Un autre PC verollé

sese -  
 sese -
Bonjour,

comme vous l'indique mon titre nous avons un autre PC qui semble tres infecté

le seul moyen pour pouvoir faire quoi que ce soit a été de le redemarrer en mode diagnostic (mode sans echec impossible!!!!)

j'ai enfin reussi a lui installer AVAST

voici les rapports malwarebytes avant blocage et hijackthis fait en mode diagnostic (impossible de le faire autrement) :

merci d'avance pour votre aide

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2809
Windows 5.1.2600 Service Pack 2

16/09/2009 11:19:53
mbam-log-2009-09-16 (11-19-53).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 141767
Temps écoulé: 26 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 18

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\system32\kbiwkmabdpybiq.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StormCodec_Helper (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
\\?\globalroot\systemroot\system32\kbiwkmabdpybiq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbiwkmabdpybiq.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmjnptjkvt.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmqoirqvov.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\kbiwkmwsklypni.sys (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\kbiwkmsielixjkyi.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\CWS Leonard\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\CWS Leonard\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\CWS Leonard\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\CWS Leonard\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbiwkmjcxiwwow.dat (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmmpjyutpb.dat (Rootkit.TDSS) -> Delete on reboot.

*************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:47, on 17/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\CWS Leonard\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@0 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@0 (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4f1088bafcc04244a459a68904098d0a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4f1088bafcc04244a459a68904098d0a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{276FEDDC-CAF9-4FB1-83CA-F0BCEFC86E39}: NameServer = 192.168.2.1
O18 - Protocol: bw+0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 16255 bytes
Configuration: Windows XP
Firefox 2.0.0.16

15 réponses

  1. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Salut,

    Supprime la quarantaine de Malwarebytes et redémarre le pc

    --> onglet "quarantaine -->supprime tout

    ---------------------

    Télécharge et installe ccleaner

    - Durant l'installation, décoche la case proposant la barre d'outils yahoo et celle : " ajouter l'option des mises à jour"

    - Une fois installé, fermes toutes les applications en cours et lance ccleaner

    - clic -->>option -->> avancé et décoche " effacer les fichiers etc... plus vieux que 48h

    - Sélectionne " nettoyeur " >> clic sur Analyse puis nettoyage, puis referme le programme...

    ---------------------------

    Télécharge Combofix et enregistres le sur ton bureau

    /!\ Désactives la garde ton antivirus /!\

    - Déconnecte toi et ferme toutes les applications en cours

    - Double clic sur Combofix.exe >> un message apparait > réponds " oui "

    - ( Il est conseillé d'installer la console de récupérations)

    - Sélectionnes la langue et presse la touche 1 ( yes) pour lancer le scan

    /!\ Ne touche ni à la souris, ni au clavier durant le scan, cela pourrait figer l'ordi /!\

    - A la fin du scan, Combofix aura besoin de redémarrer pour finir la désinfection, laisse le faire

    - Une fois terminé, un rapport s'affiche, poste son contenu que tu peux aussi trouver à c:\combofix.txt

    Tutoriel et guide officiel Combofix
    0
    1. sese
       
      Merci beaucoup pour cette réponse rapide

      voici le rapport Combofix

      ComboFix 09-09-16.05 - CWS Leonard 17/09/2009 16:48.1.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.510.162 [GMT 2:00]
      Lancé depuis: c:\documents and settings\CWS Leonard\Bureau\ComboFix.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\CWS Leonard\Application Data\Microsoft\Clip Organizer\mstore10.mgc
      c:\documents and settings\CWS Leonard\Application Data\Microsoft\Clip Organizer\Offic10.MGC
      c:\windows\Installer\1cdeac0.msp
      c:\windows\Installer\1eb72a5.msp
      c:\windows\Installer\201e064.msp
      c:\windows\Installer\201e078.msp
      c:\windows\Installer\343f5.msp
      c:\windows\Installer\3da643c.msp
      c:\windows\Installer\4e96a.msi
      c:\windows\Installer\53be2b.msi
      c:\windows\Installer\WMEncoder.msi
      c:\windows\system32\config\systemprofile\protect.dll
      c:\windows\system32\drivers\str.sys

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_kbiwkmrxfumupx
      -------\Service_kbiwkmrxfumupx


      ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-17 au 2009-09-17 ))))))))))))))))))))))))))))))))))))
      .

      2009-09-16 14:55 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
      2009-09-16 14:55 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2009-09-16 14:55 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
      2009-09-16 14:54 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
      2009-09-16 14:54 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2009-09-16 14:54 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2009-09-16 14:54 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
      2009-09-16 14:54 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
      2009-09-16 14:52 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
      2009-09-16 14:52 . 2009-09-16 14:52 -------- d-----w- c:\program files\Alwil Software
      2009-09-16 08:51 . 2009-09-16 08:51 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Malwarebytes
      2009-09-16 08:51 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-09-16 08:50 . 2009-09-16 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-09-16 08:50 . 2009-09-16 08:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-09-16 08:50 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-09-15 14:50 . 2009-09-15 14:54 -------- d-----w- c:\windows\SxsCaPendDel
      2009-09-15 14:06 . 2009-09-15 14:06 -------- d-----w- c:\documents and settings\CWS Leonard\Tracing
      2009-09-15 14:03 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
      2009-09-15 13:57 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
      2009-09-15 13:55 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft
      2009-09-15 13:55 . 2009-09-15 13:55 -------- d-----w- c:\program files\Windows Live SkyDrive
      2009-09-15 13:55 . 2009-09-15 14:49 -------- d-----w- c:\program files\Windows Live
      2009-09-15 13:49 . 2009-09-15 13:49 -------- d-----w- c:\program files\Fichiers communs\Windows Live

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-09-17 14:50 . 2004-08-05 12:00 90082 ----a-w- c:\windows\system32\perfh00C.dat
      2009-09-17 14:50 . 2004-08-05 12:00 111482 ----a-w- c:\windows\system32\perfc00C.dat
      2009-09-15 14:06 . 2007-05-29 09:53 64576 ----a-w- c:\documents and settings\CWS Leonard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-09-15 13:58 . 2007-07-30 09:02 -------- d-----w- c:\program files\Windows Live Toolbar
      2009-09-10 07:51 . 2008-12-15 08:27 -------- d-----w- c:\program files\Microsoft Silverlight
      2009-08-31 13:16 . 2008-07-23 14:57 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\uTorrent
      2009-08-26 08:12 . 2009-07-09 14:46 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\vlc
      2009-08-17 06:49 . 2009-01-13 17:25 -------- d-----w- c:\program files\DAEMON Tools Toolbar
      2009-08-14 09:48 . 2009-03-02 12:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
      2009-08-11 16:28 . 2008-07-28 12:30 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\dvdcss
      2009-08-10 06:57 . 2009-03-02 12:56 -------- d--h--w- c:\program files\InstallShield Installation Information
      2009-08-05 15:54 . 2009-07-23 09:04 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Image Zone Express
      2009-08-05 12:25 . 2006-12-18 23:10 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Skype
      2009-08-05 12:23 . 2009-03-09 14:22 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\skypePM
      2009-08-05 09:06 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
      2009-07-17 18:56 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
      2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
      2009-07-09 07:27 . 2006-12-18 19:06 98304 ----a-w- c:\windows\DUMP5f85.tmp
      2009-06-26 16:18 . 2004-08-05 12:00 663552 ----a-w- c:\windows\system32\wininet.dll
      2009-06-26 16:18 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
      2009-06-25 08:44 . 2004-08-05 12:00 731136 ----a-w- c:\windows\system32\lsasrv.dll
      2009-06-25 08:44 . 2004-08-05 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
      2009-06-25 08:44 . 2004-08-05 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
      2009-06-25 08:44 . 2004-08-05 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
      2009-06-25 08:44 . 2004-08-05 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
      2009-06-25 08:44 . 2004-08-05 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
      2009-06-22 11:34 . 2004-08-05 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
      2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk /r \??\L:\0autocheck autochk *

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check(2).lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(2).lnk
      backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
      backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
      backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "xmlprov"=3 (0x3)
      "WZCSVC"=2 (0x2)
      "WudfSvc"=3 (0x3)
      "wuauserv"=2 (0x2)
      "wscsvc"=2 (0x2)
      "WMPNetworkSvc"=3 (0x3)
      "WmiApSrv"=3 (0x3)
      "WmdmPmSN"=3 (0x3)
      "WinVNC4"=2 (0x2)
      "winmgmt"=2 (0x2)
      "WebClient"=2 (0x2)
      "W32Time"=2 (0x2)
      "VSS"=3 (0x3)
      "UStorage Server Service"=2 (0x2)
      "UPS"=3 (0x3)
      "upnphost"=2 (0x2)
      "TrkWks"=2 (0x2)
      "Themes"=2 (0x2)
      "TermService"=3 (0x3)
      "TapiSrv"=3 (0x3)
      "SysmonLog"=3 (0x3)
      "SwPrv"=3 (0x3)
      "Stormser"=2 (0x2)
      "stisvc"=2 (0x2)
      "SSDPSRV"=3 (0x3)
      "srservice"=2 (0x2)
      "Spooler"=2 (0x2)
      "ShellHWDetection"=2 (0x2)
      "SharedAccess"=2 (0x2)
      "SENS"=2 (0x2)
      "seclogon"=2 (0x2)
      "Schedule"=2 (0x2)
      "SCardSvr"=3 (0x3)
      "SCardDrv"=3 (0x3)
      "SamSs"=2 (0x2)
      "RSVP"=3 (0x3)
      "RDSessMgr"=3 (0x3)
      "RasMan"=3 (0x3)
      "RasAuto"=3 (0x3)
      "ProtectedStorage"=2 (0x2)
      "PolicyAgent"=2 (0x2)
      "Pml Driver HPZ12"=2 (0x2)
      "PlugPlay"=2 (0x2)
      "ose"=3 (0x3)
      "NtmsSvc"=3 (0x3)
      "NtLmSsp"=3 (0x3)
      "Nla"=3 (0x3)
      "Netman"=3 (0x3)
      "Netlogon"=3 (0x3)
      "Net Driver HPZ12"=2 (0x2)
      "Nero BackItUp Scheduler 4.0"=2 (0x2)
      "MSIServer"=3 (0x3)
      "MSDTC"=3 (0x3)
      "mnmsrvc"=3 (0x3)
      "MDM"=2 (0x2)
      "LVSrvLauncher"=2 (0x2)
      "LVPrcSrv"=2 (0x2)
      "LmHosts"=2 (0x2)
      "LEC TranslateDotNet Server"=3 (0x3)
      "lanmanworkstation"=2 (0x2)
      "lanmanserver"=2 (0x2)
      "ImapiService"=3 (0x3)
      "HTTPFilter"=3 (0x3)
      "HidServ"=2 (0x2)
      "helpsvc"=2 (0x2)
      "gupdate1c9bf42a4438a2a"=2 (0x2)
      "FastUserSwitchingCompatibility"=3 (0x3)
      "EventSystem"=3 (0x3)
      "Eventlog"=2 (0x2)
      "ERSvc"=2 (0x2)
      "EpsonBidirectionalService"=2 (0x2)
      "Dnscache"=2 (0x2)
      "dmserver"=3 (0x3)
      "dmadmin"=3 (0x3)
      "Dhcp"=2 (0x2)
      "CryptSvc"=2 (0x2)
      "COMSysApp"=3 (0x3)
      "clr_optimization_v2.0.50727_32"=3 (0x3)
      "CiSvc"=3 (0x3)
      "Browser"=2 (0x2)
      "BITS"=3 (0x3)
      "avast! Web Scanner"=3 (0x3)
      "avast! Mail Scanner"=3 (0x3)
      "avast! Antivirus"=2 (0x2)
      "AudioSrv"=2 (0x2)
      "aswUpdSv"=2 (0x2)
      "aspnet_state"=3 (0x3)
      "AppMgmt"=3 (0x3)
      "ALG"=3 (0x3)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\uTorrent\\uTorrent.exe"=
      "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "17601:TCP"= 17601:TCP:BitComet 17601 TCP
      "17601:UDP"= 17601:UDP:BitComet 17601 UDP
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/09/2009 16:54 114768]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/09/2009 16:54 20560]
      R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [18/12/2006 20:38 362688]
      S2 spzdgkssbmj;spzdgkssbmj;\??\c:\windows\system32\drivers\ntnnnucniqx.sys --> c:\windows\system32\drivers\ntnnnucniqx.sys [?]
      S4 gupdate1c9bf42a4438a2a;Service Google Update (gupdate1c9bf42a4438a2a);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2009 11:55 133104]
      S4 Stormser;Stormser;c:\progra~1\RINGZS~1\STORMC~1\Stormser.exe --> c:\progra~1\RINGZS~1\STORMC~1\Stormser.exe [?]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      .
      Contenu du dossier 'Tâches planifiées'

      2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]

      2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://lo.st/
      mStart Page = hxxp://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
      uInternet Connection Wizard,ShellNext = iexplore
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4f1088bafcc04244a459a68904098d0a
      IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4f1088bafcc04244a459a68904098d0a
      TCP: {276FEDDC-CAF9-4FB1-83CA-F0BCEFC86E39} = 192.168.2.1
      Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      FF - ProfilePath - c:\documents and settings\CWS Leonard\Application Data\Mozilla\Firefox\Profiles\cqjqjxfy.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FF - prefs.js: browser.search.selectedEngine - DAEMON Search
      FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
      FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
      FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
      FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
      WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-09-17 16:54
      Windows 5.1.2600 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
      "Enabled"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker3"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
      "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'explorer.exe'(1604)
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files\Alwil Software\Avast4\aswUpdSv.exe
      c:\program files\Alwil Software\Avast4\ashServ.exe
      c:\program files\Alwil Software\Avast4\ashMaiSv.exe
      c:\program files\Alwil Software\Avast4\ashWebSv.exe
      c:\windows\SoftwareDistribution\Download\Install\dotnetfx35_x86.exe
      c:\6020aec6bc32c7f333\dotnetfx35setup.exe
      c:\c65acef301beab0b4823ad5396e338\setup.exe
      .
      **************************************************************************
      .
      Heure de fin: 2009-09-17 16:59 - La machine a redémarré
      ComboFix-quarantined-files.txt 2009-09-17 14:59

      Avant-CF: 112.009.699.328 octets libres
      Après-CF: 111.706.599.424 octets libres

      WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

      Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
      314 --- E O F --- 2009-09-10 08:16
      0
  2. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    - Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes :
    
    
    KILLALL::
    
    Driver::
    spzdgkssbmj
    Stormser
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] 
    "Stormser"=-  
    
    File::
    c:\progra~1\RINGZS~1\STORMC~1\Stormser.exe
    c:\windows\system32\drivers\ntnnnucniqx.sys


    - Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)

    - Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est).

    - Désactive ton antivirus et tes autres protections résidentes.

    - Fais un glissé/déposé de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image

    ( Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).

    - Cela va relancer Combofix

    - Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !

    - Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !

    - Une fois le scan achevé, un rapport va s'afficher: poste le stp.

    --------------------------------
    0
    1. sese
       
      bonjour

      voici le dernier rapport demandé

      ComboFix 09-09-17.04 - CWS Leonard 18/09/2009 11:55.2.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.510.254 [GMT 2:00]
      Lancé depuis: c:\documents and settings\CWS Leonard\Bureau\ComboFix.exe
      Commutateurs utilisés :: c:\documents and settings\CWS Leonard\Bureau\CFScript.txt
      AV: avast! antivirus 4.8.1351 [VPS 090917-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

      FILE ::
      "c:\progra~1\RINGZS~1\STORMC~1\Stormser.exe"
      "c:\windows\system32\drivers\ntnnnucniqx.sys"
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_SPZDGKSSBMJ
      -------\Legacy_STORMSER
      -------\Service_spzdgkssbmj
      -------\Service_Stormser


      ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-18 au 2009-09-18 ))))))))))))))))))))))))))))))))))))
      .

      2009-09-16 14:55 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
      2009-09-16 14:55 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2009-09-16 14:55 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
      2009-09-16 14:54 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
      2009-09-16 14:54 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2009-09-16 14:54 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2009-09-16 14:54 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
      2009-09-16 14:54 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
      2009-09-16 14:52 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
      2009-09-16 14:52 . 2009-09-16 14:52 -------- d-----w- c:\program files\Alwil Software
      2009-09-16 08:51 . 2009-09-16 08:51 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Malwarebytes
      2009-09-16 08:51 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-09-16 08:50 . 2009-09-16 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-09-16 08:50 . 2009-09-16 08:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-09-16 08:50 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-09-15 14:50 . 2009-09-15 14:54 -------- d-----w- c:\windows\SxsCaPendDel
      2009-09-15 14:06 . 2009-09-15 14:06 -------- d-----w- c:\documents and settings\CWS Leonard\Tracing
      2009-09-15 14:03 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
      2009-09-15 13:57 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
      2009-09-15 13:55 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft
      2009-09-15 13:55 . 2009-09-15 13:55 -------- d-----w- c:\program files\Windows Live SkyDrive
      2009-09-15 13:55 . 2009-09-15 14:49 -------- d-----w- c:\program files\Windows Live
      2009-09-15 13:49 . 2009-09-15 13:49 -------- d-----w- c:\program files\Fichiers communs\Windows Live

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-09-18 09:54 . 2004-08-05 12:00 90838 ----a-w- c:\windows\system32\perfh00C.dat
      2009-09-18 09:54 . 2004-08-05 12:00 111778 ----a-w- c:\windows\system32\perfc00C.dat
      2009-09-15 14:06 . 2007-05-29 09:53 64576 ----a-w- c:\documents and settings\CWS Leonard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-09-15 13:58 . 2007-07-30 09:02 -------- d-----w- c:\program files\Windows Live Toolbar
      2009-09-10 07:51 . 2008-12-15 08:27 -------- d-----w- c:\program files\Microsoft Silverlight
      2009-08-31 13:16 . 2008-07-23 14:57 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\uTorrent
      2009-08-26 08:12 . 2009-07-09 14:46 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\vlc
      2009-08-17 06:49 . 2009-01-13 17:25 -------- d-----w- c:\program files\DAEMON Tools Toolbar
      2009-08-14 09:48 . 2009-03-02 12:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
      2009-08-11 16:28 . 2008-07-28 12:30 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\dvdcss
      2009-08-10 06:57 . 2009-03-02 12:56 -------- d--h--w- c:\program files\InstallShield Installation Information
      2009-08-05 15:54 . 2009-07-23 09:04 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Image Zone Express
      2009-08-05 12:25 . 2006-12-18 23:10 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Skype
      2009-08-05 12:23 . 2009-03-09 14:22 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\skypePM
      2009-08-05 09:06 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
      2009-07-17 18:56 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
      2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
      2009-07-09 07:27 . 2006-12-18 19:06 98304 ----a-w- c:\windows\DUMP5f85.tmp
      2009-06-26 16:18 . 2004-08-05 12:00 663552 ------w- c:\windows\system32\wininet.dll
      2009-06-26 16:18 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
      2009-06-25 08:44 . 2004-08-05 12:00 731136 ----a-w- c:\windows\system32\lsasrv.dll
      2009-06-25 08:44 . 2004-08-05 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
      2009-06-25 08:44 . 2004-08-05 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
      2009-06-25 08:44 . 2004-08-05 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
      2009-06-25 08:44 . 2004-08-05 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
      2009-06-25 08:44 . 2004-08-05 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
      2009-06-22 11:34 . 2004-08-05 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
      2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
      .

      ((((((((((((((((((((((((((((( SnapShot@2009-09-17_14.54.12 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2009-09-18 09:50 . 2009-09-18 09:50 16384 c:\windows\Temp\Perflib_Perfdata_484.dat
      + 2009-09-18 10:28 . 2009-09-18 10:28 16384 c:\windows\Temp\Perflib_Perfdata_480.dat
      - 2009-09-17 14:53 . 2009-09-17 14:53 16384 c:\windows\Temp\Perflib_Perfdata_480.dat
      + 2004-08-05 12:00 . 2009-09-18 09:54 91758 c:\windows\system32\perfc009.dat
      + 2004-08-05 12:00 . 2009-09-18 09:54 478168 c:\windows\system32\perfh009.dat
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk /r \??\L:\0autocheck autochk *

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check(2).lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(2).lnk
      backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
      backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
      backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "xmlprov"=3 (0x3)
      "WZCSVC"=2 (0x2)
      "WudfSvc"=3 (0x3)
      "wuauserv"=2 (0x2)
      "wscsvc"=2 (0x2)
      "WMPNetworkSvc"=3 (0x3)
      "WmiApSrv"=3 (0x3)
      "WmdmPmSN"=3 (0x3)
      "WinVNC4"=2 (0x2)
      "winmgmt"=2 (0x2)
      "WebClient"=2 (0x2)
      "W32Time"=2 (0x2)
      "VSS"=3 (0x3)
      "UStorage Server Service"=2 (0x2)
      "UPS"=3 (0x3)
      "upnphost"=2 (0x2)
      "TrkWks"=2 (0x2)
      "Themes"=2 (0x2)
      "TermService"=3 (0x3)
      "TapiSrv"=3 (0x3)
      "SysmonLog"=3 (0x3)
      "SwPrv"=3 (0x3)
      "stisvc"=2 (0x2)
      "SSDPSRV"=3 (0x3)
      "srservice"=2 (0x2)
      "Spooler"=2 (0x2)
      "ShellHWDetection"=2 (0x2)
      "SharedAccess"=2 (0x2)
      "SENS"=2 (0x2)
      "seclogon"=2 (0x2)
      "Schedule"=2 (0x2)
      "SCardSvr"=3 (0x3)
      "SCardDrv"=3 (0x3)
      "SamSs"=2 (0x2)
      "RSVP"=3 (0x3)
      "RDSessMgr"=3 (0x3)
      "RasMan"=3 (0x3)
      "RasAuto"=3 (0x3)
      "ProtectedStorage"=2 (0x2)
      "PolicyAgent"=2 (0x2)
      "Pml Driver HPZ12"=2 (0x2)
      "PlugPlay"=2 (0x2)
      "ose"=3 (0x3)
      "NtmsSvc"=3 (0x3)
      "NtLmSsp"=3 (0x3)
      "Nla"=3 (0x3)
      "Netman"=3 (0x3)
      "Netlogon"=3 (0x3)
      "Net Driver HPZ12"=2 (0x2)
      "Nero BackItUp Scheduler 4.0"=2 (0x2)
      "MSIServer"=3 (0x3)
      "MSDTC"=3 (0x3)
      "mnmsrvc"=3 (0x3)
      "MDM"=2 (0x2)
      "LVSrvLauncher"=2 (0x2)
      "LVPrcSrv"=2 (0x2)
      "LmHosts"=2 (0x2)
      "LEC TranslateDotNet Server"=3 (0x3)
      "lanmanworkstation"=2 (0x2)
      "lanmanserver"=2 (0x2)
      "ImapiService"=3 (0x3)
      "HTTPFilter"=3 (0x3)
      "HidServ"=2 (0x2)
      "helpsvc"=2 (0x2)
      "gupdate1c9bf42a4438a2a"=2 (0x2)
      "FastUserSwitchingCompatibility"=3 (0x3)
      "EventSystem"=3 (0x3)
      "Eventlog"=2 (0x2)
      "ERSvc"=2 (0x2)
      "EpsonBidirectionalService"=2 (0x2)
      "Dnscache"=2 (0x2)
      "dmserver"=3 (0x3)
      "dmadmin"=3 (0x3)
      "Dhcp"=2 (0x2)
      "CryptSvc"=2 (0x2)
      "COMSysApp"=3 (0x3)
      "clr_optimization_v2.0.50727_32"=3 (0x3)
      "CiSvc"=3 (0x3)
      "Browser"=2 (0x2)
      "BITS"=3 (0x3)
      "avast! Web Scanner"=3 (0x3)
      "avast! Mail Scanner"=3 (0x3)
      "avast! Antivirus"=2 (0x2)
      "AudioSrv"=2 (0x2)
      "aswUpdSv"=2 (0x2)
      "aspnet_state"=3 (0x3)
      "AppMgmt"=3 (0x3)
      "ALG"=3 (0x3)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\uTorrent\\uTorrent.exe"=
      "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "17601:TCP"= 17601:TCP:BitComet 17601 TCP
      "17601:UDP"= 17601:UDP:BitComet 17601 UDP
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/09/2009 16:54 114768]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/09/2009 16:54 20560]
      R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [18/12/2006 20:38 362688]
      S4 gupdate1c9bf42a4438a2a;Service Google Update (gupdate1c9bf42a4438a2a);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2009 11:55 133104]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      .
      Contenu du dossier 'Tâches planifiées'

      2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]

      2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://lo.st/
      mStart Page = hxxp://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
      uInternet Connection Wizard,ShellNext = iexplore
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4f1088bafcc04244a459a68904098d0a
      IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4f1088bafcc04244a459a68904098d0a
      TCP: {276FEDDC-CAF9-4FB1-83CA-F0BCEFC86E39} = 192.168.2.1
      Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      FF - ProfilePath - c:\documents and settings\CWS Leonard\Application Data\Mozilla\Firefox\Profiles\cqjqjxfy.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FF - prefs.js: browser.search.selectedEngine - DAEMON Search
      FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
      FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
      FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
      FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-09-18 12:29
      Windows 5.1.2600 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
      "Enabled"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker3"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
      "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'explorer.exe'(596)
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files\Alwil Software\Avast4\aswUpdSv.exe
      c:\program files\Alwil Software\Avast4\ashServ.exe
      c:\program files\Alwil Software\Avast4\ashMaiSv.exe
      c:\program files\Alwil Software\Avast4\ashWebSv.exe
      .
      **************************************************************************
      .
      Heure de fin: 2009-09-18 12:32 - La machine a redémarré
      ComboFix-quarantined-files.txt 2009-09-18 10:32
      ComboFix2.txt 2009-09-17 14:59

      Avant-CF: 111.652.544.512 octets libres
      Après-CF: 111.750.508.544 octets libres

      Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
      300 --- E O F --- 2009-09-18 09:52
      0
  3. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    ♦ Télécharge Ad-remover ( de C_XX ) sur ton bureau :

    ♦ Déconnecte toi et ferme toutes applications en cours !

    ♦ Double-clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

    ♦ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    ♦ Au menu principal choisis l'option "L" et tape sur [entrée] .

    ♦ Laisse travailler l'outil et ne touche à rien ...

    ♦ Un rapport est généré, postes le stp

    ( Le rapport est sauvegardé aussi sous C:\Ad-report.log )

    ♦ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
    1. sese
       
      Bonjour

      voici le rapport Ad-Remover

      .
      ======= RAPPORT D'AD-REMOVER 1.1.4.5_V | UNIQUEMENT XP/VISTA/7 =======
      .
      Mit à jour par C_XX le 15/09/2009 à 10:00 PM
      Contact: AdRemover.contact@gmail.com
      Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
      .
      Lancé à: 14:32:24, 18/09/2009 | Mode Normal | Option: CLEAN
      Exécuté de: C:\Program Files\Ad-Remover\
      Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
      Nom du PC: LEONARD | Utilisateur actuel: CWS Leonard
      .
      ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
      .
      .
      HKCU\Software\EoRezo
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
      HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
      HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
      HKLM\Software\Trymedia Systems
      HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{08165EA0-E946-11CF-9C87-00AA005127ED}
      HKLM\Software\Classes\CLSID\{8A60B490-CFA0-4D00-AFC8-8E350F660061}
      .
      C:\Documents and Settings\CWS Leonard\Application Data\EoRezo
      C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\cmhost.cyp
      C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\ConfMedia.cyp
      C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\db
      C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\db\cat.cyp
      C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\eoDesktop
      C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\eoDesktop\config.xml
      C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\eoDesktop\eoDesktop.html
      C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\eoDesktop\userConfig.xml
      C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\host.cyp
      C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\user.cyp
      C:\Program Files\AskTBar
      C:\Program Files\AskTBar\bar
      C:\Program Files\AskTBar\bar\History
      C:\Program Files\AskTBar\bar\History\search2
      C:\Program Files\AskTBar\bar\Settings
      C:\Program Files\AskTBar\PopSwatr
      C:\Program Files\AskTBar\PopSwatr\History
      C:\Program Files\AskTBar\PopSwatr\History\allowed
      C:\Program Files\AskTBar\PopSwatr\History\notallow

      (!) -- Fichiers temporaires supprimés.

      .
      ============== Scan additionnel ==============
      .
      .
      * Mozilla FireFox Version 3.5.3 *
      .
      Nom du profil: cqjqjxfy.default (CWS Leonard)
      .
      (Prefs.js) user_pref("browser.search.defaultenginename", "Yahoo");
      (Prefs.js) user_pref("browser.search.selectedEngine", "DAEMON Search");
      (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
      (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.3");
      .
      .
      * Internet Explorer Version 6.0.2900.2180 *
      .
      [HKEY_CURRENT_USER\..\Internet Explorer\Main]
      .
      Start Page: hxxp://fr.msn.com/
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
      .
      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start Page: hxxp://fr.msn.com/
      Search bar: hxxp://search.msn.com/spbasic.htm
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
      .
      Tabs: res://ieframe.dll/tabswelcome.htm
      .
      ===================================
      .
      3821 Octet(s) - C:\Ad-Report-CLEAN.log
      .
      1 Fichier(s) - C:\DOCUME~1\CWSLEO~1\LOCALS~1\Temp
      2 Fichier(s) - C:\WINDOWS\Temp
      .
      18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
      8 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
      .
      Fin à: 14:38:35 | 18/09/2009
      .
      ============== E.O.F ==============
      .
      0
  4. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    - Met un coup de ccleaner >> nettoyage
    Puis, clique sur " Registre " -->" Chercher des erreurs " --> " corriger les erreurs "
    --> Recommence l'opération jusqu'à 0 erreur --> réponds Non à la sauvegarde

    ------------------------------
    Telecharges RSIT " Random's System Information Tool " sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe

    - Fermes toutes les applications en cours et double clic sur RSIT.exe
    - Selectionnes " Continue " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est present sur le pc, si ce n'est pas le cas, RSIT le telechargera >> acceptes la license
    - Une fois l'analyse terminée, 2 rapports.txt s'ouvrent, log.txt à l'écran et info.txt dans la barre des taches
    - Postes le contenu des 2 rapports
    0
    1. sese
       
      bonjour en faisant le nettoyage de regitre je n'arrive pas a supprimer 2 ligne (essai 5 fois)

      je lance tout de meme RSIT et je reviens
      0
    2. sese
       
      voici donc les 2 rapports

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by CWS Leonard at 2009-09-18 14:59:37
      Microsoft Windows XP Édition familiale Service Pack 2
      System drive C: has 107 GB (70%) free of 153 GB
      Total RAM: 510 MB (50% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:59:48, on 18/09/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\explorer.exe
      C:\Documents and Settings\CWS Leonard\Bureau\RSIT.exe
      C:\Documents and Settings\CWS Leonard\Bureau\CWS Leonard.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4f1088bafcc04244a459a68904098d0a
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4f1088bafcc04244a459a68904098d0a
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O17 - HKLM\System\CCS\Services\Tcpip\..\{276FEDDC-CAF9-4FB1-83CA-F0BCEFC86E39}: NameServer = 192.168.2.1
      O18 - Protocol: bw+0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. freelog Messages postés 2181 Statut Membre 136
     
    C:\Documents and Settings\CWS Leonard\Application Data\EoRezo
    0
  7. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    C:\Documents and Settings\CWS Leonard\Application Data\EoRezo

    --> Et alors ?
    0
  8. freelog Messages postés 2181 Statut Membre 136
     
    désolé Eorozo y a truc pour le virer
    mais je me mèle de ce qui me rgarde pas
    c'est plus fort que moi
    0
  9. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Bonjour,

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

    • Lance l'installation du programme en exécutant le fichier téléchargé.
    • Double-clique maintenant sur le raccourci de Toolbar-S&D.
    • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    • Poste le rapport généré. (C:\TB.txt)
    0
    1. sese
       
      bonjour

      voici le rapport toolbar
      merci
      sese


      -----------\\ ToolBar S&D 1.2.9 XP/Vista

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
      BIOS : Version 5.00 R1.04-01.1826
      USER : CWS Leonard ( Administrator )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1351 [VPS 090920-0] 4.8.1351 (Activated)
      C:\ (Local Disk) - NTFS - Total:149 Go (Free:103 Go)
      D:\ (CD or DVD)
      E:\ (CD or DVD)
      F:\ (USB)
      G:\ (USB)
      H:\ (USB)
      I:\ (USB)
      J:\ (USB)

      "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
      Option : [1] ( 21/09/2009| 9:20 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\Program Files\DAEMON Tools Toolbar
      C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
      C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
      C:\Program Files\DAEMON Tools Toolbar\Resources
      C:\Program Files\DAEMON Tools Toolbar\uninst.exe
      C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome
      C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome.manifest
      C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components
      C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\install.rdf
      C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome\dttoolbar.jar
      C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
      C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.xpt
      C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\as.png
      C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png
      C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml
      C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml
      C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif
      C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml
      C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico
      C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico

      -----------\\ Extensions

      (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

      (CWS Leonard) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="https://www.msn.com/fr-fr"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Start Page"="https://www.msn.com/fr-fr"
      "Search bar"="http://www.bing.com/spresults.aspx"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !


      1 - "C:\ToolBar SD\TB_1.txt" - 21/09/2009| 9:21 - Option : [1]

      -----------\\ Fin du rapport a 9:21:47,18
      0
  10. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Salut,

    Relance ToolbarSD et choisis l'option2 (suppression)

    --> laisse l'outil travailler et ne ferme aucune fenêtre

    --> Un rapport sera généré, poste le stp

    Note : le rapport est également à C:\TB.txt
    0
    1. sese
       
      merci

      voici le second rapport


      -----------\\ ToolBar S&D 1.2.9 XP/Vista

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
      BIOS : Version 5.00 R1.04-01.1826
      USER : CWS Leonard ( Administrator )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1351 [VPS 090920-0] 4.8.1351 (Activated)
      C:\ (Local Disk) - NTFS - Total:149 Go (Free:104 Go)
      D:\ (CD or DVD)
      E:\ (CD or DVD)
      F:\ (USB)
      G:\ (USB)
      H:\ (USB)
      I:\ (USB)
      J:\ (USB)

      "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
      Option : [2] ( 21/09/2009|16:26 )

      -----------\\ SUPPRESSION

      Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
      Supprime! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
      Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
      Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
      Supprime! - C:\Program Files\DAEMON Tools Toolbar

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ Extensions

      (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

      (CWS Leonard) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="https://www.msn.com/fr-fr"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Start Page"="https://www.msn.com/fr-fr/"
      "Search bar"="http://www.bing.com/spresults.aspx"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !


      1 - "C:\ToolBar SD\TB_1.txt" - 21/09/2009| 9:21 - Option : [1]
      2 - "C:\ToolBar SD\TB_2.txt" - 21/09/2009|16:27 - Option : [2]

      -----------\\ Fin du rapport a 16:27:57,37
      0
  11. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Très bien,

    - Je te conseille de changer d'antivirus car Avast n'est plus l'antivirus qu'il était, supprimes Avast à partir du panneau de conf--> ajouter/supprimer un programme
    Désactive le résident avant de lancer la désinstallation --> clic-droit sur l'icône d'Avast en bas à droite

    Télécharge Avira antivir

    Sers-toi de ce tutoriel pour l'installer correctement

    * Installe Antivir et mets-le à jour.
    * Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
    * Dans Antivir, choisis Outils puis Configuration.
    * Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

    Une fois à jour et paramétré, redémarre le pc en " Mode sans échec " :

    - Au démarrage de l'ordi, tapotes sur la touche F8 ou F5 de ton clavier ( juste après le bip du bios et avant l'apparition du logo " Windows ")
    - Un écran avec plusieurs choix apparaitra, sélectionne à l'aide des flèches du clavier, le mode sans échec et valides avec la touche " Entrée "

    - Une fois en mode sans échec, lance un scan et poste le rapport généré à la fin stp.
    0
  12. sese
     
    bonjour

    impossible d'installer antivir!!!! (je suis actuellement en mode DIAG car impossible de travailler en mode normal)

    il me fait l'extraction ensuite il y a le message " installation en cours de preparation" puis plus rien
    je remets avast en attendant pour eviter les mauvaises surprises
    0
  13. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Télécharge gmer sur le bureau et dézippe-le (clic droit et extraire ici) :
    http://www2.gmer.net/gmer.zip

    * Double-clique sur gmer.exe sur le bureau. Si ton antivirus réagit, ne t'inquiète pas et ignore l'alerte.
    * Clique sur l'onglet "rootkit", puis clique sur scan.
    * A la fin du scan, clique sur le bouton copy.
    * Dans démarrer>programmes>accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
    * poste le rapport stp ...
    0
    1. sese
       
      bonjour

      voici le rapport Gmer


      ---- Registry - GMER 1.0.15 ----

      Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
      Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
      Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x62 0x12 0x84 ...
      Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
      Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0xF0 0x9B 0x09 ...
      Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x1D 0xE0 0x56 ...
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx@start 1
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx@type 1
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx@group file system
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx@imagepath \systemroot\system32\drivers\kbiwkmwsklypni.sys
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main@aid 10002
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main@sid 1
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main@cmddelay 14400
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main\delete (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main\injector (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main\injector@* kbiwkmwsp8.dll
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main\tasks (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmwsklypni.sys
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmqoirqvov.dll
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmmpjyutpb.dat
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmjnptjkvt.dll
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules@kbiwkm.dat \systemroot\system32\kbiwkmjcxiwwow.dat
      Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules@kbiwkmwsp8.dll \systemroot\system32\kbiwkmabdpybiq.dll
      Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
      Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x62 0x12 0x84 ...
      Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0xF0 0x9B 0x09 ...
      Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x1D 0xE0 0x56 ...
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x62 0x12 0x84 ...
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0xF0 0x9B 0x09 ...
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x1D 0xE0 0x56 ...
      Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
      Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x62 0x12 0x84 ...
      Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0xF0 0x9B 0x09 ...
      Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x1D 0xE0 0x56 ...
      Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
      Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
      Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
      Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
      Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
      Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

      ---- EOF - GMER 1.0.15 ----
      0
  14. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Salut,

    Le rootkit est de retour, on va essayer une méthode qui devrait permettre de le virer avec Malwarebytes :

    * Télécharge Rootrepeal
    * Dézippe-le sur le Bureau (Fais un clic droit sur l'archive et choisis extraire vers> Bureau),
    * Double-clique sur Rootrepeal.exe
    * Clique sur l'onglet File et choisis Scan. L'analyse peut durer quelques minutes,
    * Clique sur "Save report". Enregistre le rapport sur le Bureau en lui donnant le nom Rootrepeal.txt,
    * Ouvre ce rapport, fais CTRL+A pour tout sélectionner, CTRL+C pour copier son contenu, CTRL+V pour coller ce rapport dans ta prochaine réponse,

    *Au cas où le rapport serait trop long, utilises cijoint pour le poster : http://www.cijoint.fr/

    Cliques sur <Parcourir> et cherche le fichier C:

    Cliques sur <Ouvrir>.

    Cliques sur "Cliquez ici pour déposer le fichier".

    Un lien présenté sous cette forme ( ci-dessous) sera généré :

    hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijWLET7cO.txt

    Copie celui-ci dans ta réponse.
    0
    1. sese
       
      bonjour

      voici le rapport Rootpeal

      http://www.cijoint.fr/cjlink.php?file=cj200909/cijtA7q3cy.txt

      merci
      0
  15. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Mouais, on va faire autrement,

    Dans l'ordre :

    1°) Supprimes la version de combofix sur ton bureau :

    Clique sur Démarrer puis Exécuter. Tapes combofix /u dans la zone de saisie puis OK.
    - ( il y a un espace entre combofix et /u)

    --> Supprime C:\qoobox

    2°) Télécharge Combofix en prenant soin de le renommer ( c'est important)

    Regarde là en cas de difficulté : renommer Combofix au téléchargement

    * Fais un clic droit ici
    * Choisir : Enregistrer la cible du lien sous
    * Choisir le Bureau comme destination.
    * Dans le champ "Nom du fichier", renommer ComboFix.exe en CCM.exe par exemple, puis enregistrez.
    * Déconnecte-toi d'Internet et ferme toutes les applications et programmes.
    * Désactive tes défenses ( antivirus, antispyware...)
    * Double-clique sur CCM.exe pour lancer le fix
    * Accepte le message d'avertissement et accepte l'installation de la Console de récupération.
    * Le rapport sera créé sous la racine : C:\Combofix.txt , poste le stp
    0
    1. sese
       
      voici donc le rapport

      ComboFix 09-09-21.04 - CWS Leonard 22/09/2009 17:12.4.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.510.247 [GMT 2:00]
      Lancé depuis: c:\documents and settings\CWS Leonard\Bureau\CCM.exe
      AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
      .

      ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-22 au 2009-09-22 ))))))))))))))))))))))))))))))))))))
      .

      2009-09-21 15:43 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2009-09-21 15:43 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
      2009-09-21 15:43 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
      2009-09-21 15:43 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
      2009-09-21 15:43 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
      2009-09-21 15:43 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2009-09-21 15:43 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2009-09-21 15:43 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
      2009-09-21 15:43 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
      2009-09-21 07:19 . 2009-09-21 14:27 -------- d-----w- C:\ToolBar SD
      2009-09-18 12:59 . 2009-09-18 12:59 -------- d-----w- C:\rsit
      2009-09-18 12:32 . 2009-09-18 12:38 -------- d-----w- c:\program files\Ad-Remover
      2009-09-16 14:52 . 2009-09-16 14:52 -------- d-----w- c:\program files\Alwil Software
      2009-09-16 08:51 . 2009-09-16 08:51 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Malwarebytes
      2009-09-16 08:51 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-09-16 08:50 . 2009-09-16 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-09-16 08:50 . 2009-09-16 08:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-09-16 08:50 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-09-15 14:50 . 2009-09-15 14:54 -------- d-----w- c:\windows\SxsCaPendDel
      2009-09-15 14:06 . 2009-09-15 14:06 -------- d-----w- c:\documents and settings\CWS Leonard\Tracing
      2009-09-15 14:03 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
      2009-09-15 13:57 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
      2009-09-15 13:55 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft
      2009-09-15 13:55 . 2009-09-15 13:55 -------- d-----w- c:\program files\Windows Live SkyDrive
      2009-09-15 13:55 . 2009-09-15 14:49 -------- d-----w- c:\program files\Windows Live
      2009-09-15 13:49 . 2009-09-15 13:49 -------- d-----w- c:\program files\Fichiers communs\Windows Live

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-09-22 06:50 . 2004-08-05 12:00 92728 ----a-w- c:\windows\system32\perfh00C.dat
      2009-09-22 06:50 . 2004-08-05 12:00 112518 ----a-w- c:\windows\system32\perfc00C.dat
      2009-09-15 14:06 . 2007-05-29 09:53 64576 ----a-w- c:\documents and settings\CWS Leonard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-09-15 13:58 . 2007-07-30 09:02 -------- d-----w- c:\program files\Windows Live Toolbar
      2009-09-10 07:51 . 2008-12-15 08:27 -------- d-----w- c:\program files\Microsoft Silverlight
      2009-08-31 13:16 . 2008-07-23 14:57 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\uTorrent
      2009-08-26 08:12 . 2009-07-09 14:46 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\vlc
      2009-08-14 09:48 . 2009-03-02 12:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
      2009-08-11 16:28 . 2008-07-28 12:30 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\dvdcss
      2009-08-10 06:57 . 2009-03-02 12:56 -------- d--h--w- c:\program files\InstallShield Installation Information
      2009-08-05 15:54 . 2009-07-23 09:04 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Image Zone Express
      2009-08-05 12:25 . 2006-12-18 23:10 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Skype
      2009-08-05 12:23 . 2009-03-09 14:22 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\skypePM
      2009-08-05 09:06 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
      2009-07-17 18:56 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
      2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
      2009-07-09 07:27 . 2006-12-18 19:06 98304 ----a-w- c:\windows\DUMP5f85.tmp
      2009-06-26 16:18 . 2004-08-05 12:00 663552 ------w- c:\windows\system32\wininet.dll
      2009-06-26 16:18 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
      2009-06-25 08:44 . 2004-08-05 12:00 731136 ----a-w- c:\windows\system32\lsasrv.dll
      2009-06-25 08:44 . 2004-08-05 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
      2009-06-25 08:44 . 2004-08-05 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
      2009-06-25 08:44 . 2004-08-05 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
      2009-06-25 08:44 . 2004-08-05 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
      2009-06-25 08:44 . 2004-08-05 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
      2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk /r \??\L:\0autocheck autochk *

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check(2).lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(2).lnk
      backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
      backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
      backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "xmlprov"=3 (0x3)
      "WZCSVC"=2 (0x2)
      "WudfSvc"=3 (0x3)
      "wuauserv"=2 (0x2)
      "wscsvc"=2 (0x2)
      "WMPNetworkSvc"=3 (0x3)
      "WmiApSrv"=3 (0x3)
      "WmdmPmSN"=3 (0x3)
      "WinVNC4"=2 (0x2)
      "winmgmt"=2 (0x2)
      "WebClient"=2 (0x2)
      "W32Time"=2 (0x2)
      "VSS"=3 (0x3)
      "UStorage Server Service"=2 (0x2)
      "UPS"=3 (0x3)
      "upnphost"=2 (0x2)
      "TrkWks"=2 (0x2)
      "Themes"=2 (0x2)
      "TermService"=3 (0x3)
      "TapiSrv"=3 (0x3)
      "SysmonLog"=3 (0x3)
      "SwPrv"=3 (0x3)
      "stisvc"=2 (0x2)
      "SSDPSRV"=3 (0x3)
      "srservice"=2 (0x2)
      "Spooler"=2 (0x2)
      "ShellHWDetection"=2 (0x2)
      "SharedAccess"=2 (0x2)
      "SENS"=2 (0x2)
      "seclogon"=2 (0x2)
      "Schedule"=2 (0x2)
      "SCardSvr"=3 (0x3)
      "SCardDrv"=3 (0x3)
      "SamSs"=2 (0x2)
      "RSVP"=3 (0x3)
      "RDSessMgr"=3 (0x3)
      "RasMan"=3 (0x3)
      "RasAuto"=3 (0x3)
      "ProtectedStorage"=2 (0x2)
      "PolicyAgent"=2 (0x2)
      "Pml Driver HPZ12"=2 (0x2)
      "PlugPlay"=2 (0x2)
      "ose"=3 (0x3)
      "NtmsSvc"=3 (0x3)
      "NtLmSsp"=3 (0x3)
      "Nla"=3 (0x3)
      "Netman"=3 (0x3)
      "Netlogon"=3 (0x3)
      "Net Driver HPZ12"=2 (0x2)
      "Nero BackItUp Scheduler 4.0"=2 (0x2)
      "MSIServer"=3 (0x3)
      "MSDTC"=3 (0x3)
      "mnmsrvc"=3 (0x3)
      "MDM"=2 (0x2)
      "LVSrvLauncher"=2 (0x2)
      "LVPrcSrv"=2 (0x2)
      "LmHosts"=2 (0x2)
      "LEC TranslateDotNet Server"=3 (0x3)
      "lanmanworkstation"=2 (0x2)
      "lanmanserver"=2 (0x2)
      "ImapiService"=3 (0x3)
      "HTTPFilter"=3 (0x3)
      "HidServ"=2 (0x2)
      "helpsvc"=2 (0x2)
      "gupdate1c9bf42a4438a2a"=2 (0x2)
      "FastUserSwitchingCompatibility"=3 (0x3)
      "EventSystem"=3 (0x3)
      "Eventlog"=2 (0x2)
      "ERSvc"=2 (0x2)
      "EpsonBidirectionalService"=2 (0x2)
      "Dnscache"=2 (0x2)
      "dmserver"=3 (0x3)
      "dmadmin"=3 (0x3)
      "Dhcp"=2 (0x2)
      "CryptSvc"=2 (0x2)
      "COMSysApp"=3 (0x3)
      "clr_optimization_v2.0.50727_32"=3 (0x3)
      "CiSvc"=3 (0x3)
      "Browser"=2 (0x2)
      "BITS"=3 (0x3)
      "avast! Web Scanner"=3 (0x3)
      "avast! Mail Scanner"=3 (0x3)
      "avast! Antivirus"=2 (0x2)
      "AudioSrv"=2 (0x2)
      "aswUpdSv"=2 (0x2)
      "aspnet_state"=3 (0x3)
      "AppMgmt"=3 (0x3)
      "ALG"=3 (0x3)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\uTorrent\\uTorrent.exe"=
      "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "17601:TCP"= 17601:TCP:BitComet 17601 TCP
      "17601:UDP"= 17601:UDP:BitComet 17601 UDP
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/09/2009 17:43 114768]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/09/2009 17:43 20560]
      R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [18/12/2006 20:38 362688]
      S4 gupdate1c9bf42a4438a2a;Service Google Update (gupdate1c9bf42a4438a2a);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2009 11:55 133104]

      --- Autres Services/Pilotes en mémoire ---

      *NewlyCreated* - ASWUPDSV
      *NewlyCreated* - AVAST!_ANTIVIRUS
      *NewlyCreated* - AVAST!_MAIL_SCANNER
      *NewlyCreated* - AVAST!_WEB_SCANNER
      *NewlyCreated* - UFRDAPOG
      *Deregistered* - ufrdapog

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      .
      Contenu du dossier 'Tâches planifiées'

      2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]

      2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]
      .
      .
      ------- Examen supplémentaire -------
      .
      mWindow Title =
      uInternet Connection Wizard,ShellNext = iexplore
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4f1088bafcc04244a459a68904098d0a
      IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4f1088bafcc04244a459a68904098d0a
      TCP: {276FEDDC-CAF9-4FB1-83CA-F0BCEFC86E39} = 192.168.2.1
      Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      FF - ProfilePath - c:\documents and settings\CWS Leonard\Application Data\Mozilla\Firefox\Profiles\cqjqjxfy.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FF - prefs.js: browser.search.selectedEngine - DAEMON Search
      FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
      FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
      FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-09-22 17:15
      Windows 5.1.2600 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
      "Enabled"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker3"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
      "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'explorer.exe'(3080)
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      Heure de fin: 2009-09-22 17:17
      ComboFix-quarantined-files.txt 2009-09-22 15:16
      ComboFix2.txt 2009-09-22 15:10

      Avant-CF: 111.787.540.480 octets libres
      Après-CF: 111.773.093.888 octets libres

      Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
      276 --- E O F --- 2009-09-18 09:52
      0
  16. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    - Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes :
    
    
    KILLALL::
    
    File::
    c:\windows\system32\drivers\lvuvc.hs 
    c:\windows\DUMP5f85.tmpw


    - Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)

    - Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est).

    - Désactive ton antivirus et tes autres protections résidentes.

    - Fais un glissé/déposé de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image

    ( Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).

    - Cela va relancer Combofix

    - Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !

    - Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !

    - Une fois le scan achevé, un rapport va s'afficher: poste le stp.

    Puis relances un scan rapide avec Malwarebytes et poste le rapport stp

    Edit : Mets à jour MBAM avant de lancer le scan

    0
    1. sese
       
      bonjour

      voici le rapport combofix

      merci

      ComboFix 09-09-21.04 - CWS Leonard 23/09/2009 8:48.5.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.510.319 [GMT 2:00]
      Lancé depuis: c:\documents and settings\CWS Leonard\Bureau\CCM.exe
      Commutateurs utilisés :: c:\documents and settings\CWS Leonard\Bureau\CFScript.txt
      AV: avast! antivirus 4.8.1351 [VPS 090922-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

      FILE ::
      "c:\windows\DUMP5f85.tmpw"
      "c:\windows\system32\drivers\lvuvc.hs"
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\drivers\lvuvc.hs

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-23 au 2009-09-23 ))))))))))))))))))))))))))))))))))))
      .

      2009-09-21 15:43 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2009-09-21 15:43 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
      2009-09-21 15:43 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
      2009-09-21 15:43 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
      2009-09-21 15:43 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
      2009-09-21 15:43 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2009-09-21 15:43 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2009-09-21 15:43 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
      2009-09-21 15:43 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
      2009-09-21 07:19 . 2009-09-21 14:27 -------- d-----w- C:\ToolBar SD
      2009-09-18 12:59 . 2009-09-18 12:59 -------- d-----w- C:\rsit
      2009-09-18 12:32 . 2009-09-18 12:38 -------- d-----w- c:\program files\Ad-Remover
      2009-09-16 14:52 . 2009-09-16 14:52 -------- d-----w- c:\program files\Alwil Software
      2009-09-16 08:51 . 2009-09-16 08:51 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Malwarebytes
      2009-09-16 08:51 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-09-16 08:50 . 2009-09-16 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-09-16 08:50 . 2009-09-16 08:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-09-16 08:50 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-09-15 14:50 . 2009-09-15 14:54 -------- d-----w- c:\windows\SxsCaPendDel
      2009-09-15 14:06 . 2009-09-15 14:06 -------- d-----w- c:\documents and settings\CWS Leonard\Tracing
      2009-09-15 14:03 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
      2009-09-15 13:57 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
      2009-09-15 13:55 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft
      2009-09-15 13:55 . 2009-09-15 13:55 -------- d-----w- c:\program files\Windows Live SkyDrive
      2009-09-15 13:55 . 2009-09-15 14:49 -------- d-----w- c:\program files\Windows Live
      2009-09-15 13:49 . 2009-09-15 13:49 -------- d-----w- c:\program files\Fichiers communs\Windows Live

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-09-23 06:39 . 2004-08-05 12:00 93106 ----a-w- c:\windows\system32\perfh00C.dat
      2009-09-23 06:39 . 2004-08-05 12:00 112666 ----a-w- c:\windows\system32\perfc00C.dat
      2009-09-15 14:06 . 2007-05-29 09:53 64576 ----a-w- c:\documents and settings\CWS Leonard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-09-15 13:58 . 2007-07-30 09:02 -------- d-----w- c:\program files\Windows Live Toolbar
      2009-09-10 07:51 . 2008-12-15 08:27 -------- d-----w- c:\program files\Microsoft Silverlight
      2009-08-31 13:16 . 2008-07-23 14:57 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\uTorrent
      2009-08-26 08:12 . 2009-07-09 14:46 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\vlc
      2009-08-11 16:28 . 2008-07-28 12:30 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\dvdcss
      2009-08-10 06:57 . 2009-03-02 12:56 -------- d--h--w- c:\program files\InstallShield Installation Information
      2009-08-05 15:54 . 2009-07-23 09:04 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Image Zone Express
      2009-08-05 12:25 . 2006-12-18 23:10 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Skype
      2009-08-05 12:23 . 2009-03-09 14:22 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\skypePM
      2009-08-05 09:06 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
      2009-07-17 18:56 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
      2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
      2009-07-09 07:27 . 2006-12-18 19:06 98304 ----a-w- c:\windows\DUMP5f85.tmp
      2009-06-26 16:18 . 2004-08-05 12:00 663552 ------w- c:\windows\system32\wininet.dll
      2009-06-26 16:18 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
      2009-06-25 08:44 . 2004-08-05 12:00 731136 ----a-w- c:\windows\system32\lsasrv.dll
      2009-06-25 08:44 . 2004-08-05 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
      2009-06-25 08:44 . 2004-08-05 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
      2009-06-25 08:44 . 2004-08-05 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
      2009-06-25 08:44 . 2004-08-05 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
      2009-06-25 08:44 . 2004-08-05 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
      2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
      .

      ((((((((((((((((((((((((((((( SnapShot@2009-09-22_15.15.36 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2009-09-23 07:01 . 2009-09-23 07:01 16384 c:\windows\Temp\Perflib_Perfdata_4b8.dat
      + 2004-08-05 12:00 . 2009-09-23 06:39 92454 c:\windows\system32\perfc009.dat
      + 2004-08-05 12:00 . 2009-09-23 06:39 480016 c:\windows\system32\perfh009.dat
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk /r \??\L:\0autocheck autochk *

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check(2).lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(2).lnk
      backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
      backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
      backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "xmlprov"=3 (0x3)
      "WZCSVC"=2 (0x2)
      "WudfSvc"=3 (0x3)
      "wuauserv"=2 (0x2)
      "wscsvc"=2 (0x2)
      "WMPNetworkSvc"=3 (0x3)
      "WmiApSrv"=3 (0x3)
      "WmdmPmSN"=3 (0x3)
      "WinVNC4"=2 (0x2)
      "winmgmt"=2 (0x2)
      "WebClient"=2 (0x2)
      "W32Time"=2 (0x2)
      "VSS"=3 (0x3)
      "UStorage Server Service"=2 (0x2)
      "UPS"=3 (0x3)
      "upnphost"=2 (0x2)
      "TrkWks"=2 (0x2)
      "Themes"=2 (0x2)
      "TermService"=3 (0x3)
      "TapiSrv"=3 (0x3)
      "SysmonLog"=3 (0x3)
      "SwPrv"=3 (0x3)
      "stisvc"=2 (0x2)
      "SSDPSRV"=3 (0x3)
      "srservice"=2 (0x2)
      "Spooler"=2 (0x2)
      "ShellHWDetection"=2 (0x2)
      "SharedAccess"=2 (0x2)
      "SENS"=2 (0x2)
      "seclogon"=2 (0x2)
      "Schedule"=2 (0x2)
      "SCardSvr"=3 (0x3)
      "SCardDrv"=3 (0x3)
      "SamSs"=2 (0x2)
      "RSVP"=3 (0x3)
      "RDSessMgr"=3 (0x3)
      "RasMan"=3 (0x3)
      "RasAuto"=3 (0x3)
      "ProtectedStorage"=2 (0x2)
      "PolicyAgent"=2 (0x2)
      "Pml Driver HPZ12"=2 (0x2)
      "PlugPlay"=2 (0x2)
      "ose"=3 (0x3)
      "NtmsSvc"=3 (0x3)
      "NtLmSsp"=3 (0x3)
      "Nla"=3 (0x3)
      "Netman"=3 (0x3)
      "Netlogon"=3 (0x3)
      "Net Driver HPZ12"=2 (0x2)
      "Nero BackItUp Scheduler 4.0"=2 (0x2)
      "MSIServer"=3 (0x3)
      "MSDTC"=3 (0x3)
      "mnmsrvc"=3 (0x3)
      "MDM"=2 (0x2)
      "LVSrvLauncher"=2 (0x2)
      "LVPrcSrv"=2 (0x2)
      "LmHosts"=2 (0x2)
      "LEC TranslateDotNet Server"=3 (0x3)
      "lanmanworkstation"=2 (0x2)
      "lanmanserver"=2 (0x2)
      "ImapiService"=3 (0x3)
      "HTTPFilter"=3 (0x3)
      "HidServ"=2 (0x2)
      "helpsvc"=2 (0x2)
      "gupdate1c9bf42a4438a2a"=2 (0x2)
      "FastUserSwitchingCompatibility"=3 (0x3)
      "EventSystem"=3 (0x3)
      "Eventlog"=2 (0x2)
      "ERSvc"=2 (0x2)
      "EpsonBidirectionalService"=2 (0x2)
      "Dnscache"=2 (0x2)
      "dmserver"=3 (0x3)
      "dmadmin"=3 (0x3)
      "Dhcp"=2 (0x2)
      "CryptSvc"=2 (0x2)
      "COMSysApp"=3 (0x3)
      "clr_optimization_v2.0.50727_32"=3 (0x3)
      "CiSvc"=3 (0x3)
      "Browser"=2 (0x2)
      "BITS"=3 (0x3)
      "avast! Web Scanner"=3 (0x3)
      "avast! Mail Scanner"=3 (0x3)
      "avast! Antivirus"=2 (0x2)
      "AudioSrv"=2 (0x2)
      "aswUpdSv"=2 (0x2)
      "aspnet_state"=3 (0x3)
      "AppMgmt"=3 (0x3)
      "ALG"=3 (0x3)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\uTorrent\\uTorrent.exe"=
      "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "17601:TCP"= 17601:TCP:BitComet 17601 TCP
      "17601:UDP"= 17601:UDP:BitComet 17601 UDP
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/09/2009 17:43 114768]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/09/2009 17:43 20560]
      R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [18/12/2006 20:38 362688]
      S4 gupdate1c9bf42a4438a2a;Service Google Update (gupdate1c9bf42a4438a2a);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2009 11:55 133104]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      .
      Contenu du dossier 'Tâches planifiées'

      2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]

      2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]
      .
      .
      ------- Examen supplémentaire -------
      .
      mWindow Title =
      uInternet Connection Wizard,ShellNext = iexplore
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4f1088bafcc04244a459a68904098d0a
      IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4f1088bafcc04244a459a68904098d0a
      TCP: {276FEDDC-CAF9-4FB1-83CA-F0BCEFC86E39} = 192.168.2.1
      Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      FF - ProfilePath - c:\documents and settings\CWS Leonard\Application Data\Mozilla\Firefox\Profiles\cqjqjxfy.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FF - prefs.js: browser.search.selectedEngine - DAEMON Search
      FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
      FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
      FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-09-23 09:01
      Windows 5.1.2600 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
      "Enabled"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker3"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
      "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'explorer.exe'(1488)
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files\Alwil Software\Avast4\aswUpdSv.exe
      c:\program files\Alwil Software\Avast4\ashServ.exe
      c:\program files\Alwil Software\Avast4\ashMaiSv.exe
      c:\program files\Alwil Software\Avast4\ashWebSv.exe
      c:\windows\system32\wbem\wmiadap.exe
      .
      **************************************************************************
      .
      Heure de fin: 2009-09-23 9:05 - La machine a redémarré
      ComboFix-quarantined-files.txt 2009-09-23 07:05
      ComboFix2.txt 2009-09-22 15:17
      ComboFix3.txt 2009-09-22 15:10

      Avant-CF: 111.722.262.528 octets libres
      Après-CF: 111.738.003.456 octets libres

      Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
      293 --- E O F --- 2009-09-23 06:41
      0