-24 04:44 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-24 04:43 --------- d-----w C:\Program Files\Common Files\Real
2008-03-18 17:04 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\Canon
2008-03-18 17:01 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\ArcSoft
2008-03-18 16:41 --------- d-----w C:\Program Files\Common Files\PDFView
2008-03-18 16:39 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\ScanSoft
2008-03-18 16:39 --------- d-----w C:\ProgramData\ScanSoft
2008-03-18 16:39 --------- d-----w C:\ProgramData\InstallShield
2008-03-18 16:39 --------- d-----w C:\Program Files\NewSoft
2008-03-18 16:39 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-03-18 16:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-18 16:38 --------- d-----w C:\Program Files\ScanSoft
2008-03-18 16:37 --------- d-----w C:\Program Files\Common Files\CANON
2008-03-18 16:37 --------- d-----w C:\Program Files\ArcSoft
2008-03-18 16:36 --------- d-----w C:\Program Files\Canon
2008-03-18 16:35 --------- d--h--w C:\Program Files\CanonBJ
2008-03-18 00:29 --------- d-----w C:\Program Files\CamStudio
2008-03-13 23:04 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\Adobe
2008-03-10 23:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-09 00:29 --------- d-----w C:\Program Files\Google
2008-03-08 15:07 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\Real
2008-03-08 15:05 --------- d-----w C:\Program Files\Real
2008-03-07 12:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-03-07 12:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-03-07 12:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
2008-03-07 12:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-03-07 12:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-03-07 12:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-03-07 12:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-03-07 12:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-03-06 21:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-03-04 20:00 --------- d--h--w C:\Program Files\Common Files\Soap218
2008-03-04 12:39 --------- d-----w C:\Program Files\IrfanView
2008-03-04 00:09 --------- d-----w C:\Users\Gwenaël\AppData\Roaming\LG Electronics
2008-03-02 16:19 494,248 ----a-w C:\Windows\System32\24-FR.scr
2008-03-02 16:18 --------- d-----w C:\Program Files\24-FR
2008-03-02 15:32 --------- d-----w C:\Program Files\SunTimes
2008-02-20 17:56 118,784 ------r C:\Windows\bwUnin-7.2.0.157-8876480SL.exe
.

((((((((((((((((((((((((((((( snapshot_2008-05-02_17.35.50,28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-01 21:54:06 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-02 16:11:55 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-01 21:52:54 473,032 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-05-02 16:10:04 473,032 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-05-01 21:54:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-02 16:11:56 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-01 21:54:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-02 16:11:56 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-02 15:09:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-02 16:14:53 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-02 11:15:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-02 16:13:33 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-02 16:13:33 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-02 15:30:30 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-02 16:17:34 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-01 21:55:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-02 16:13:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-02 16:13:28 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-02 15:25:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-02 16:17:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-02 15:25:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-02 16:17:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-02 15:25:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-02 16:17:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-01 22:00:48 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-02 16:18:52 101,052 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-01 22:00:48 123,350 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-02 16:18:52 123,350 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-01 22:00:48 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-02 16:18:52 586,980 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-01 22:00:48 669,340 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-02 16:18:53 669,340 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-01 21:56:01 6,588 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-842094086-1907801069-3841187241-1001_UserData.bin
+ 2008-05-02 16:13:54 6,588 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-842094086-1907801069-3841187241-1001_UserData.bin
- 2008-05-01 21:56:01 58,534 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-02 16:13:54 58,534 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-01 21:55:59 46,276 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-02 16:13:51 46,444 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 13:40 1783400]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-03-12 01:09 1429504]
"Meteo Fusion"="C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe" [2007-04-12 14:01 294912]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\" [2008-02-20 19:56 8192]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-09 02:29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 20:31 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 16:59 115816]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 09:35 20480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-24 06:43 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-20 19:56:08 196608]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-09 02:29:27 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C811BB3A-C6BF-48F1-A9B2-9E3A25CD7478}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{EF6CA61F-9863-45F4-8549-FD48443B7E7E}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AD63F5DE-D4D5-42A6-8136-9102C7EF05E3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{0AB6ED54-0E52-40D4-9621-20AB7D749574}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{66FF50A4-40D9-4C3E-A4CD-BC4C3A933208}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{DBCB39EF-C1D7-4419-9ECE-DE15D7C52483}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{2B83BC5B-2FC0-449C-91AE-F09F87BA0CCF}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{069B212C-2947-402F-BD6A-6350E37F07BA}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{800E623B-F966-404B-BD1A-EFB2E7600C37}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15BAABF4-066D-4AC3-9084-0EA894789355}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{88CF437A-59B2-47DF-826A-CFB3369FAFDE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B14462A1-9BF8-4428-865B-2D8469B489FC}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{0244B739-83BE-4C7C-BB8F-2C5ED85337F0}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{31E4C11F-CF60-452F-88C0-0F674221F709}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6D084173-29C1-4B27-8106-794BD37F6CA7}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080429.001\IDSvix86.sys [2008-02-14 03:51]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 02:35]

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-28 18:46:06 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Gwenaël.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 18:25:45
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-05-02 18:48:49
ComboFix-quarantined-files.txt 2008-05-02 16:45:03
ComboFix2.txt 2008-05-01 17:07:53
ComboFix3.txt 2008-05-01 16:46:20
ComboFix4.txt 2008-04-30 16:49:13

Pre-Run: 102,697,537,536 octets libres
Post-Run: 101,926,309,888 octets libres

297 --- E O F --- 2008-05-02 00:27:03


J'ai 3 questions ! Désolé ...

1/ Tu m'as conseillé hier d'essayer de ré-installer Skype en désactivant Windows Defender, mais je ne sais pas comment faire ça... pourrais -tu me guider, s'il-te-plaït ?

2/ Dois-je utiliser OTMoveIt maintenant ?

3/ A chaque fois que j'utilise Combofix, cela provoque une erreur dans Norton, au niveau de la protection contre le phishing et je je suis obligé de passer par le site de Symantec pour la corriger , est-ce normal et cela évoque-t-il quelquechose pour toi ?

Merci !!

Oui fais otmovit,

recolle un hijackthis


pour desactiver windows defender, lance le (en allant dans DEMARRER puis TOUS LES PROGRAMMES) puis dans les option désactive la protection en temps réel