Spywares tenaces!!

samirou2103 -
chimay8 Messages postés 7947 Statut Contributeur sécurité - 1 mai 2009 à 13:32

Bonjour,

mon ordi est victime d'un spyware et malgré l'utilisation de spybot celui-ci est encore présent.
la seule residuelle est un fond d'écran NOIR avec une inscription WARNING.
j'aurais donc besoin de votre aidre pour résoudre définitivement le probleme.
j'ai fais un rapport avec hiJackThis, le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:39, on 27/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\nd3a1c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:\windows\system32\yonugese.dll,C:\WINDOWS\system32\gunowini.dll
O20 - Winlogon Notify: ssqNGXQJ - C:\WINDOWS\
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yonugese.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yonugese.dll (file missing)
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Update Service (gupdate1c9a431286796c0) (gupdate1c9a431286796c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)

Afficher la suite

47 réponses

Réponse 21 / 47

kduc Messages postés 1537 Statut Membre 133

Salut à vous deux

De passage ...

Sans compter qu' il reste des choses pas vraiment utiles comme Vundo (restes), SweetIm!, Boonty et Norton/Symantec ...

Réponse 22 / 47

samirou2103

ok, voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:50, on 28/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: ssqNGXQJ - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c9a431286796c0) (gupdate1c9a431286796c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Réponse 23 / 47

chimay8 Messages postés 7947 Statut Contributeur sécurité 60

mm! toujours là
fais ceci
clic sur démarrer
clic sur executer
copie/colle la ligne ci-dessous

"%userprofile%\Bureau\combofix.exe" /v ssqNGXQJ

combofix va retravailler,des que terminé,poste le rapport

ensuite

Télécharge OTMoveIt3( de Old Timer )
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Une fois téléchargé double-clique sur OTMoveIt3.exe pour le lancer.
Assure toi que la case "Unregister Dll's and Ocx's" est cochée
Copie les lignes(qui sont en gras) qui se trouvent ci-dessous :

:Processes
explorer.exe
:Files
c:\documents and settings\sam\application data\pidle\pidle.exe
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"pidle"=-
:Commands
[emptytemp]
[Reboot]

et colle-les dans le cadre de gauche de OTMoveIt : "Paste List Of Files/Folders to Move."
Clique sur "MoveIt!" pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
-Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître, dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi sur l'onglet "Processus". Clique en haut à gauche sur "Fichiers" et choisis "Exécuter"
Tape "explorer.exe"(sans les guillemèts) et valide. Cela fera réapparaître le Bureau.

*************************************

poste avec un nouveau rapport hijack stp

Réponse 24 / 47

samirou2103

voici le rapport Hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:55, on 28/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: ssqNGXQJ - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c9a431286796c0) (gupdate1c9a431286796c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 47

chimay8 Messages postés 7947 Statut Contributeur sécurité 60

j'ai pas les autres rapport!!

Réponse 26 / 47

samirou2103

désolée mon pc a du redemarré avant que je ne puisse sauvegarder quoi que se soit.
donc voici le rapport avec combofix

ComboFix 09-04-25.A3 - sam 28/04/2009 18:53.7 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1534.1106 [GMT 2:00]
Lancé depuis: c:\documents and settings\sam\Bureau\combofix.exe
Commutateurs utilisés :: /v ssqNGXQJ
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-4-28 ))))))))))))))))))))))))))))))))))))
.

2009-04-28 16:15 . 2009-04-28 16:15 -------- d-----w C:\_OTMoveIt
2009-04-27 19:50 . 2009-04-27 19:50 -------- d-----w C:\Lop SD
2009-04-27 17:16 . 2009-04-27 17:16 -------- d-----w C:\ToolBar SD
2009-04-27 12:35 . 2009-04-27 12:36 4096 ----a-w c:\windows\system32\winglsetup.exe
2009-04-27 11:44 . 2009-04-27 11:44 24064 ----a-w c:\windows\system32\loader266.exe
2009-04-26 20:44 . 2009-04-26 20:44 -------- d-----w c:\documents and settings\sam\Application Data\pidle
2009-04-15 16:59 . 2009-03-06 14:46 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:59 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:59 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:59 . 2009-02-09 10:20 685056 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 16:59 . 2009-02-09 10:08 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 16:59 . 2009-02-09 10:20 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:59 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:58 . 2008-12-16 12:49 351232 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-15 16:58 . 2008-04-21 21:27 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 04:23 . 2009-04-13 04:23 -------- d-sh--w C:\FOUND.073
2009-04-13 03:53 . 2009-04-13 03:53 -------- d-sh--w C:\FOUND.072
2009-04-07 08:00 . 2009-04-07 08:00 -------- d-sh--w C:\FOUND.071
2009-03-31 18:51 . 2009-03-31 18:51 -------- d-sh--w C:\FOUND.070
2009-03-31 18:27 . 2009-03-31 18:27 -------- d-sh--w C:\FOUND.069
2009-03-30 10:04 . 2009-03-30 10:04 -------- d-sh--w C:\FOUND.068

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 09:23 . 2009-04-27 19:51 16925 ----a-w C:\lopR.txt
2009-04-28 08:28 . 2009-04-27 17:16 2203 ----a-w C:\TB.txt
2009-04-27 13:34 . 2009-04-27 12:44 1258 ----a-w C:\rapport.txt
2009-04-27 10:30 . 2009-01-27 10:30 79872 --sha-w C:\ARKA.tmp
2009-04-27 10:30 . 2009-01-27 10:30 87552 --sha-w C:\ARKB.tmp
2009-04-22 10:27 . 2005-01-23 10:37 78148 ----a-w c:\windows\system32\perfc00C.dat
2009-04-22 10:27 . 2005-01-23 10:37 476284 ----a-w c:\windows\system32\perfh00C.dat
2009-03-24 19:20 . 2006-06-25 15:49 51800 ----a-w c:\documents and settings\sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 19:12 . 2009-03-24 19:12 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-24 19:11 . 2009-03-24 19:11 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-24 19:09 . 2009-03-24 19:09 -------- d-----w c:\program files\Microsoft
2009-03-24 19:09 . 2009-03-24 19:09 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-24 19:02 . 2009-03-24 19:02 -------- d-----w c:\program files\Fichiers communs\Windows Live
2009-03-21 14:20 . 2004-08-05 04:00 1051136 ----a-w c:\windows\system32\dllcache\kernel32.dll
2009-03-20 08:42 . 2009-03-20 08:42 -------- d-----w c:\documents and settings\sam\Application Data\Mumble
2009-03-20 08:39 . 2009-03-20 08:39 -------- d-----w c:\program files\Mumble
2009-03-11 16:59 . 2008-05-09 10:24 268 ---ha-w C:\sqmdata03.sqm
2009-03-11 16:59 . 2008-05-09 10:24 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-06 14:46 . 2004-08-05 03:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 12:12 . 2008-09-10 21:00 3476 ----a-w c:\program files\mpc7.reg
2009-03-03 12:12 . 2008-09-10 21:00 680 ----a-w c:\program files\mpc2.reg
2009-03-03 12:12 . 2008-09-10 21:00 558 ----a-w c:\program files\mpc1.reg
2009-03-03 12:12 . 2008-09-10 21:00 3554 ----a-w c:\program files\ffdssetts.reg
2009-03-03 12:12 . 2008-09-10 21:00 31570 ----a-w c:\program files\ffdsvsetts.reg
2009-03-03 12:12 . 2008-09-10 21:00 3026 ----a-w c:\program files\mpc3.reg
2009-03-03 12:12 . 2008-09-10 21:00 18156 ----a-w c:\program files\mpc6.reg
2009-03-03 12:12 . 2008-09-10 21:00 16240 ----a-w c:\program files\mpc5.reg
2009-03-03 12:12 . 2008-09-10 21:00 1292 ----a-w c:\program files\ffdsasetts.reg
2009-03-03 00:13 . 2005-07-03 01:16 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 00:13 . 2005-07-03 01:16 826368 ------w c:\windows\system32\dllcache\wininet.dll
2009-02-28 04:54 . 2007-08-13 16:43 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-25 09:43 . 2008-05-08 22:35 268 ---ha-w C:\sqmdata02.sqm
2009-02-25 09:43 . 2008-05-08 22:35 244 ---ha-w C:\sqmnoopt02.sqm
2009-02-24 17:19 . 2007-10-31 15:51 244 ---ha-w C:\sqmnoopt01.sqm
2009-02-24 17:19 . 2007-10-31 15:51 232 ---ha-w C:\sqmdata01.sqm
2009-02-20 10:20 . 2007-12-16 17:00 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2007-08-13 16:39 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2004-08-05 03:00 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 13:17 . 2005-03-02 17:07 1846400 ----a-w c:\windows\system32\win32k.sys
2009-02-09 13:17 . 2005-03-02 17:07 1846400 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:50 . 2006-12-19 17:22 2017792 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:50 . 2006-12-19 17:22 2059776 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 11:50 . 2005-03-02 17:07 2059776 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:50 . 2006-12-19 17:22 2182528 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:50 . 2006-12-19 17:22 2138112 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:50 . 2005-03-02 17:08 2182528 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:20 . 2005-04-28 18:32 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2005-04-28 18:32 399360 ----a-w c:\windows\system32\dllcache\rpcss.dll
2009-02-09 10:20 . 2004-10-28 00:24 730112 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-10-28 00:24 730112 ----a-w c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 10:20 . 2004-08-05 03:00 685056 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-05 03:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:08 . 2004-08-05 03:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 17:39 . 2009-02-06 17:39 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:54 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:54 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-03 20:10 . 2009-02-03 20:10 55808 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 20:10 . 2004-08-05 03:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-01 14:18 . 2009-02-01 14:15 249856 ------w c:\windows\Setup1.exe
2009-02-01 14:18 . 2009-02-01 14:15 73216 ----a-w c:\windows\ST6UNST.EXE
2008-10-18 09:49 . 2006-12-10 12:14 51216 ----a-w c:\documents and settings\sam\Application Data\GDIPFONTCACHEV1.DAT
2008-09-10 21:00 . 2008-09-10 20:59 4688 ----a-w c:\program files\satsukidecodersettings.ini
2007-12-01 14:22 . 2007-12-01 14:22 126 ----a-w c:\documents and settings\sam\Local Settings\Application Data\fusioncache.dat
2007-11-01 17:57 . 2007-11-01 17:57 27140 ----a-w c:\documents and settings\sam\TB2Categories000.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-27_14.46.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-28 16:17 . 2009-04-28 16:17 16384 c:\windows\temp\Perflib_Perfdata_2e4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"pidle"="c:\documents and settings\sam\Application Data\pidle\pidle.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqNGXQJ]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]aswBoot.exe /M:83c595e7a /A:* /L:English /KBD:2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
backup=c:\windows\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=c:\windows\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\reminder-Enregistrement du produit ScanSoft.lnk
backup=c:\windows\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Steam\\SteamApps\\tirailleur93\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tirailleur93\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1234:TCP"= 1234:TCP:mon port 1234

R2 gupdate1c9a431286796c0;Google Update Service (gupdate1c9a431286796c0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-05 3584]
R3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
R3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 13440]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2006-05-24 3712]

.
Contenu du dossier 'Tâches planifiées'

2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-04-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 22:12]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
TCP: {16293524-21E5-474A-966B-AF4CBF48EC4B} = 213.36.80.1 213.36.80.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\sam\Application Data\Mozilla\Firefox\Profiles\sgzs1f5v.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 18:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,d8,46,1e,e0,fe,
b0,a7,4a,e2,63,26,f1,3f,c8,ff,68,41,cd,5c,92,98,dc,5f,34,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,af,a7,71,d2,c2,
65,d1,95,6a,9c,d6,61,af,45,84,18,97,5c,c7,a9,ac,d8,2e,34,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,19,73,60,19,f5,
be,a0,6e,ff,7c,85,e0,43,d4,0e,fe,77,f2,ed,6c,36,a0,d7,69,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6a,8a,70,49,3b,
46,d6,e7,86,8c,21,01,be,91,eb,e7,1c,8f,97,a4,81,9a,42,43,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,31,2d,dd,e8,50,
cc,aa,a3,f5,1d,4d,73,a8,13,5c,05,d6,c0,b4,93,a5,7a,98,64,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,80,1a,80,bb,c0,
8c,e0,06,df,20,58,62,78,6b,cf,c8,0a,c5,1f,7a,f2,a5,fa,62,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,71,db,d4,77,b1,
e8,27,e4,fb,a7,78,e6,12,2f,9a,ea,95,82,1c,42,1c,d0,5c,e3,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,7b,87,3d,72,2e,
2c,b8,5d,01,3a,48,fc,e8,04,4a,f1,17,e5,47,b6,86,fa,24,39,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,a7,ba,7a,c1,2e,
ff,cb,0d,f6,0f,4e,58,98,5b,89,c9,f8,a5,8f,df,9d,34,aa,2b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,89,db,89,84,63,
2a,55,4a,3d,ce,ea,26,2d,45,aa,78,a6,b2,96,6c,c7,eb,e6,2e,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,a4,40,40,39,85,
ba,96,2a,2a,b7,cc,b5,b9,7f,41,e7,4e,99,bf,55,de,9b,55,0d,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,4a,b6,4c,c1,98,
cb,fc,ec,6c,43,2d,1e,aa,22,2f,9c,c1,e7,c1,be,8a,82,ee,b2,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2136)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-04-28 18:55
ComboFix-quarantined-files.txt 2009-04-28 16:55
ComboFix2.txt 2009-04-28 16:13
ComboFix3.txt 2009-04-27 14:58
ComboFix4.txt 2009-04-27 14:48

Avant-CF: 15 697 412 096 octets libres
Après-CF: 15 706 652 672 octets libres

295 --- E O F --- 2009-04-16 10:57

Réponse 27 / 47

chimay8 Messages postés 7947 Statut Contributeur sécurité 60

Copie le texte ci-dessous :

File::
c:\windows\system32\winglsetup.exe
c:\windows\system32\loader266.exe
c:\windows\system32\dllcache\wmiprvse.exe
c:\windows\system32\dllcache\services.exe
C:\ARKA.tmp
C:\ARKB.tmp
c:\windows\temp\Perflib_Perfdata_2e4.dat
Folder::
c:\documents and settings\sam\Application Data\pidle
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pidle"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

ensuite

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur RSIT.exe afin de lancer RSIT.
Clique "Continue" à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Réponse 28 / 47

samirou2103

alors rapport combofix :

ComboFix 09-04-25.A3 - sam 28/04/2009 20:36.8 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1534.1072 [GMT 2:00]
Lancé depuis: c:\documents and settings\sam\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\sam\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sam\Application Data\pidle

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-4-28 ))))))))))))))))))))))))))))))))))))
.

2009-04-28 16:15 . 2009-04-28 16:15 -------- d-----w C:\_OTMoveIt
2009-04-27 19:50 . 2009-04-27 19:50 -------- d-----w C:\Lop SD
2009-04-27 17:16 . 2009-04-27 17:16 -------- d-----w C:\ToolBar SD
2009-04-27 12:35 . 2009-04-27 12:36 4096 ----a-w c:\windows\system32\winglsetup.exe
2009-04-27 11:44 . 2009-04-27 11:44 24064 ----a-w c:\windows\system32\loader266.exe
2009-04-15 16:59 . 2009-03-06 14:46 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:59 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:59 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:59 . 2009-02-09 10:20 685056 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 16:59 . 2009-02-09 10:08 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 16:59 . 2009-02-09 10:20 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:59 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:58 . 2008-12-16 12:49 351232 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-15 16:58 . 2008-04-21 21:27 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 04:23 . 2009-04-13 04:23 -------- d-sh--w C:\FOUND.073
2009-04-13 03:53 . 2009-04-13 03:53 -------- d-sh--w C:\FOUND.072
2009-04-07 08:00 . 2009-04-07 08:00 -------- d-sh--w C:\FOUND.071
2009-03-31 18:51 . 2009-03-31 18:51 -------- d-sh--w C:\FOUND.070
2009-03-31 18:27 . 2009-03-31 18:27 -------- d-sh--w C:\FOUND.069
2009-03-30 10:04 . 2009-03-30 10:04 -------- d-sh--w C:\FOUND.068

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 09:23 . 2009-04-27 19:51 16925 ----a-w C:\lopR.txt
2009-04-28 08:28 . 2009-04-27 17:16 2203 ----a-w C:\TB.txt
2009-04-27 13:34 . 2009-04-27 12:44 1258 ----a-w C:\rapport.txt
2009-04-27 10:30 . 2009-01-27 10:30 79872 --sha-w C:\ARKA.tmp
2009-04-27 10:30 . 2009-01-27 10:30 87552 --sha-w C:\ARKB.tmp
2009-04-22 10:27 . 2005-01-23 10:37 78148 ----a-w c:\windows\system32\perfc00C.dat
2009-04-22 10:27 . 2005-01-23 10:37 476284 ----a-w c:\windows\system32\perfh00C.dat
2009-03-24 19:20 . 2006-06-25 15:49 51800 ----a-w c:\documents and settings\sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 19:12 . 2009-03-24 19:12 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-24 19:11 . 2009-03-24 19:11 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-24 19:09 . 2009-03-24 19:09 -------- d-----w c:\program files\Microsoft
2009-03-24 19:09 . 2009-03-24 19:09 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-24 19:02 . 2009-03-24 19:02 -------- d-----w c:\program files\Fichiers communs\Windows Live
2009-03-21 14:20 . 2004-08-05 04:00 1051136 ----a-w c:\windows\system32\dllcache\kernel32.dll
2009-03-20 08:42 . 2009-03-20 08:42 -------- d-----w c:\documents and settings\sam\Application Data\Mumble
2009-03-20 08:39 . 2009-03-20 08:39 -------- d-----w c:\program files\Mumble
2009-03-11 16:59 . 2008-05-09 10:24 268 ---ha-w C:\sqmdata03.sqm
2009-03-11 16:59 . 2008-05-09 10:24 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-06 14:46 . 2004-08-05 03:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 12:12 . 2008-09-10 21:00 3476 ----a-w c:\program files\mpc7.reg
2009-03-03 12:12 . 2008-09-10 21:00 680 ----a-w c:\program files\mpc2.reg
2009-03-03 12:12 . 2008-09-10 21:00 558 ----a-w c:\program files\mpc1.reg
2009-03-03 12:12 . 2008-09-10 21:00 3554 ----a-w c:\program files\ffdssetts.reg
2009-03-03 12:12 . 2008-09-10 21:00 31570 ----a-w c:\program files\ffdsvsetts.reg
2009-03-03 12:12 . 2008-09-10 21:00 3026 ----a-w c:\program files\mpc3.reg
2009-03-03 12:12 . 2008-09-10 21:00 18156 ----a-w c:\program files\mpc6.reg
2009-03-03 12:12 . 2008-09-10 21:00 16240 ----a-w c:\program files\mpc5.reg
2009-03-03 12:12 . 2008-09-10 21:00 1292 ----a-w c:\program files\ffdsasetts.reg
2009-03-03 00:13 . 2005-07-03 01:16 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 00:13 . 2005-07-03 01:16 826368 ------w c:\windows\system32\dllcache\wininet.dll
2009-02-28 04:54 . 2007-08-13 16:43 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-25 09:43 . 2008-05-08 22:35 268 ---ha-w C:\sqmdata02.sqm
2009-02-25 09:43 . 2008-05-08 22:35 244 ---ha-w C:\sqmnoopt02.sqm
2009-02-24 17:19 . 2007-10-31 15:51 244 ---ha-w C:\sqmnoopt01.sqm
2009-02-24 17:19 . 2007-10-31 15:51 232 ---ha-w C:\sqmdata01.sqm
2009-02-20 10:20 . 2007-12-16 17:00 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2007-08-13 16:39 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2004-08-05 03:00 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 13:17 . 2005-03-02 17:07 1846400 ----a-w c:\windows\system32\win32k.sys
2009-02-09 13:17 . 2005-03-02 17:07 1846400 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:50 . 2006-12-19 17:22 2017792 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:50 . 2006-12-19 17:22 2059776 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 11:50 . 2005-03-02 17:07 2059776 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:50 . 2006-12-19 17:22 2182528 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:50 . 2006-12-19 17:22 2138112 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:50 . 2005-03-02 17:08 2182528 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:20 . 2005-04-28 18:32 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2005-04-28 18:32 399360 ----a-w c:\windows\system32\dllcache\rpcss.dll
2009-02-09 10:20 . 2004-10-28 00:24 730112 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-10-28 00:24 730112 ----a-w c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 10:20 . 2004-08-05 03:00 685056 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-05 03:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:08 . 2004-08-05 03:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 17:39 . 2009-02-06 17:39 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:54 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:54 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-03 20:10 . 2009-02-03 20:10 55808 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 20:10 . 2004-08-05 03:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-01 14:18 . 2009-02-01 14:15 249856 ------w c:\windows\Setup1.exe
2009-02-01 14:18 . 2009-02-01 14:15 73216 ----a-w c:\windows\ST6UNST.EXE
2008-10-18 09:49 . 2006-12-10 12:14 51216 ----a-w c:\documents and settings\sam\Application Data\GDIPFONTCACHEV1.DAT
2008-09-10 21:00 . 2008-09-10 20:59 4688 ----a-w c:\program files\satsukidecodersettings.ini
2007-12-01 14:22 . 2007-12-01 14:22 126 ----a-w c:\documents and settings\sam\Local Settings\Application Data\fusioncache.dat
2007-11-01 17:57 . 2007-11-01 17:57 27140 ----a-w c:\documents and settings\sam\TB2Categories000.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-27_14.46.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-28 16:17 . 2009-04-28 16:17 16384 c:\windows\temp\Perflib_Perfdata_2e4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"pidle"="c:\documents and settings\sam\Application Data\pidle\pidle.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqNGXQJ]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]aswBoot.exe /M:83c595e7a /A:* /L:English /KBD:2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
backup=c:\windows\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=c:\windows\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\reminder-Enregistrement du produit ScanSoft.lnk
backup=c:\windows\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Steam\\SteamApps\\tirailleur93\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tirailleur93\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1234:TCP"= 1234:TCP:mon port 1234

R2 gupdate1c9a431286796c0;Google Update Service (gupdate1c9a431286796c0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-05 3584]
R3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
R3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 13440]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2006-05-24 3712]

.
Contenu du dossier 'Tâches planifiées'

2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-04-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 22:12]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
TCP: {16293524-21E5-474A-966B-AF4CBF48EC4B} = 213.36.80.1 213.36.80.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\sam\Application Data\Mozilla\Firefox\Profiles\sgzs1f5v.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 20:37
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,d8,46,1e,e0,fe,
b0,a7,4a,e2,63,26,f1,3f,c8,ff,68,41,cd,5c,92,98,dc,5f,34,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,af,a7,71,d2,c2,
65,d1,95,6a,9c,d6,61,af,45,84,18,97,5c,c7,a9,ac,d8,2e,34,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,19,73,60,19,f5,
be,a0,6e,ff,7c,85,e0,43,d4,0e,fe,77,f2,ed,6c,36,a0,d7,69,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6a,8a,70,49,3b,
46,d6,e7,86,8c,21,01,be,91,eb,e7,1c,8f,97,a4,81,9a,42,43,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,31,2d,dd,e8,50,
cc,aa,a3,f5,1d,4d,73,a8,13,5c,05,d6,c0,b4,93,a5,7a,98,64,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,80,1a,80,bb,c0,
8c,e0,06,df,20,58,62,78,6b,cf,c8,0a,c5,1f,7a,f2,a5,fa,62,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,71,db,d4,77,b1,
e8,27,e4,fb,a7,78,e6,12,2f,9a,ea,95,82,1c,42,1c,d0,5c,e3,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,7b,87,3d,72,2e,
2c,b8,5d,01,3a,48,fc,e8,04,4a,f1,17,e5,47,b6,86,fa,24,39,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,a7,ba,7a,c1,2e,
ff,cb,0d,f6,0f,4e,58,98,5b,89,c9,f8,a5,8f,df,9d,34,aa,2b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,89,db,89,84,63,
2a,55,4a,3d,ce,ea,26,2d,45,aa,78,a6,b2,96,6c,c7,eb,e6,2e,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,a4,40,40,39,85,
ba,96,2a,2a,b7,cc,b5,b9,7f,41,e7,4e,99,bf,55,de,9b,55,0d,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,4a,b6,4c,c1,98,
cb,fc,ec,6c,43,2d,1e,aa,22,2f,9c,c1,e7,c1,be,8a,82,ee,b2,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-04-28 20:38
ComboFix-quarantined-files.txt 2009-04-28 18:38
ComboFix2.txt 2009-04-28 16:55
ComboFix3.txt 2009-04-28 16:13
ComboFix4.txt 2009-04-27 14:58
ComboFix5.txt 2009-04-28 18:35

Avant-CF: 15 471 443 968 octets libres
Après-CF: 15 610 019 840 octets libres

302 --- E O F --- 2009-04-16 10:57

ENsuite rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:49, on 28/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: ssqNGXQJ - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c9a431286796c0) (gupdate1c9a431286796c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Réponse 29 / 47

samirou2103

Voici le dernier rapport demandé :

dans le dossier LOG :

Logfile of random's system information tool 1.06 (written by random/random)
Run by sam at 2009-04-28 20:42:57
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 15 GB (20%) free of 74 GB
Total RAM: 1534 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:58, on 28/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\sam\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\sam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: ssqNGXQJ - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c9a431286796c0) (gupdate1c9a431286796c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Réponse 30 / 47

chimay8 Messages postés 7947 Statut Contributeur sécurité 60

je crois que c'est propre,mais il faut que je voie le rapport de otmoviet

il est dans C:\_OTMoveIt\MovedFiles.

poste le moi que je regarde si il a bien dégommé ce que j'ai demandé

Réponse 31 / 47

samirou2103

ok le voici :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\documents and settings\sam\application data\pidle\pidle.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pidle deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\sam\Local Settings\Temporary Internet Files\Content.IE5\EHDH9I6K\ads[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\sam\Local Settings\Temporary Internet Files\Content.IE5\GGGDHE8D\topdepart[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\sam\Local Settings\Temporary Internet Files\Content.IE5\2Y2C8I5B\affich-12200326-spywares-tenaces[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\sam\Local Settings\Temporary Internet Files\Content.IE5\2Y2C8I5B\ads[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\sam\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\sam\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_250.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04282009_181508

Réponse 32 / 47

chimay8 Messages postés 7947 Statut Contributeur sécurité 60

ok,

une petite dernière chose avant le nettoyage

Télécharge et installe UsbFix de C_XX & Chiquitine29

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectées sans les ouvrir

# Double-clique sur le raccourci UsbFix présent sur ton bureau .

# Choisis l'option 1 ( Recherche )

# Laisse travailler l'outil...

# Ensuite,poste le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est en outre sauvegardé à la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un malware, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Réponse 33 / 47

samirou2103

ben moi je fais le ménage tous les jours chez moi et j'ai tout le temps des virus sur mon pc!! alors??verdict????

Réponse 34 / 47

samirou2103

voici :

############################## [ UsbFix V3.014 ]

# User : sam (Administrateurs) # SAMIA
# Update on 27/04/09 by C_XX & Chiquitine29
# Start at: 21:25:36 | 28/04/2009

# AMD Athlon(tm) 64 Processor 3400+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ (!) Disabled | Updated ]

# C:\ # Disque fixe local # 72,05 Go (14,49 Go free) [ACER] # FAT32
# D:\ # Disque fixe local # 73,06 Go (3,29 Go free) [ACERDATA] # FAT32
# E:\ # Disque CD-ROM
# G:\ # Disque amovible # 1,87 Go (1,6 Go free) [KODAK] # FAT
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible
# L:\ # Disque fixe local # 698,46 Go (57,44 Go free) [MY BOOK] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.google.fr/?gws_rd=ssl"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="sam"
HKLM_logon: "AltDefaultUserName"="sam"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKCU_Run: pidle="C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

################## [ Informations ]

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\system32\tmp.txt

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

################## [ Registre # Mountpoints2 ]

# -> Not Found !

################## [ ! Fin du rapport # UsbFix V3.014 ! ]

Réponse 35 / 47

chimay8 Messages postés 7947 Statut Contributeur sécurité 60

ok,
il a trouvé
Found ! C:\WINDOWS\system32\tmp.txt

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir

# Double-clique sur le raccourci UsbFix présent sur ton bureau

# choisis l'option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera(c'est normal) .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

# Ensuite,poste le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque.( C:\UsbFix.txt )

Réponse 36 / 47

samirou2103

voici

############################## [ UsbFix V3.014 ]

# User : sam (Administrateurs) # SAMIA
# Update on 27/04/09 by C_XX & Chiquitine29
# Start at: 21:38:25 | 28/04/2009

# AMD Athlon(tm) 64 Processor 3400+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ (!) Disabled | Updated ]

# C:\ # Disque fixe local # 72,05 Go (14,47 Go free) [ACER] # FAT32
# D:\ # Disque fixe local # 73,06 Go (3,29 Go free) [ACERDATA] # FAT32
# E:\ # Disque CD-ROM
# G:\ # Disque amovible # 1,87 Go (1,6 Go free) [KODAK] # FAT
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible
# L:\ # Disque fixe local # 698,46 Go (57,44 Go free) [MY BOOK] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\WINDOWS\system32\tmp.txt

################## [ Registre # Clés Run infectieuses ]

# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

################## [ Registre # Mountpoints2 ]

# -> Not Found !

################## [ Listing des fichiers présent ]

[05/08/2004 05:00|-rahs----|4952] - C:\Bootfont.bin
[05/08/2004 05:00|-rahs----|251712] - C:\ntldr
[05/08/2004 05:00|-rahs----|47564] - C:\NTDETECT.COM
[27/04/2009 16:30|-rahs----|286] - C:\boot.ini
[23/01/2005 11:58|--a------|0] - C:\CONFIG.SYS
[21/07/2008 21:02|--a------|139] - C:\AUTOEXEC.BAT
[23/01/2005 11:58|-rahs----|0] - C:\IO.SYS
[23/01/2005 11:58|-rahs----|0] - C:\MSDOS.SYS
[23/01/2005 12:42|--a------|74] - C:\Preload.aaa
[26/04/2008 16:09|--a------|10] - C:\error.txt
[16/10/2008 15:21|--ah-----|268] - C:\sqmdata11.sqm
[?|?|?] - C:\hiberfil.sys
[?|?|?] - C:\pagefile.sys
[25/02/2009 11:43|--ah-----|268] - C:\sqmdata02.sqm
[11/03/2009 18:59|--ah-----|268] - C:\sqmdata03.sqm
[25/02/2009 11:43|--ah-----|244] - C:\sqmnoopt02.sqm
[13/11/2008 19:22|--ah-----|232] - C:\sqmdata12.sqm
[11/03/2009 18:59|--ah-----|244] - C:\sqmnoopt03.sqm
[30/05/2008 10:39|--a------|7491804] - C:\output.avi
[25/07/2008 01:01|--a------|74] - C:\fixnavi.txt
[22/06/2008 12:23|--ah-----|244] - C:\sqmnoopt04.sqm
[22/06/2008 12:23|--ah-----|268] - C:\sqmdata04.sqm
[06/07/2008 20:14|--ah-----|244] - C:\sqmnoopt05.sqm
[06/07/2008 20:14|--ah-----|232] - C:\sqmdata05.sqm
[16/12/2004 16:25|--a------|25214] - C:\winzip9.ico
[06/07/2008 20:46|--ah-----|244] - C:\sqmnoopt06.sqm
[06/07/2008 20:46|--ah-----|268] - C:\sqmdata06.sqm
[26/07/2008 21:08|--a------|24092] - C:\MACDR055.CST
[18/08/2008 21:09|--ah-----|244] - C:\sqmnoopt07.sqm
[18/08/2008 21:09|--ah-----|268] - C:\sqmdata07.sqm
[02/09/2008 10:39|--ah-----|244] - C:\sqmnoopt08.sqm
[02/09/2008 10:39|--ah-----|268] - C:\sqmdata08.sqm
[16/09/2008 12:39|--ah-----|244] - C:\sqmnoopt09.sqm
[16/09/2008 12:39|--ah-----|232] - C:\sqmdata09.sqm
[02/10/2008 06:47|--ah-----|244] - C:\sqmnoopt10.sqm
[02/10/2008 06:47|--ah-----|268] - C:\sqmdata10.sqm
[16/10/2008 15:21|--ah-----|244] - C:\sqmnoopt11.sqm
[13/11/2008 19:22|--ah-----|244] - C:\sqmnoopt12.sqm
[26/11/2008 08:47|--a------|14618605] - C:\vlc-0.9.6-win32.exe
[28/11/2008 12:36|--ah-----|244] - C:\sqmnoopt13.sqm
[28/11/2008 12:36|--ah-----|232] - C:\sqmdata13.sqm
[29/11/2008 11:17|--ah-----|244] - C:\sqmnoopt14.sqm
[29/11/2008 11:17|--ah-----|268] - C:\sqmdata14.sqm
[13/12/2008 20:52|--ah-----|244] - C:\sqmnoopt15.sqm
[13/12/2008 20:52|--ah-----|232] - C:\sqmdata15.sqm
[14/12/2008 12:04|--ah-----|244] - C:\sqmnoopt16.sqm
[14/12/2008 12:04|--ah-----|268] - C:\sqmdata16.sqm
[28/12/2008 13:16|--ah-----|244] - C:\sqmnoopt17.sqm
[28/12/2008 13:16|--ah-----|232] - C:\sqmdata17.sqm
[29/12/2008 03:18|--ah-----|244] - C:\sqmnoopt18.sqm
[29/12/2008 03:18|--ah-----|268] - C:\sqmdata18.sqm
[12/01/2009 12:15|--ah-----|244] - C:\sqmnoopt19.sqm
[12/01/2009 12:15|--ah-----|268] - C:\sqmdata19.sqm
[27/04/2009 15:34|--a------|1258] - C:\rapport.txt
[27/04/2009 12:30|--ahs----|79872] - C:\ARKA.tmp
[27/04/2009 12:30|--ahs----|87552] - C:\ARKB.tmp
[27/01/2009 12:31|--ahs----|50176] - C:\ARKC.tmp
[27/01/2009 12:31|--ahs----|50176] - C:\ARKD.tmp
[27/01/2009 12:31|--ahs----|50176] - C:\ARKE.tmp
[03/08/2004 23:00|--a------|263488] - C:\cmldr
[27/04/2009 15:24|--a------|216] - C:\Boot.bak
[28/04/2009 20:38|--a------|20943] - C:\ComboFix.txt
[28/04/2009 10:28|--a------|2203] - C:\TB.txt
[28/04/2009 11:23|--a------|16925] - C:\lopR.txt
[28/04/2009 21:39|--a------|5857] - C:\UsbFix.txt
[15/10/2006 16:10|--ahs----|4608] - C:\Thumbs.db
[26/01/2009 22:44|--ah-----|244] - C:\sqmnoopt00.sqm
[26/01/2009 22:44|--ah-----|268] - C:\sqmdata00.sqm
[24/02/2009 19:19|--ah-----|244] - C:\sqmnoopt01.sqm
[24/02/2009 19:19|--ah-----|232] - C:\sqmdata01.sqm
[01/11/2007 13:38|--a------|44384] - C:\resultat.txt
[10/06/2008 23:04|--a------|87738] - D:\keygen.ms
[08/09/2008 10:27|--a------|29278542] - D:\archive1.rar
[08/09/2008 10:37|--a------|46138274] - D:\archive2.rar
[08/09/2008 10:42|--a------|60726144] - D:\archive3.rar
[16/11/2007 07:48|--a------|11] - D:\lock.report
[07/11/2007 14:15|--a------|35451723] - D:\juju.bak
[07/11/2007 14:28|--a------|12243447] - D:\juju.m3d
[09/11/2007 09:38|--a------|4700875] - D:\juju2.bak
[13/11/2007 08:05|--a------|5013983] - D:\juju2.m3d
[13/11/2007 08:20|--a------|35345240] - D:\indiens.m3d
[13/11/2007 08:23|--a------|26810110] - D:\MapAutosave.old.old.bak
[13/11/2007 08:28|--a------|27299844] - D:\MapAutosave.old.bak
[16/11/2007 07:40|--a------|28388283] - D:\MapAutosave.bak
[16/11/2007 07:45|--a------|2465704] - D:\MapAutosave.m3d
[16/01/2009 14:58|--ahs----|12800] - L:\Thumbs.db
[10/03/2009 15:27|--a------|7205558] - L:\Prodigy Vs Enya - Smack My Bitch Up The Orinoco Flow.wma

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# G:\autorun.inf -> Folder created by UsbFix.
# L:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

C:\Documents and Settings\sam\Bureau\SmitfraudFix\SmitfraudFix\o4Patch.exe

################## [ ! Fin du rapport # UsbFix V3.014 ! ]

Réponse 37 / 47

chimay8 Messages postés 7947 Statut Contributeur sécurité 60

salut,

bien vu,en plus tes clés sont vaccinées

je vais te demander un dernier scan avec MBAM(tu peux le garder après,c'est un excellent scanner a malware)
puis on termine

Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton Bureau.
https://www.malwarebytes.com/

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharges le ici : https://www.malekal.com/tutorial-aboutbuster/ )

A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
Double-clique sur l'icône "Download_mbam-setup.exe" sur ton bureau pour démarrer le programme d'installation.

Pendant l'installation, suis les indications n'apporte aucune modification aux réglages par défaut et en fin d'installation, vérifie que les options "Update Malwarebytes' Anti-Malware" et "Launch Malwarebytes' Anti-Malware" soit cochées.
MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue.
La fenêtre principale de MBAM s'affiche :
Dans l'onglet analyse, vérifie que "Exécuter un examen rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
MBAM analyse ton ordinateur.
L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
Si des malwares sont détectés, leur liste s'affiche.
***EN CLIQUANT SUR SUPPRESSION(?)FAIT LE*** , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
Ferme MBAM en cliquant sur Quitter.
Poste le rapport dans ta réponse

Réponse 38 / 47

samirou2103

bonjour ,

j'ai fais l'opération que tu m'as demandé , voici le rapport :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2059
Windows 5.1.2600 Service Pack 2

29/04/2009 19:51:07
mbam-log-2009-04-29 (19-51-07).txt

Type de recherche: Examen rapide
Eléments examinés: 76506
Temps écoulé: 2 minute(s), 11 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 28

Processus mémoire infecté(s):
C:\Documents and Settings\sam\Application Data\pidle\pidle.exe (Trojan.Downloader) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\gigopero.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\rurirovi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fupipivo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wavenimu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jepewosi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\__c00AA1E9.dat (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37c7d563-b933-4d0c-8ebc-6f1031880322} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{37c7d563-b933-4d0c-8ebc-6f1031880322} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37c7d563-b933-4d0c-8ebc-6f1031880322} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00aa1e9 (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9} (Rogue.MalwareWiped) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\320d18a1 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm313e2b3d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rirawapola (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pidle (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\rurirovi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fupipivo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fupipivo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\vntiho06 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam\Application Data\digifast (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam\Application Data\pidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\gigopero.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\orepogig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rurirovi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wavenimu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jepewosi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fupipivo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\__c00AA1E9.dat (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\sam\Application Data\pidle\pidle.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\WWShow\WWShow.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\javinete.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\loader266.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winglsetup.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam\Local Settings\temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam\Local Settings\temp\rasesnet.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam\Local Settings\temp\cmasrxnwoe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam\Local Settings\temp\__5A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\_A00F73832A.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam\Local Settings\Temporary Internet Files\Content.IE5\4JQ283LU\156[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam\Local Settings\Temporary Internet Files\Content.IE5\4JQ283LU\163[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam\Local Settings\Temporary Internet Files\Content.IE5\JCDQ7P96\dfuninstaller.prod.v14000.18mar2009.exe[1].10b9665cc5f98c037e9b8dcc0e88929e (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\Components\WWShow.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam\Application Data\digifast\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam\Application Data\digifast\DFUninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam\Application Data\digifast\digifast.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

je pense que mon pc a fait une "rechute".

merci.

Réponse 39 / 47

samirou2103

je tiens à preciser que la "rechute" de mon ordi a commencé avec ce message : EXception Processing message C0000013 parameters 75afbf9c 475afbf9c 75afbf9c

Réponse 40 / 47

chimay8 Messages postés 7947 Statut Contributeur sécurité 60

fais un scan avec antivir en mode sans échec

poste le rapport stp

Discussions similaires

des spywares et Trojans envahissent mon pc

Spywares tenaces!!

47 réponses

Votre réponse

Discussions similaires

Newsletters