Encore les fenêtre indésirables...Résolu/Fermé

Question

Bonjour,

Il y a plusieurs jours que des fenêtre de pub s'ouvre. Comment arrêter ces interventions de pub. J'ai HiJackThis cependant je ne sais pas quoi supprimer. Pouvez-vous m'aider?

ep44 · Answer

Bonsoir 

pour commencer 

Télécharge sur le Bureau HijackThis  

http://download.hijackthis.eu/HJTInstall.exe

= Double-clic dessus pour l'installer 
= Clic Do a system scan and save the log
= Colle le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 

@+

Gingin_89 · Answer

ok voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:08, on 2008-06-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HP\KBD\KBD.EXE
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [20a01854] rundll32.exe "C:\WINDOWS\system32	kdepdkc.dll",b
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BM23932bc8] Rundll32.exe "C:\WINDOWS\system32\lbixvkxy.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O18 - Protocol: bw+0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

ep44 · Answer

Bonjour 

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec 

------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------

= Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
= Appuie sur Y pour commencer le processus de nettoyage.
= Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
= Appuie sur une touche pour redémarrer le PC.
= Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
= Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
= Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
= Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
= Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse


ensuite 

Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation 
http://www.swl1f.net/viewtopic.php?f=14&t=68


=> Installe le 
=> Ensuite va en mode sans echec 


   Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
   Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel


=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport 

--------------------------

ensuite 

* Télécharge CCleaner 
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser 
http://www.swl1f.net/viewtopic.php?f=14&t=69

--------------------------

Ensuite refais un nouveau rapport HijackThis stp
@+

Gingin_89 · Answer

Voici le rapport SDfix:

[b]SDFix: Version 1.197 [/b]
Run by HP_Administrateur on 2008-06-27 at 17:09

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\HP_ADM~1\Bureau\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\WINDOWS\system32\ssqPfgdA.dll - Deleted
C:\WINDOWS\system32\WINWIL32.dll - Deleted
C:\Documents and Settings\HP_Administrateur\Mes documents\My Documents.url - Deleted
C:\Documents and Settings\HP_Administrateur\Mes documents\Ma musique\My Music.url - Deleted
C:\Documents and Settings\HP_Administrateur\Mes documents\Mes images\My Pictures.url - Deleted
C:\Documents and Settings\HP_Administrateur\Mes documents\Mes vid‚os\My Video.url - Deleted





Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 17:26:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1098 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Services en ligne\AOL\waol.exe"="C:\Program Files\Services en ligne\AOL\waol.exe:*:Enabled:AOL Canada"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe"="C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate"
"C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe"="C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate Dedicated Server"
"C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\win48.exe"="C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\win48.exe:*:Enabled:win48"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\HP_ADM~1\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 12 Mar 2008           211 A.SHR --- "C:\BOOT.BAK"
Thu 13 Mar 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed  7 May 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT5D.tmp"
Thu 13 Mar 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT1.tmp"

[b]Finished![/b]

Gingin_89 · Answer

Voici le rapport Malwarebytes:

Malwarebytes' Anti-Malware 1.18
Version de la base de données: 870

15:41:26 2008-06-28
mbam-log-6-28-2008 (15-41-26).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 282080
Temps écoulé: 2 hour(s), 54 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 12
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 26

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ExplNetProjowser Helper Objects\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM23932bc8 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3GSXAC8Pxlyddhv[1].htm (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\5AZOFST2
kxbc[1].htm (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\9045YU0K\plmzrevwn[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\A8XXCDR1\dsuper[1].htm (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\E5007NH7\vsskkbc[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\FL37DGZ2\dsuper1[1].htm (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\G27P0PR4xlyddhv[1].htm (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KQTLPNL3
kxbc[1].htm (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\L7XWVAM5\vsskkbc[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP114\A0025938.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP114\A0025939.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP114\A0025940.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP114\A0025971.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP121\A0030457.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP123\A0030975.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP123\A0030996.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP126\A0032627.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP85\A0020346.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP85\A0020362.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP85\A0020364.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP85\A0020365.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP87\A0021330.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP87\A0021344.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mfbddfoa.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Gingin_89 · Answer

Et finallement le rapport HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:58, on 2008-06-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {16E746CD-096C-4137-B78B-81FD6E2FDA3C} - C:\WINDOWS\system32\AudPlaye.dll
O2 - BHO: (no name) - {1F34EAF0-2919-4C85-B734-E267BD31EF99} - C:\WINDOWS\system32\AudPlaye.dll
O2 - BHO: (no name) - {3435D860-2E0E-4C8A-9916-C66BB1E599C2} - C:\WINDOWS\system32\AudPlaye.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {7443d6fb-d875-e419-e294-2de97d9a4777} - {7774a9d7-9ed2-492e-914e-578dbf6d3447} - C:\WINDOWS\system32\dksoux.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: bw+0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

ep44 · Answer

ok

Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+

Gingin_89 · Answer

Voici le rapport DiagHelp: DiagHelp version v1.4 - http://www.malekal.com excute le 2008-06-28 à 16:11:25,42 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->2008-06-28 16:10:45 C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-090074F0.pf -->2008-06-28 16:07:46 C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf -->2008-06-28 16:07:35 C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->2008-06-28 16:05:26 C:\WINDOWS\prefetch\IGFXSRVC.EXE-1D88F978.pf -->2008-06-28 16:05:04 C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->2008-06-28 16:04:19 C:\WINDOWS\prefetch\CALC.EXE-02A5B4B1.pf -->2008-06-28 16:03:54 C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->2008-06-28 15:59:07 C:\WINDOWS\prefetch\CTFMON.EXE-05E57A5E.pf -->2008-06-28 15:47:00 C:\WINDOWS\prefetch\ISSCH.EXE-2EFA1349.pf -->2008-06-28 15:46:58 C:\WINDOWS\System32\drivers\secdrv.sys -->2008-06-27 18:45:10 C:\WINDOWS\System32\drivers\mbamcatchme.sys -->2008-06-19 17:48:04 C:\WINDOWS\System32\drivers\mbam.sys -->2008-06-19 17:47:58 C:\WINDOWS\System32\drivers\bthport.sys -->2008-06-14 13:59:52 C:\WINDOWS\System32\drivers mcast.sys -->2008-05-08 08:28:49 C:\WINDOWS\System32\drivers\sptd.sys -->2008-03-30 16:14:15 C:\WINDOWS\System32\drivers\scdemu.sys -->2008-03-14 02:04:29 C:\WINDOWS\System32\d3d8caps.dat -->2008-06-27 17:51:51 C:\WINDOWS\System32\ckdpedkt.ini -->2008-06-27 13:03:43 C:\WINDOWS\System32\extbcgow.dll -->2008-06-27 13:02:59 C:\WINDOWS\System32\dksoux.dll -->2008-06-27 13:02:59 C:\WINDOWS\System32\aclsqhlw.dll -->2008-06-27 13:00:24 C:\WINDOWS\System32\wgmgaqlm.dll -->2008-06-26 16:39:05 C:\WINDOWS\System32\bnjxdoic.dll -->2008-06-26 16:36:49 C:\WINDOWS\System32\2b83dc2a-.txt -->2008-06-26 16:36:17 C:\WINDOWS\System32\mcrh.tmp -->2008-06-26 15:05:25 C:\WINDOWS\System32\wglpsjrp.ini -->2008-06-26 11:47:23 C:\WINDOWS\System32\hshyercg.dll -->2008-06-26 11:47:03 C:\WINDOWS\System32\lbixvkxy.dll -->2008-06-26 11:45:09 C:\WINDOWS\System32 mp.txt -->2008-06-26 09:20:24 C:\WINDOWS\System32 mp.reg -->2008-06-26 09:20:24 C:\WINDOWS\System32\lwockxsw.dll -->2008-06-25 10:05:04 C:\WINDOWS\System32\khoxxvoj.dll -->2008-06-25 10:04:34 C:\WINDOWS\System32\ocqnnwbq.ini -->2008-06-25 10:03:14 C:\WINDOWS\System32\mapisvc.inf -->2008-06-24 22:01:03 C:\WINDOWS\System32\ksbpiqfi.dll -->2008-06-24 20:06:22 C:\WINDOWS\System32\FNTCACHE.DAT -->2008-06-22 10:23:33 C:\WINDOWS\System32\wpa.dbl -->2008-06-20 17:07:56 C:\WINDOWS\System32\CmdLineExt03.dll -->2008-06-19 17:00:21 C:\WINDOWS\System32\PerfStringBackup.INI -->2008-06-17 11:31:25 C:\WINDOWS\System32\perfh00C.dat -->2008-06-17 11:31:25 C:\WINDOWS\System32\perfh009.dat -->2008-06-17 11:31:25 C:\WINDOWS\WindowsUpdate.log -->2008-06-28 16:10:32 C:\WINDOWS\SchedLgU.Txt -->2008-06-28 16:00:00 C:\WINDOWS\0.log -->2008-06-28 15:44:51 C:\WINDOWS\QTFont.qfn -->2008-06-28 15:44:40 C:\WINDOWS\wiadebug.log -->2008-06-28 15:44:33 C:\WINDOWS\wiaservc.log -->2008-06-28 15:44:32 C:\WINDOWS\bootstat.dat -->2008-06-28 15:44:04 C:\WINDOWS tbtlog.txt -->2008-06-28 15:42:24 C:\WINDOWS\pskt.ini -->2008-06-28 12:34:02 C:\WINDOWS\BM23932bc8.xml -->2008-06-27 15:51:42 C:\WINDOWS\setupapi.log -->2008-06-27 10:36:54 C:\WINDOWS\BM23932bc8.txt -->2008-06-26 16:41:14 C:\WINDOWS\MAPPER.INI -->2008-06-26 16:12:50 C:\WINDOWS\setupact.log -->2008-06-26 09:23:26 C:\WINDOWS\FaxSetup.log -->2008-06-25 11:30:39 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1996 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xd0000 7.00.6000.16674 C:\WINDOWS\system32\WININET.dll 0x00440000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16674 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x44360000 0x5cd000 7.00.6000.16674 C:\WINDOWS\system32\ieframe.dll 0x44160000 0x127000 7.00.6000.16674 C:\WINDOWS\system32\urlmon.dll 0x442b0000 0x3c000 7.00.6000.16674 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x01f00000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x67320000 0x2f000 2005.01.0000.0163 C:\PROGRA~1\FICHIE~1\SYMANT~1\ANTISPAM\asOEHook.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x00e30000 0x17000 9.05.0000.1098 C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll 0x10000000 0x6000 6.03.0002.0116 C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll 0x6af30000 0x3d000 103.00.0009.0002 c:\Program Files\Fichiers communs\Symantec Shared\ccL30.dll 0x05e10000 0x39000 C:\WINDOWS\system32\dksoux.dll 0x61310000 0x54000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll 0x60e20000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.4\program\stlport_vc7145.dll 0x064a0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 0x064f0000 0x2e000 C:\Program Files\WinRAR arext.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x07f10000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01b70000 0x26000 3.00.0000.4332 C:\WINDOWS\system32\igfxpph.dll 0x00c20000 0x13000 3.00.0000.4332 C:\WINDOWS\system32\hccutils.DLL 0x02f20000 0x24000 3.00.0000.4332 C:\WINDOWS\system32\igfxres.dll 0x06ce0000 0x16f000 3.00.0000.4332 C:\WINDOWS\system32\igfxress.dll 0x00e00000 0xe000 3.00.0000.4332 C:\WINDOWS\system32\igfxsrvc.dll 0x01110000 0x10000 1.00.0000.0001 C:\Program Files\LitexMedia\All To MP3 Converter\MP3ShellExt.dll 0x7c140000 0x103000 7.10.3077.0000 C:\WINDOWS\system32\MFC71.DLL 0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL 0x030c0000 0x35000 11.00.0009.0016 c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll 0x7c120000 0x19000 7.10.3077.0000 C:\WINDOWS\system32\ATL71.DLL 0x03170000 0x13000 7.00.0000.0011 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x06e50000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x034a0000 0x3c000 4.00.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL 0x016a0000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 0x41f00000 0x7000 1.01.0000.3917 C:\WINDOWS\system32\asfsipc.dll 0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL 0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL 0x36d30000 0x1a000 11.00.6551.0000 C:\PROGRA~1\MICROS~4\OFFICE11\MCPS.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 644 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 20A0-18FB Répertoire de C:\WINDOWS\system 1998-05-07 12:04 52 736 hpsysdrv.exe 1 fichier(s) 52 736 octets 0 Rép(s) 132 992 065 536 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 20A0-18FB Répertoire de C:\WINDOWS\system32 2004-08-10 14:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 132 992 065 536 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 20A0-18FB Répertoire de C:\WINDOWS\Downloaded Program Files 2008-06-17 13:54 . 2008-06-17 13:54 .. 2004-12-01 21:38 65 desktop.ini 2008-06-04 19:36 218 DivXPlugin.inf 2002-07-25 19:13 24 576 dwusplay.dll 2002-07-25 19:13 196 608 dwusplay.exe 2007-04-11 14:55 1 292 erma.inf 2007-05-23 10:57 2 595 888 ImageUploader4.ocx 2005-02-16 16:15 401 408 isusweb.dll 2006-06-20 15:44 379 704 MsnPUpld.dll 2006-06-19 14:40 393 MsnPUpld.inf 2007-07-30 19:24 295 muweb.inf 2007-05-10 15:50 334 piczo_fast_uploader.inf 2006-06-20 15:44 117 560 PURen-us.dll 2007-01-09 08:30 110 592 PURfr-ca.dll 2008-03-19 18:36 144 swdir.inf 14 fichier(s) 3 829 077 octets Total des fichiers listés : 14 fichier(s) 3 829 077 octets 2 Rép(s) 132 991 803 392 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP" "C:\Program Files\Services en ligne\AOL\waol.exe"="C:\Program Files\Services en ligne\AOL\waol.exe:*:Enabled:AOL Canada" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe"="C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate" "C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe"="C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate Dedicated Server" "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\win48.exe"="C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\win48.exe:*:Enabled:win48" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes" "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" Export de la clef SharedTaskScheduler [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-28 16:11:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000196 scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 136 - iTunesHelper.ex 516 - LVCOMSX.EXE 620 - csrss.exe 644 - winlogon.exe 688 - services.exe 700 - lsass.exe 852 - svchost.exe 908 - svchost.exe 972 - svchost.exe 1016 - svchost.exe 1068 - AppleMobileDevi 1104 - dllhost.exe 1148 - svchost.exe 1172 - iPodService.exe 1260 - ccProxy.exe 1312 - SNDSrvc.exe 1392 - CCEVTMGR.EXE 1628 - iexplore.exe 1688 - CCAPP.EXE 1808 - LVPrcSrv.exe 1852 - GoogleToolbarNo 1884 - ctfmon.exe 1916 - btdna.exe 1996 - explorer.exe 2108 - LogitechDesktop 2200 - MDM.EXE 2292 - svchost.exe 2340 - hpqtra08.exe 2408 - svchost.exe 2492 - Updates from HP 2528 - issch.exe 2636 - mcrdsvc.exe 2760 - symwsc.exe 3064 - hpqste08.exe 3324 - cmd.exe 3372 - alg.exe Total number of processes = 37 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32 tkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F7A88000 - \WINDOWS\system32\KDCOM.DLL F7998000 - \WINDOWS\system32\BOOTVID.dll F7389000 - spij.sys F7A8A000 - \WINDOWS\System32\Drivers\WMILIB.SYS F7371000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F7342000 - ACPI.sys F7331000 - pci.sys F7588000 - ohci1394.sys F7598000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F75A8000 - isapnp.sys F7B50000 - pciide.sys F7808000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F7A8C000 - viaide.sys F7A8E000 - intelide.sys F75B8000 - MountMgr.sys F7312000 - ftdisk.sys F7A90000 - dmload.sys F72EC000 - dmio.sys F7810000 - PartMgr.sys F75C8000 - VolSnap.sys F72D4000 - atapi.sys F75D8000 - disk.sys F75E8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F72B4000 - fltMgr.sys F72A2000 - sr.sys F7818000 - PxHelp20.sys F728B000 - KSecDD.sys F71FE000 - Ntfs.sys F71D1000 - NDIS.sys F71BE000 - sfvfs02.sys F7820000 - sfhlp02.sys F71AC000 - sfdrv01.sys F7191000 - Mup.sys F75F8000 - gagp30kx.sys F77C8000 - \SystemRoot\system32\DRIVERS\intelppm.sys F6AE4000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys F6AD0000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F6AAB000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F78E0000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F6A88000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F78E8000 - \SystemRoot\system32\DRIVERS\usbehci.sys F77D8000 - \SystemRoot\system32\DRIVERS ic1394.sys F6A75000 - \SystemRoot\system32\DRIVERS\Rtlnicxp.sys F6993000 - \SystemRoot\system32\DRIVERS\smserial.sys F78F0000 - \SystemRoot\System32\Drivers\Modem.SYS F697F000 - \SystemRoot\system32\DRIVERS\parport.sys F77E8000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F7A70000 - \SystemRoot\system32\DRIVERS\PS2.sys F78F8000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7900000 - \SystemRoot\system32\DRIVERS\mouclass.sys F77F8000 - \SystemRoot\system32\DRIVERS\imapi.sys F7648000 - \SystemRoot\system32\DRIVERS\cdrom.sys F7658000 - \SystemRoot\system32\DRIVERS edbook.sys F695C000 - \SystemRoot\system32\DRIVERS\ks.sys F7A74000 - \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys F7CD3000 - \SystemRoot\system32\DRIVERS\audstub.sys F76B8000 - \SystemRoot\system32\DRIVERS asl2tp.sys F7A80000 - \SystemRoot\system32\DRIVERS distapi.sys F6945000 - \SystemRoot\system32\DRIVERS diswan.sys F76C8000 - \SystemRoot\system32\DRIVERS aspppoe.sys F76D8000 - \SystemRoot\system32\DRIVERS aspptp.sys F7910000 - \SystemRoot\system32\DRIVERS\TDI.SYS F6894000 - \SystemRoot\system32\DRIVERS\psched.sys F76E8000 - \SystemRoot\system32\DRIVERS\msgpc.sys F7918000 - \SystemRoot\system32\DRIVERS\ptilink.sys F7920000 - \SystemRoot\system32\DRIVERS aspti.sys F6863000 - \SystemRoot\system32\DRIVERS dpdr.sys F7708000 - \SystemRoot\system32\DRIVERS ermdd.sys F7AD6000 - \SystemRoot\system32\DRIVERS\swenum.sys F680A000 - \SystemRoot\system32\DRIVERS\update.sys F715D000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F7718000 - \SystemRoot\System32\Drivers\NDProxy.SYS AACA1000 - \SystemRoot\system32\drivers\RtkHDAud.sys AAC7F000 - \SystemRoot\system32\drivers\portcls.sys F7748000 - \SystemRoot\system32\drivers\drmk.sys F7758000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7AE2000 - \SystemRoot\system32\DRIVERS\USBD.SYS F7A38000 - \SystemRoot\system32\drivers\MODEMCSA.sys F7AE6000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7CAA000 - \SystemRoot\System32\Drivers\Null.SYS F7AE8000 - \SystemRoot\System32\Drivers\Beep.SYS F7930000 - \SystemRoot\System32\drivers\vga.sys F7AEA000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7AEC000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7938000 - \SystemRoot\System32\Drivers\Msfs.SYS F7940000 - \SystemRoot\System32\Drivers\Npfs.SYS F7A44000 - \SystemRoot\system32\DRIVERS asacd.sys AAC24000 - \SystemRoot\system32\DRIVERS\ipsec.sys AABCC000 - \SystemRoot\system32\DRIVERS cpip.sys AAB8C000 - \SystemRoot\System32\Drivers\SYMTDI.SYS AAB6F000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS F7A50000 - \SystemRoot\System32\Drivers\SYMREDRV.SYS F7AEE000 - \SystemRoot\System32\Drivers\SYMDNS.SYS F7788000 - \SystemRoot\System32\Drivers\SYMNDIS.SYS AAB1E000 - \SystemRoot\System32\Drivers\SYMFW.SYS F7948000 - \SystemRoot\System32\Drivers\SYMIDS.SYS AAAE0000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20080312.001\symidsco.sys AAAB8000 - \SystemRoot\system32\DRIVERS etbt.sys AAA96000 - \SystemRoot\System32\drivers\afd.sys F7798000 - \SystemRoot\system32\DRIVERS etbios.sys F7950000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys AA9A4000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys F77B8000 - \SystemRoot\System32\Drivers\SCDEmu.SYS AA979000 - \SystemRoot\system32\DRIVERS dbss.sys AA8E2000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F7668000 - \SystemRoot\System32\Drivers\Fips.SYS AA8C1000 - \SystemRoot\system32\DRIVERS\ipnat.sys F7678000 - \SystemRoot\system32\DRIVERS\wanarp.sys F7688000 - \SystemRoot\system32\DRIVERS\arp1394.sys AA8AE000 - \SystemRoot\system32\DRIVERS\avipbb.sys F7AF2000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys AA88B000 - \SystemRoot\System32\Drivers\Fastfat.SYS F76A8000 - \SystemRoot\system32\drivers\lvusbsta.sys AA5FA000 - \SystemRoot\system32\DRIVERS\LV561AV.SYS F6935000 - \SystemRoot\system32\DRIVERS\STREAM.SYS F6925000 - \SystemRoot\System32\Drivers\Cdfs.SYS F7968000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS F7970000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F6915000 - \SystemRoot\system32\drivers\usbaudio.sys AAC6F000 - \SystemRoot\system32\DRIVERS\hidusb.sys F6905000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F7978000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS AA5E2000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7AF6000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys AAB67000 - \SystemRoot\System32\drivers\Dxapi.sys F7980000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7B57000 - \SystemRoot\System32\drivers\dxgthk.sys BF9E3000 - \SystemRoot\System32\ialmdnt5.dll BF9D5000 - \SystemRoot\System32\ialmrnt5.dll BFA05000 - \SystemRoot\System32\ialmdev5.DLL BFA36000 - \SystemRoot\System32\ialmdd5.DLL AA4CA000 - \SystemRoot\system32\DRIVERS disuio.sys A9E4D000 * --[Hidden]-- A9FEA000 - \SystemRoot\system32\drivers\sysaudio.sys A99C7000 - \SystemRoot\system32\DRIVERS\mrxdav.sys A97F6000 - \SystemRoot\System32\Drivers\HTTP.sys A977C000 - \SystemRoot\system32\DRIVERS\srv.sys A9679000 - \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS A9154000 - \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS A907B000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080312.003\NavEx15.Sys A9068000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080312.003\NAVENG.Sys F7908000 - \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys BFFA0000 - \SystemRoot\System32\ATMFD.DLL A851F000 - \SystemRoot\system32\drivers\kmixer.sys F7BFA000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 149 Liste des programmes installes 1600 1600_Help 1600Trb Adobe Acrobat 4.0 Adobe Flash Player ActiveX Adobe Reader 7.0 - Français Adobe Shockwave Player AiO_Scan AiOSoftware All To MP3 Converter 2.15 Apple Mobile Device Support Apple Software Update Archiveur WinRAR Assistant de connexion Windows Live Audacity 1.2.6 Avira AntiVir Personal – Free Antivirus Berlin Subway Blender (remove only) BufferChm Bus Driver 1.0 Bus Simulator 2008 Demo BVE 4 CameraDrivers CameraDrivers CamStudio 2.0 Fr Camtasia Studio 5 CC_ccProxyExt ccCommon CCleaner (remove only) ccPxyCore CEP - Color Enable Package Chrono LMW 3 avec Protection par mot de passe Clue Connexion Facile à Internet Connexion Facile à Internet Correctif Lecteur Windows Media 10 [Voir KB889858 pour plus d'informations] Correctif n° 2 pour Windows XP Édition Media Center 2005 Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows Internet Explorer 7 (KB947864) Correctif pour Windows XP (KB888795) Correctif pour Windows XP (KB891593) Correctif pour Windows XP (KB899337) Correctif pour Windows XP (KB899510) Correctif pour Windows XP (KB902841) Correctif pour Windows XP (KB914440) Correctif pour Windows XP (KB935448) Correctif Windows XP - KB873339 Correctif Windows XP - KB883667 Correctif Windows XP - KB885250 Correctif Windows XP - KB885354 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB891220 Correctif Windows XP - KB891781 Correctif Windows XP - KB893066 Correctif Windows XP - KB895961 CP_AtenaShokunin1Config CP_CalendarTemplates1 CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config CueTour Destinations DeviceManagementQFolder DirectX Media Runtime 5.1 DivX Web Player DocProc DocumentViewer DocumentViewerQFolder Dragon NaturallySpeaking 9 Encyclopédie Microsoft Encarta 2005 EVAG B80C 5103 Fax Firebird SQL Server - MAGIX Edition Fly The Airbus A380 v2 for FS2004 GameSpy Arcade GemMaster Mystic GIMP 2.4.5 Google Toolbar for Internet Explorer High Definition Audio - KB888111 HijackThis 2.0.2 Hotel Solitaire Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Appareils photos Photosmart 5.0 HP Boot Optimizer HP Deskjet Printer Preload HP DigitalMedia Archive HP Document Viewer 5.3 HP Image Zone 5.3 HP Image Zone for Media Center PC HP Imaging Device Functions 5.3 HP Multimedia Keyboard Software HP Photosmart 330,380,420,470,7800,8000,8200 Series HP PSC & OfficeJet 5.3.B HP Software Update HP Solution Center & Imaging Support Tools 5.3 HP Tunes HPProductAssistant HpSdpAppCoreApp Installer InstantShareDevices Intel(R) Graphics Media Accelerator Driver InterVideo WinDVD Player InterVideo WinDVD Player IsoBuster 2.3 iTunes J2SE Runtime Environment 5.0 Jasc Animation Shop 3 Java(TM) 6 Update 4 Java(TM) 6 Update 5 KompoZer 0.7.10 (supprimer uniquement) Lecteur Windows Media 11 LeechFTP Les Sims 2 : Nuits de Folie Les Sims 2 Académie Les Sims 2 : La bonne affaire Les Sims™ 2 Animaux & Cie Les Sims™ 2 Au fil des saisons LightScribe 1.4.31.1 LimeWire 4.18.2 LiveReg (Symantec Corporation) Logiciel QuickCam de Logitech Logitech Desktop Messenger Malwarebytes' Anti-Malware Messenger Plus! Live Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Flight Simulator 2004 Un siècle d'aviation Microsoft Halo Microsoft Halo Custom Edition Microsoft Halo Trial Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office PowerPoint Viewer 2003 Microsoft Office Standard Edition 2003 Microsoft Reader Text-to-Speech pour le français Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Text To Speech Engine 5.1 Microsoft Train Simulator Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Works Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759) Mise à jour de sécurité pour Windows XP (KB883939) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937894) Mise à jour de sécurité pour Windows XP (KB938127) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB941693) Mise à jour de sécurité pour Windows XP (KB943055) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944533) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour de sécurité pour Windows XP (KB945553) Mise à jour de sécurité pour Windows XP (KB946026) Mise à jour de sécurité pour Windows XP (KB948590) Mise à jour de sécurité pour Windows XP (KB948881) Mise à jour de sécurité pour Windows XP (KB950749) Mise à jour de sécurité pour Windows XP (KB950760) Mise à jour de sécurité pour Windows XP (KB950762) Mise à jour de sécurité pour Windows XP (KB951376-v2) Mise à jour de sécurité pour Windows XP (KB951376) Mise à jour de sécurité pour Windows XP (KB951698) Mise à jour pour Lecteur Windows Media 10 (KB913800) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB932823-v3) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Mise à jour pour Windows XP (KB942840) Mises à jour HP (Supprimer uniquement) Monopoly by Parker Brothers Motorola SM56 Speakerphone Modem Mozilla Firefox (2.0.0.13) MSN MSRedist MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK muvee autoProducer 4.0 muvee autoProducer unPlugged 1.1 - HPD NASA World Wind 1.4 NewCopy Norton AntiSpam Norton AntiVirus 2005 Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security 2005 (Symantec Corporation) Norton Security Center Norton WMI Update Norton WMI Update Nuance Palm Voice Recorder oggcodecs 0.71.0946 OpenOffice.org 2.4 Otto Pack Vista Inspirat 2 1.0 PanoStandAlone PC-Doctor 5 for Windows PC-Doctor 5 for Windows PhotoGallery PowerISO ProductContext Programme de gestion Camera de Logitech® PS2 PSPrinters08 PSTAPlugin Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QFolder QuickTime RandMap Rayman Rayman Designer Readme RealPlayer Runtimes 1.0.0 Scan ScannerCopy Search Settings 1.2 Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) SG Network 1.0 Sgc 3D Simulator 1.5 SGCSim v5.1.0 Shockwave Shopping Centre Tycoon SkinsHP1 SolutionCenter Sonic Encoders Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK SPBBC Sprunk Screen Saver Status SWAT 4 SWAT 4 SWAT 4 - The Stetchkov Syndicate Symantec Network Drivers Update SymNet The Sims 2 TrayApp Unload WebFldrs XP WebReg Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Movie Maker 2 Winter Fun Pack Windows XP Édition Media Center 2005 KB888316 Windows XP Édition Media Center 2005 KB890629 Windows XP Media Center Edition 2005 KB895678 Windows XP Media Center Edition 2005 KB908250 Windows XP Media Center Edition 2005 KB925766 Yahoo! Install Manager Yahoo! Widgets Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 20A0-18FB Répertoire de C:\Program Files 2008-06-27 16:54 . 2008-06-27 16:54 .. 2008-06-22 14:15 Abacus 2008-04-04 16:50 Adobe 2008-04-04 18:06 Apple Software Update 2008-04-03 18:18 Audacity 2008-06-24 22:03 Avira 2008-03-18 16:13 BitTorrent 2008-05-19 15:17 Blender Foundation 2008-05-04 14:30 Boonty 2008-05-04 14:30 BoontyGames 2008-03-30 13:38 Bus Driver 2008-04-23 18:38 Bus Simulator 2008 Demo 2008-06-07 10:23 BVE 2008-04-07 19:32 CamStudio 2008-05-18 15:51 CCleaner 2008-04-13 19:49 Chrono LMW by Lahlou Mehdi 2008-06-20 13:46 Clue 2008-05-07 19:55 Coffee Tycoon 2008-03-12 21:08 ComPlus Applications 2008-04-28 17:35 Deep Silver 2008-06-17 13:54 DivX 2008-03-18 16:13 DNA 2008-03-19 19:06 DOSBox-0.72 2008-06-07 18:41 EA GAMES 2008-04-12 12:58 Easy Internet signup 2008-05-18 17:49 Enigma Software Group 2008-06-25 10:48 Fichiers communs 2008-06-04 16:09 Free Audio Pack 2008-03-12 21:10 FrenchOtto 2008-06-21 16:33 GameSpy Arcade 2008-03-12 21:10 GemMasterFrench 2008-04-09 17:44 GIMP-2.0 2008-03-13 17:34 Google 2008-03-30 16:22 Hasbro 2008-03-22 12:46 Hasbro Interactive 2008-03-12 21:10 Hewlett-Packard 2008-06-21 13:07 HHHT 2008-06-26 22:46 Hotel Solitaire 2008-03-12 21:10 HP 2008-03-30 13:28 illiminable 2008-06-11 18:33 Internet Explorer 2008-03-12 21:12 InterVideo 2008-04-04 18:08 iPod 2008-04-04 18:08 iTunes 2008-05-29 18:35 Jasc Software Inc 2008-05-07 20:07 Java 2008-03-24 15:15 KompoZer 2008-03-24 16:13 LeechFTP 2008-06-13 17:35 LimeWire 2008-03-30 13:26 LitexMedia 2008-03-18 12:11 Logitech 2008-05-15 18:25 mackoy 2008-06-21 13:07 MAGIX 2008-06-27 16:54 Malwarebytes' Anti-Malware 2008-03-12 21:13 Messenger 2008-06-16 14:32 Messenger Plus! Live 2008-03-13 20:46 Microsoft CAPICOM 2.1.0.2 2008-03-12 21:13 Microsoft Encarta 2008-03-12 21:13 microsoft frontpage 2008-06-21 16:32 Microsoft Games 2008-03-12 21:15 Microsoft Office 2008-03-12 21:13 Microsoft Visual Studio 2008-03-12 21:15 Microsoft Works 2008-03-12 21:13 Microsoft.NET 2008-05-29 19:50 Movie Maker 2008-06-20 14:00 Mozilla Firefox 2008-03-12 21:16 MSN 2008-03-12 21:16 MSN Gaming Zone 2008-03-12 22:20 MSXML 4.0 2008-03-12 21:16 muvee Technologies 2008-03-22 16:48 NASA 2008-03-12 21:16 NetMeeting 2008-03-13 17:34 Norton Internet Security 2008-04-23 19:58 Nuance 2008-03-12 21:16 Online Services 2008-05-07 20:07 OpenOffice.org 2.4 2008-05-23 17:54 Outlook Express 2008-03-12 21:16 PC-Doctor 5 for Windows 2008-06-03 19:55 Pixoria 2008-04-23 19:18 PowerISO 2008-04-04 18:07 QuickTime 2008-04-13 18:39 Rail Simulator Demo 2008-06-17 13:11 RapidCheck 2008-03-12 21:17 Real 2008-05-04 14:06 ReflexiveArcade 2008-06-04 16:05 Search Settings 2008-03-12 21:17 Services en ligne 2008-04-03 17:46 SG Network 2008-03-22 13:52 sgc_3d_sim 2008-03-22 13:16 SGCSim.com 2008-04-23 16:51 Sierra 2008-04-23 19:16 Smart Projects 2008-03-12 21:17 Sonic 2008-05-12 19:16 Super_Adventure_Island 2008-03-13 17:03 Symantec 2008-03-13 17:02 SymNetDrv 2008-04-09 17:18 TechSmith 2008-03-18 16:03 Trymedia 2008-03-22 13:38 Tweak-XP Pro 4 2008-06-26 22:18 UberSoldier Demo 2008-03-13 16:30 Ubisoft 2008-03-12 21:18 Updates from HP 2008-03-13 16:35 Windows Live 2008-03-13 17:40 Windows Media Connect 2 2008-03-13 17:40 Windows Media Player 2008-03-12 21:18 Windows NT 2008-03-12 21:18 Windows Plus 2008-05-29 19:56 Windows XP Fun Pack 2008-03-16 13:44 WinRAR 2008-03-12 21:18 xerox 2008-06-03 19:54 Yahoo! 0 fichier(s) 0 octets 112 Rép(s) 132 990 988 288 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 20A0-18FB Répertoire de C:\Program Files\fichiers communs 2008-06-25 10:48 . 2008-06-25 10:48 .. 2008-04-04 16:50 Adobe 2008-04-04 18:06 Apple 2008-03-29 15:42 BOONTY Shared 2008-03-12 21:08 DESIGNER 2008-05-02 19:51 DirectX 2008-03-12 21:08 Hewlett-Packard 2008-03-12 21:08 HP 2008-03-12 21:08 InstallShield 2008-03-12 21:08 InterVideo 2008-03-12 21:08 Java 2008-04-15 18:12 L&H 2008-03-12 21:08 LightScribe 2008-03-18 12:13 Logitech 2008-06-20 17:31 MAGIX Shared 2008-06-10 13:14 Microsoft Shared 2008-03-12 21:09 MSSoap 2008-03-12 21:09 muvee Technologies 2008-04-23 19:58 Nuance 2008-03-12 21:09 ODBC 2008-03-12 21:09 Real 2008-04-23 19:58 ScanSoft Shared 2008-03-12 21:10 Services 2008-03-12 21:09 Sonic Shared 2008-03-12 21:09 SpeechEngines 2008-03-12 21:09 SureThing Shared 2008-06-26 13:49 Symantec Shared 2008-03-13 16:16 System 2008-04-09 17:18 TechSmith Shared 2008-03-12 21:10 TiVo Shared 2008-03-12 21:10 xing shared 0 fichier(s) 0 octets 32 Rép(s) 132 990 984 192 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 20A0-18FB Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 2008-03-12 21:09 . 2008-03-12 21:09 .. 2008-03-12 21:09 1033 2008-03-12 21:09 1036 2003-07-11 11:15 1 292 872 MSONSEXT.DLL 2003-07-15 07:52 35 896 MSOSV.DLL 1999-06-03 19:09 122 937 MSOWS409.DLL 2001-03-07 14:00 127 033 MSOWS40c.DLL 2003-07-11 03:25 80 448 PKMWS.DLL 5 fichier(s) 1 659 186 octets 4 Rép(s) 132 990 984 192 octets libres c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiA.Exe c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiW.Exe c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\Setup.Exe c:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Installer\{106F886B-A874-43DF-BCC4-01DB57E1F3C6}\IconTmpl5.26D6FF13_F77C_402E_8E96_9E49DFBBAF31.exe c:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Installer\{BF926BD5-83E9-417F-BC56-1AC181A13168}\_536116112E72EA037DAB09.exe c:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Installer\{BF926BD5-83E9-417F-BC56-1AC181A13168}\_EEC233493388189BD62877.exe c:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Installer\{BF926BD5-83E9-417F-BC56-1AC181A13168}\_F9EB7B44663D60860EBCFF.exe c:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Installer\{E52382DC-2E7A-439D-8ECE-A27D8B816645}\_18be6784.exe c:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Installer\{E52382DC-2E7A-439D-8ECE-A27D8B816645}\_294823.exe c:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Installer\{E52382DC-2E7A-439D-8ECE-A27D8B816645}\_4ae13d6c.exe c:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\antivir_workstation_winu_en_h.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\FsPassengers_setup0509.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\LimeWireWin.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\mbam-setup.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\message.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\OOo_2.4.0_Win32Intel_install_wJRE_fr.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\sgc3dsim_setup.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres rial_videodeluxe2008_fr.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\WindowsXPMediaCenter2005-KB900325-fr.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\wrar371fr.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\bus_driver_demo\busdriver_setup.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\dhdnetwork_0.2.0\dhdnetwork\dhdnetwork.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\DHDSF02\DHD Simulator Fusion.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\HMT\0xc0000135.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\HMT\HMT.v3.5\HaloMapTools.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\Hospital_Tycoon_2007_Game\7z.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\Hospital_Tycoon_2007_Game\HospitalTycoon.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\Hospital_Tycoon_2007_Game\install.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\Hospital_Tycoon_2007_Game\Uninstall.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\Hospital_Tycoon_2007_Game\GameData\7z.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\message\message(faux messages d'erreurs).exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\MVD\MAGIX.Video.Deluxe.2008.PLUS.ISO.FR\Cerise\MAGIX Video deluxe 2008 PLUS.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\MVD\MAGIX.Video.Deluxe.2008.PLUS.ISO.FR\Patch\virtualdubplugins_packdebase_fr.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\OpenOffice.org 2.4 (fr) Installation Files\instmsia.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\OpenOffice.org 2.4 (fr) Installation Files\instmsiw.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\OpenOffice.org 2.4 (fr) Installation Files\setup.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\OpenOffice.org 2.4 (fr) Installation Files\java\jre-6u4-windows-i586-p.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\Proxomitron_4.5\Proxomitron v4.5.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\public_beta\Puplish_Beta\SGFP_Dial_Sim2004_Beta.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\catchme.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\cliptext.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\download.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\ERUNT.EXE c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\FixPath.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\grep.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\isadmin.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\LS.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\MD5File.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\Process.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\procs.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\psservice.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\RestartIt!.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\sc.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\sed.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\SF.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\shutdown.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\swreg.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\swsc.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\unzip.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\vfind.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\WINMSG.EXE c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\zip.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\Replace egedit.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SDFix\apps\Replace\XP.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SGCSim_v5.1.0\setup.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\sgfp_sim_beta2\Puplish_Beta\SGFP_Dial_Sim2004_Beta.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\sgnetwork_1.0_setup\sgnetwork_1.0_setup.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\404Fix.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\dumphive.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\exit.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\HostsChk.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\IEDFix.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\Process.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\Reboot.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix estart.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\swreg.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\swsc.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\swxcacls.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\UIFix.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\unzip.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\VACFix.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\SmitfraudFix\WS2Fix.exe c:\Documents and Settings\HP_Administrateur\Bureau\Autres\snes9x-1.43-win32\snes9x.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp ar.exe c:\Documents and Settings\HP_Administrateur\Local Settings\Temp\ins1.tmp\LDMClient.exe c:\Documents and Settings\HP_Administrateur\Mes documents\Downloads\Appartement.3D.2006.Speciale.Edition.French.iSO-RESET\setup.exe c:\Documents and Settings\HP_Administrateur\Mes documents\Downloads\Bus Driver (Crack for English version) working\Crack\busdriver.exe c:\Documents and Settings\HP_Administrateur\Mes documents\Down

ep44 · Answer

oki c'est partit ;-)

Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

=> /!\déconnecte toi d'internet et ferme toutes tes applications./!\

=>/!\ désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,/!\

=> Double-clic sur combofix,

=> /!\Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi./!\

=> Attends que combofix ait terminé, un rapport sera créé. 

=> réactive ton parefeu, ton antivirus, la garde de ton antispyware

=> copie/colle le rapport C:\ComboFix.txt 

=> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

Gingin_89 · Answer

Voici le rapport ComboFix: ComboFix 08-06-20.4 - HP_Administrateur 2008-06-28 16:43:02.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.524 [GMT -4:00] Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM23932bc8.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\AudPlaye.dll C:\WINDOWS\system32\ckdpedkt.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\ocqnnwbq.ini C:\WINDOWS\system32\wglpsjrp.ini D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_poof ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))))))) . 2008-06-28 16:12 . 2008-06-28 16:12 1,024,903 --a------ C:\upload_moi_NOM-5A733FE684E.tar.gz 2008-06-27 17:51 . 2008-06-27 17:51 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-06-27 16:59 . 2008-06-27 16:59 d-------- C:\WINDOWS\ERUNT 2008-06-27 16:54 . 2008-06-27 16:54 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-27 16:54 . 2008-06-27 16:54 d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes 2008-06-27 16:54 . 2008-06-27 16:54 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-27 16:54 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-27 16:54 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-27 16:53 . 2008-06-27 03:54 d-------- C:\SDFix 2008-06-27 13:02 . 2008-06-27 13:02 104,448 --a------ C:\WINDOWS\system32\extbcgow.dll 2008-06-27 13:02 . 2008-06-27 13:02 104,448 --a------ C:\WINDOWS\system32\dksoux.dll 2008-06-27 13:00 . 2008-06-27 13:00 94,720 --a------ C:\WINDOWS\system32\aclsqhlw.dll 2008-06-26 22:18 . 2008-06-26 22:46 d-------- C:\Program Files\Hotel Solitaire 2008-06-26 22:11 . 2008-06-26 22:18 d-------- C:\Program Files\UberSoldier Demo 2008-06-26 16:39 . 2008-06-26 16:39 107,008 --a------ C:\WINDOWS\system32\wgmgaqlm.dll 2008-06-26 16:36 . 2008-06-26 16:36 95,232 --a------ C:\WINDOWS\system32\bnjxdoic.dll 2008-06-26 11:47 . 2008-06-26 11:47 107,008 --a------ C:\WINDOWS\system32\hshyercg.dll 2008-06-26 11:45 . 2008-06-26 11:45 95,232 --a------ C:\WINDOWS\system32\lbixvkxy.dll 2008-06-26 09:13 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-06-26 09:13 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-06-26 09:13 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-06-26 09:13 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-06-26 09:13 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-06-26 09:13 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-06-26 09:13 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-26 09:13 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-06-25 10:32 . 2001-08-23 17:46 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll 2008-06-25 10:05 . 2008-06-25 10:05 107,520 --a------ C:\WINDOWS\system32\lwockxsw.dll 2008-06-25 10:04 . 2008-06-25 10:04 95,232 --a------ C:\WINDOWS\system32\khoxxvoj.dll 2008-06-24 22:03 . 2008-06-24 22:03 d-------- C:\Program Files\Avira 2008-06-24 22:03 . 2008-06-25 10:34 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-24 20:06 . 2008-06-24 20:06 101,888 --a------ C:\WINDOWS\system32\ksbpiqfi.dll 2008-06-22 14:15 . 2008-06-22 14:15 d-------- C:\Program Files\Abacus 2008-06-21 13:04 . 2008-06-21 13:04 0 --a------ C:\WINDOWS\MusicEditor.INI 2008-06-20 17:33 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2008-06-20 17:33 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax 2008-06-17 13:54 . 2008-06-17 13:54 d-------- C:\Program Files\DivX 2008-06-17 12:57 . 2008-06-17 13:11 d-------- C:\Program Files\RapidCheck 2008-06-17 11:32 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-06-17 11:32 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-06-17 11:32 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-06-17 11:32 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-06-17 11:32 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-06-17 11:32 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-06-17 11:32 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-06-17 11:32 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-06-16 16:59 . 2008-06-16 16:59 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-06-16 14:32 . 2008-06-16 14:32 d-------- C:\Program Files\Messenger Plus! Live 2008-06-15 16:12 . 2008-06-15 18:00 d-------- C:\Halo CE Portable Edition By Am3n 2008-06-15 15:38 . 2008-06-21 13:07 d-------- C:\Program Files\HHHT 2008-06-14 16:11 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2008-06-14 16:11 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys 2008-06-13 17:35 . 2008-06-13 17:35 d-------- C:\Program Files\LimeWire 2008-06-11 16:11 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 16:11 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-07 17:17 . 2008-06-07 18:41 d-------- C:\Program Files\EA GAMES 2008-06-07 17:17 . 2005-09-28 00:11 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-06-07 10:22 . 2008-06-07 10:23 d-------- C:\Program Files\BVE 2008-06-05 19:29 . 1998-10-01 15:22 299,520 --a------ C:\WINDOWS\uninst.exe 2008-06-05 08:20 . 2008-06-05 08:20 d-------- C:\Documents and Settings\Jocelyne 3 sur 5\Application Data\Search Settings 2008-06-04 16:05 . 2008-06-04 16:05 d-------- C:\Program Files\Search Settings 2008-06-04 16:05 . 2008-06-04 16:05 d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Search Settings 2008-06-04 16:04 . 1998-06-24 02:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX 2008-06-04 16:03 . 2008-06-04 16:09 d-------- C:\Program Files\Free Audio Pack 2008-06-03 19:55 . 2008-06-03 19:55 d-------- C:\Program Files\Pixoria 2008-06-03 19:41 . 2008-06-03 19:54 d-------- C:\Program Files\Yahoo! 2008-05-29 19:56 . 2008-05-29 19:56 d-------- C:\Program Files\Windows XP Fun Pack 2008-05-29 18:39 . 2008-05-29 18:39 d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Jasc 2008-05-29 18:35 . 2008-05-29 18:35 d-------- C:\Program Files\Jasc Software Inc . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-28 20:45 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\DNA 2008-06-27 22:45 11,376 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-06-26 17:49 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-06-25 14:52 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2 2008-06-25 02:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-25 01:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Symantec 2008-06-23 18:43 8,666 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat 2008-06-22 22:40 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\BitTorrent 2008-06-21 20:33 --------- d-----w C:\Program Files\GameSpy Arcade 2008-06-21 20:32 --------- d-----w C:\Program Files\Microsoft Games 2008-06-21 17:07 --------- d-----w C:\Program Files\MAGIX 2008-06-21 17:05 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\MAGIX 2008-06-21 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX 2008-06-20 21:31 --------- d-----w C:\Program Files\Fichiers communs\MAGIX Shared 2008-06-20 17:46 --------- d-----w C:\Program Files\Clue 2008-06-20 16:39 2,954 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\SAS7_000.DAT 2008-06-13 21:45 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire 2008-05-23 21:52 64,194 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-05-23 21:52 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-05-19 19:17 --------- d-----w C:\Program Files\Blender Foundation 2008-05-18 21:49 --------- d-----w C:\Program Files\Enigma Software Group 2008-05-18 19:51 --------- d-----w C:\Program Files\CCleaner 2008-05-15 22:25 --------- d-----w C:\Program Files\mackoy 2008-05-12 23:16 --------- d-----w C:\Program Files\Super_Adventure_Island 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers mcast.sys 2008-05-08 00:07 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-05-08 00:07 --------- d-----w C:\Program Files\Java 2008-05-07 23:55 --------- d-----w C:\Program Files\Coffee Tycoon 2008-05-06 23:54 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Uniblue 2008-05-05 21:42 71,561 ----a-w C:\WINDOWS\unins000.exe 2008-05-04 18:30 --------- d-----w C:\Program Files\BoontyGames 2008-05-04 18:30 --------- d-----w C:\Program Files\Boonty 2008-05-04 18:06 --------- d-----w C:\Program Files\ReflexiveArcade 2008-05-02 23:51 --------- d-----w C:\Program Files\Fichiers communs\DirectX 2008-04-28 21:36 1,146,906 ----a-w C:\WINDOWS\SCTUninstaller.exe 2008-04-28 21:35 --------- d-----w C:\Program Files\Deep Silver 2008-04-13 23:48 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-04-13 23:48 253,952 ------w C:\WINDOWS\Setup1.exe . ------- Sigcheck ------- 2007-06-13 09:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe 2007-06-13 09:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-10 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 09:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7774a9d7-9ed2-492e-914e-578dbf6d3447}] 2008-06-27 13:02 104448 --a------ C:\WINDOWS\system32\dksoux.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 22:33 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 19:31 289088] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-03-18 12:11 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 13:59 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 14:03 114688] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35 49152] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 16:34 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 20:50 253952] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2008-03-12 18:20 180269] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 00:12 49152] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472] "DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 09:20 259624] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-21 16:29 58984] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSVideo1"= CSvidcap.dll [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk] path=C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrateur^Menu Démarrer^Programmes^Démarrage^wkcalrem.LNK] path=C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\wkcalrem.LNK backup=C:\WINDOWS\pss\wkcalrem.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] --a------ 2008-02-12 10:06 262401 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-02-21 16:29 58984 c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-08-05 13:34 64512 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 16:15 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-03-18 12:11 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] --a------ 2005-12-07 10:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] --a------ 2005-12-07 10:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio] --a------ 2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings] --a------ 2008-04-16 17:56 985440 C:\Program Files\Search Settings\SearchSettings.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2005-01-24 05:56 544768 C:\WINDOWS\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2008-03-13 17:02 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "VundoFixSvc"=3 (0x3) "Boonty Games"=3 (0x3) "AntiVirService"=2 (0x2) "AntiVirScheduler"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "SerialNumber"="A109A-K13-3ZXD-BAP5-TE" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "C:\Program Files\DNA\btdna.exe"= "C:\Program Files\BitTorrent\bittorrent.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe"= "C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe"= R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef40be-0f4c-11da-bf9b-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-26 00:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-28 20:50:10 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-28 16:48:02 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1098 bytes hidden from API Scan termin‚ avec succŠs Les fichiers cach‚s: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\symwsc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-28 16:54:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-28 20:54:09 Pre-Run: 132,893,192,192 octets libres Post-Run: 133,338,722,304 octets libres 299 --- E O F --- 2008-06-24 17:09:07

ep44 · Answer

selectionne ceci

registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7774a9d7-9ed2-492e-914e-578dbf6d3447}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]


File::
C:\WINDOWS\system32\extbcgow.dll  
C:\WINDOWS\system32\dksoux.dll  
C:\WINDOWS\system32\aclsqhlw.dll  
C:\WINDOWS\system32\wgmgaqlm.dll  
C:\WINDOWS\system32\bnjxdoic.dll  
C:\WINDOWS\system32\hshyercg.dll  
C:\WINDOWS\system32\lwockxsw.dll  
C:\WINDOWS\system32\khoxxvoj.dll  
C:\WINDOWS\system32\ksbpiqfi.dll  





* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format. 
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci 
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+

Gingin_89 · Answer

Voici le rapport: ComboFix 08-06-20.4 - HP_Administrateur 2008-06-28 17:27:32.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.535 [GMT -4:00] Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\system32\aclsqhlw.dll C:\WINDOWS\system32\bnjxdoic.dll C:\WINDOWS\system32\dksoux.dll C:\WINDOWS\system32\extbcgow.dll C:\WINDOWS\system32\hshyercg.dll C:\WINDOWS\system32\khoxxvoj.dll C:\WINDOWS\system32\ksbpiqfi.dll C:\WINDOWS\system32\lwockxsw.dll C:\WINDOWS\system32\wgmgaqlm.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Sysdo.dll C:\WINDOWS\system32\aclsqhlw.dll C:\WINDOWS\system32\bnjxdoic.dll C:\WINDOWS\system32\dksoux.dll C:\WINDOWS\system32\extbcgow.dll C:\WINDOWS\system32\hshyercg.dll C:\WINDOWS\system32\khoxxvoj.dll C:\WINDOWS\system32\ksbpiqfi.dll C:\WINDOWS\system32\lwockxsw.dll C:\WINDOWS\system32\wgmgaqlm.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))))))) . 2008-06-28 16:12 . 2008-06-28 16:12 1,024,903 --a------ C:\upload_moi_NOM-5A733FE684E.tar.gz 2008-06-27 17:51 . 2008-06-27 17:51 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-06-27 16:59 . 2008-06-27 16:59 d-------- C:\WINDOWS\ERUNT 2008-06-27 16:54 . 2008-06-27 16:54 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-27 16:54 . 2008-06-27 16:54 d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes 2008-06-27 16:54 . 2008-06-27 16:54 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-27 16:54 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-27 16:54 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-27 16:53 . 2008-06-27 03:54 d-------- C:\SDFix 2008-06-26 22:18 . 2008-06-26 22:46 d-------- C:\Program Files\Hotel Solitaire 2008-06-26 22:11 . 2008-06-26 22:18 d-------- C:\Program Files\UberSoldier Demo 2008-06-26 11:45 . 2008-06-26 11:45 95,232 --a------ C:\WINDOWS\system32\lbixvkxy.dll 2008-06-26 09:13 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-06-26 09:13 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-06-26 09:13 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-06-26 09:13 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-06-26 09:13 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-06-26 09:13 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-06-26 09:13 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-26 09:13 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-06-25 10:32 . 2001-08-23 17:46 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll 2008-06-24 22:03 . 2008-06-24 22:03 d-------- C:\Program Files\Avira 2008-06-24 22:03 . 2008-06-25 10:34 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-22 14:15 . 2008-06-22 14:15 d-------- C:\Program Files\Abacus 2008-06-21 13:04 . 2008-06-21 13:04 0 --a------ C:\WINDOWS\MusicEditor.INI 2008-06-20 17:33 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2008-06-20 17:33 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax 2008-06-17 13:54 . 2008-06-17 13:54 d-------- C:\Program Files\DivX 2008-06-17 12:57 . 2008-06-17 13:11 d-------- C:\Program Files\RapidCheck 2008-06-17 11:32 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-06-17 11:32 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-06-17 11:32 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-06-17 11:32 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-06-17 11:32 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-06-17 11:32 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-06-17 11:32 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-06-17 11:32 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-06-16 16:59 . 2008-06-16 16:59 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-06-16 14:32 . 2008-06-16 14:32 d-------- C:\Program Files\Messenger Plus! Live 2008-06-15 16:12 . 2008-06-15 18:00 d-------- C:\Halo CE Portable Edition By Am3n 2008-06-15 15:38 . 2008-06-21 13:07 d-------- C:\Program Files\HHHT 2008-06-14 16:11 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2008-06-14 16:11 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys 2008-06-13 17:35 . 2008-06-13 17:35 d-------- C:\Program Files\LimeWire 2008-06-11 16:11 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 16:11 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-07 17:17 . 2008-06-07 18:41 d-------- C:\Program Files\EA GAMES 2008-06-07 17:17 . 2005-09-28 00:11 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-06-07 10:22 . 2008-06-07 10:23 d-------- C:\Program Files\BVE 2008-06-05 19:29 . 1998-10-01 15:22 299,520 --a------ C:\WINDOWS\uninst.exe 2008-06-05 08:20 . 2008-06-05 08:20 d-------- C:\Documents and Settings\Jocelyne 3 sur 5\Application Data\Search Settings 2008-06-04 16:05 . 2008-06-04 16:05 d-------- C:\Program Files\Search Settings 2008-06-04 16:05 . 2008-06-04 16:05 d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Search Settings 2008-06-04 16:04 . 1998-06-24 02:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX 2008-06-04 16:03 . 2008-06-04 16:09 d-------- C:\Program Files\Free Audio Pack 2008-06-03 19:55 . 2008-06-03 19:55 d-------- C:\Program Files\Pixoria 2008-06-03 19:41 . 2008-06-03 19:54 d-------- C:\Program Files\Yahoo! 2008-05-29 19:56 . 2008-05-29 19:56 d-------- C:\Program Files\Windows XP Fun Pack 2008-05-29 18:39 . 2008-05-29 18:39 d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Jasc 2008-05-29 18:35 . 2008-05-29 18:35 d-------- C:\Program Files\Jasc Software Inc . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-28 21:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-06-28 21:27 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\DNA 2008-06-28 21:10 --------- d-----w C:\Program Files\Google 2008-06-27 22:45 11,376 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-06-26 13:20 4,514 ----a-w C:\WINDOWS\system32 mp.reg 2008-06-25 14:52 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2 2008-06-25 02:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-25 01:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Symantec 2008-06-23 18:43 8,666 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat 2008-06-22 22:40 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\BitTorrent 2008-06-21 20:33 --------- d-----w C:\Program Files\GameSpy Arcade 2008-06-21 20:32 --------- d-----w C:\Program Files\Microsoft Games 2008-06-21 17:07 --------- d-----w C:\Program Files\MAGIX 2008-06-21 17:05 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\MAGIX 2008-06-21 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX 2008-06-20 21:31 --------- d-----w C:\Program Files\Fichiers communs\MAGIX Shared 2008-06-20 17:46 --------- d-----w C:\Program Files\Clue 2008-06-20 16:39 2,954 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\SAS7_000.DAT 2008-06-19 21:00 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-06-13 21:45 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire 2008-05-23 21:52 64,194 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-05-23 21:52 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-05-23 21:52 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-05-23 21:52 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll 2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-19 19:17 --------- d-----w C:\Program Files\Blender Foundation 2008-05-18 21:49 --------- d-----w C:\Program Files\Enigma Software Group 2008-05-18 21:26 24,576 ----a-w C:\WINDOWS\system32\VundoFixSVC.exe 2008-05-18 19:51 --------- d-----w C:\Program Files\CCleaner 2008-05-15 22:25 --------- d-----w C:\Program Files\mackoy 2008-05-12 23:16 --------- d-----w C:\Program Files\Super_Adventure_Island 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers mcast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache mcast.sys 2008-05-08 00:07 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-05-08 00:07 --------- d-----w C:\Program Files\Java 2008-05-07 23:55 --------- d-----w C:\Program Files\Coffee Tycoon 2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-05-06 23:54 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Uniblue 2008-05-05 21:42 71,561 ----a-w C:\WINDOWS\unins000.exe 2008-05-04 23:57 202,240 ----a-w C:\WINDOWS\system32\Sprunk.scr 2008-05-04 18:30 --------- d-----w C:\Program Files\BoontyGames 2008-05-04 18:30 --------- d-----w C:\Program Files\Boonty 2008-05-04 18:06 --------- d-----w C:\Program Files\ReflexiveArcade 2008-05-02 23:51 --------- d-----w C:\Program Files\Fichiers communs\DirectX 2008-04-28 21:36 1,146,906 ----a-w C:\WINDOWS\SCTUninstaller.exe 2008-04-28 21:35 --------- d-----w C:\Program Files\Deep Silver 2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-04-13 23:48 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-04-13 23:48 253,952 ------w C:\WINDOWS\Setup1.exe . ------- Sigcheck ------- 2007-06-13 09:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe 2007-06-13 09:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-10 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 09:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-28_16.53.53.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-22 18:17:49 28,672 ----a-r C:\WINDOWS\Installer\{C1726B2C-DBE0-4C15-9A53-206D93DEB866}\_4710204E8C28_4C25_B250_F3466E8388E9.exe + 2008-06-28 21:03:29 28,672 ----a-r C:\WINDOWS\Installer\{C1726B2C-DBE0-4C15-9A53-206D93DEB866}\_4710204E8C28_4C25_B250_F3466E8388E9.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 22:33 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 19:31 289088] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-03-18 12:11 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 13:59 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 14:03 114688] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35 49152] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 16:34 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 20:50 253952] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2008-03-12 18:20 180269] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 00:12 49152] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472] "DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 09:20 259624] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-21 16:29 58984] C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\ wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-11 20:54:26 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-03-18 12:11:01 450560] Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2008-03-12 18:37:49 36903] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSVideo1"= CSvidcap.dll [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk] path=C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrateur^Menu Démarrer^Programmes^Démarrage^wkcalrem.LNK] path=C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\wkcalrem.LNK backup=C:\WINDOWS\pss\wkcalrem.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] --a------ 2008-02-12 10:06 262401 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-02-21 16:29 58984 c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-08-05 13:34 64512 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 16:15 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-03-18 12:11 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] --a------ 2005-12-07 10:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] --a------ 2005-12-07 10:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio] --a------ 2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2005-01-24 05:56 544768 C:\WINDOWS\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2008-03-13 17:02 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "VundoFixSvc"=3 (0x3) "Boonty Games"=3 (0x3) "AntiVirService"=2 (0x2) "AntiVirScheduler"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "SerialNumber"="A109A-K13-3ZXD-BAP5-TE" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "C:\Program Files\DNA\btdna.exe"= "C:\Program Files\BitTorrent\bittorrent.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe"= "C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe"= R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-03-29 15:42] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef40be-0f4c-11da-bf9b-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-06-26 00:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-28 21:35:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-28 17:37:31 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-28 17:39:09 ComboFix-quarantined-files.txt 2008-06-28 21:38:44 ComboFix2.txt 2008-06-28 20:54:15 Pre-Run: 133,270,671,360 octets libres Post-Run: 133,261,152,256 octets libres 299 --- E O F --- 2008-06-24 17:09:07

ep44 · Answer

fait un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

Scan à faire sous Internet Explorer

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

ensuite un nouveau rapport hijack stp
@+

Gingin_89 · Answer

Voici le rapport HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:52, on 2008-06-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: bw+0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1F1D25DD-1F3F-4D17-B80C-3DA6EA92E34C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

ep44 · Answer

Bonjour 

comment ce comporte ton PC

Gingin_89 · Answer

Et bien je crois bien qu'avec toutes ces étapes, mon pc refonctionne correctement. Plus de fenêtres ,plus de ralentissement.  Merci bien.

ep44 · Answer

ok attend un couple de jours et si c'est nickel suit ce qui suit ;-)

Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

Si tu n'a plus de soucis 

Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier


ensuite fait ceci (IMPORTANT)

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..



      Pense aussi à faire tes mises à jours régulièrement

      Windows update : ==> ici =>http://www.update.microsoft.com/windowsupdate/v6/default.aspx
      Java : ==> ici => https://www.java.com/fr/download/

      Ces mises à jours sont très importantes pour la sécurité de ton PC.



      N'installe qu'un seul parefeu !!
      et bien sur qu'un antivirus

      N'oublie pas de faire régulièrement les mises à jour de tes logiciels avant chaque scan.

    * Tu peux aussi utiliser ces logiciels de sécurité

      Malwarebytes => C'est un anti-malwares gratuit et en français, tu devras une fois installer le lancer périodiquement pour contrôler ton PC.
      Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=68

      Spyware Terminator => C'est un anti-spyware gratuit et en français, Il travaillera automatiquement grâce à son module résident, tu pourras le programmer pour effectuer un scan journalier.
     Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=66




    * Ensuite quelques conseils
      L'infection de ton pc peut se faire de différente façon, voici en quelques lignes plusieurs points à éviter. ==> ici =>http://www.swl1f.net/viewtopic.php?f=14&t=67



    * le navigateur

      Essaye le navigateur Firefox plus sur/securisé qu IE
      Firefox n'utilise pas le dangereux protocole ActiveX
    * Téléchargement: ==> Firefox => http://www.mozilla-europe.org/fr/products/firefox/
    * Tutorial pour le sécuriser: ==> ici =>https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/



      Important
      Surfez avec les droits administrateurs sur le net te rend vulnérable, il faut donc utiliser un autre compte que celui de l'administrateur





    * Pour que ton pc retrouve un peu de jeunesse
    * Pense a lancer une petite défragmentation.
    * Utilise CCleaner régulièrement.
    * Gère tes services grâce a ces 2 liens
      ==> ici => http://speedweb1.free.fr/frames2.php?page=service3 et ==> ici => http://speedweb1.free.fr/frames2.php?page=service4
    * Utilise Zeb Utility
      une application ne nécessitant pas d’installation, pour optimiser un poil ton pc. (merci a l ami Zebulon)
      Téléchargement : ==> ici ==> https://www.zebulon.fr/telechargements/utilitaires/optimisation/zeb-utility.html
      Tuto : ==> ici => https://www.zebulon.fr/dossiers/autres/58-zebutility.html






Et pour finir


Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection

- Voir les règles du forum : ==> ici => https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).


* malwarecomplaints => https://malwarecomplaints.info/

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections
conforme au règle du forum (age, ville, département etc..)


Indique aussi le nom du Forum qui t'a aidé CCM

* Tuto => http://www.malekal.com/malwarecomplaints.html

@+

Encore les fenêtre indésirables...

17 réponses

Discussions similaires

Newsletters