Sujet Précédent Sujet Suivant

Un autre PC verollé

Fermé
sese - 17 sept. 2009 à 16:19
 sese - 23 sept. 2009 à 09:16
Bonjour,

comme vous l'indique mon titre nous avons un autre PC qui semble tres infecté

le seul moyen pour pouvoir faire quoi que ce soit a été de le redemarrer en mode diagnostic (mode sans echec impossible!!!!)

j'ai enfin reussi a lui installer AVAST

voici les rapports malwarebytes avant blocage et hijackthis fait en mode diagnostic (impossible de le faire autrement) :

merci d'avance pour votre aide


Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2809
Windows 5.1.2600 Service Pack 2

16/09/2009 11:19:53
mbam-log-2009-09-16 (11-19-53).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 141767
Temps écoulé: 26 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 18

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\system32\kbiwkmabdpybiq.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StormCodec_Helper (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
\\?\globalroot\systemroot\system32\kbiwkmabdpybiq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbiwkmabdpybiq.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmjnptjkvt.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmqoirqvov.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\kbiwkmwsklypni.sys (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\kbiwkmsielixjkyi.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\CWS Leonard\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\CWS Leonard\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\CWS Leonard\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\CWS Leonard\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbiwkmjcxiwwow.dat (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmmpjyutpb.dat (Rootkit.TDSS) -> Delete on reboot.

*************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:47, on 17/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\CWS Leonard\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@0 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@0 (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4f1088bafcc04244a459a68904098d0a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4f1088bafcc04244a459a68904098d0a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{276FEDDC-CAF9-4FB1-83CA-F0BCEFC86E39}: NameServer = 192.168.2.1
O18 - Protocol: bw+0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
A voir également:

15 réponses

Réponse 1 / 15
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
17 sept. 2009 à 16:24
Salut,

Supprime la quarantaine de Malwarebytes et redémarre le pc

--> onglet "quarantaine -->supprime tout

---------------------

Télécharge et installe ccleaner

- Durant l'installation, décoche la case proposant la barre d'outils yahoo et celle : " ajouter l'option des mises à jour"

- Une fois installé, fermes toutes les applications en cours et lance ccleaner

- clic -->>option -->> avancé et décoche " effacer les fichiers etc... plus vieux que 48h

- Sélectionne " nettoyeur " >> clic sur Analyse puis nettoyage, puis referme le programme...

---------------------------

Télécharge Combofix et enregistres le sur ton bureau


/!\ Désactives la garde ton antivirus /!\


- Déconnecte toi et ferme toutes les applications en cours

- Double clic sur Combofix.exe >> un message apparait > réponds " oui "

- ( Il est conseillé d'installer la console de récupérations)

- Sélectionnes la langue et presse la touche 1 ( yes) pour lancer le scan

/!\ Ne touche ni à la souris, ni au clavier durant le scan, cela pourrait figer l'ordi /!\

- A la fin du scan, Combofix aura besoin de redémarrer pour finir la désinfection, laisse le faire

- Une fois terminé, un rapport s'affiche, poste son contenu que tu peux aussi trouver à c:\combofix.txt

Tutoriel et guide officiel Combofix
0
sese
17 sept. 2009 à 17:06
Merci beaucoup pour cette réponse rapide

voici le rapport Combofix

ComboFix 09-09-16.05 - CWS Leonard 17/09/2009 16:48.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.510.162 [GMT 2:00]
Lancé depuis: c:\documents and settings\CWS Leonard\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\CWS Leonard\Application Data\Microsoft\Clip Organizer\mstore10.mgc
c:\documents and settings\CWS Leonard\Application Data\Microsoft\Clip Organizer\Offic10.MGC
c:\windows\Installer\1cdeac0.msp
c:\windows\Installer\1eb72a5.msp
c:\windows\Installer\201e064.msp
c:\windows\Installer\201e078.msp
c:\windows\Installer\343f5.msp
c:\windows\Installer\3da643c.msp
c:\windows\Installer\4e96a.msi
c:\windows\Installer\53be2b.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\str.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmrxfumupx
-------\Service_kbiwkmrxfumupx


((((((((((((((((((((((((((((( Fichiers créés du 2009-08-17 au 2009-09-17 ))))))))))))))))))))))))))))))))))))
.

2009-09-16 14:55 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-16 14:55 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-16 14:55 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-16 14:54 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-16 14:54 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-16 14:54 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-16 14:54 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-16 14:54 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-16 14:52 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-16 14:52 . 2009-09-16 14:52 -------- d-----w- c:\program files\Alwil Software
2009-09-16 08:51 . 2009-09-16 08:51 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Malwarebytes
2009-09-16 08:51 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 08:50 . 2009-09-16 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 08:50 . 2009-09-16 08:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 08:50 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-15 14:50 . 2009-09-15 14:54 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-15 14:06 . 2009-09-15 14:06 -------- d-----w- c:\documents and settings\CWS Leonard\Tracing
2009-09-15 14:03 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-15 13:57 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-15 13:55 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft
2009-09-15 13:55 . 2009-09-15 13:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-15 13:55 . 2009-09-15 14:49 -------- d-----w- c:\program files\Windows Live
2009-09-15 13:49 . 2009-09-15 13:49 -------- d-----w- c:\program files\Fichiers communs\Windows Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 14:50 . 2004-08-05 12:00 90082 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-17 14:50 . 2004-08-05 12:00 111482 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-15 14:06 . 2007-05-29 09:53 64576 ----a-w- c:\documents and settings\CWS Leonard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 13:58 . 2007-07-30 09:02 -------- d-----w- c:\program files\Windows Live Toolbar
2009-09-10 07:51 . 2008-12-15 08:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-31 13:16 . 2008-07-23 14:57 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\uTorrent
2009-08-26 08:12 . 2009-07-09 14:46 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\vlc
2009-08-17 06:49 . 2009-01-13 17:25 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-14 09:48 . 2009-03-02 12:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-08-11 16:28 . 2008-07-28 12:30 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\dvdcss
2009-08-10 06:57 . 2009-03-02 12:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 15:54 . 2009-07-23 09:04 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Image Zone Express
2009-08-05 12:25 . 2006-12-18 23:10 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Skype
2009-08-05 12:23 . 2009-03-09 14:22 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\skypePM
2009-08-05 09:06 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:56 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 07:27 . 2006-12-18 19:06 98304 ----a-w- c:\windows\DUMP5f85.tmp
2009-06-26 16:18 . 2004-08-05 12:00 663552 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:44 . 2004-08-05 12:00 731136 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-05 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-05 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-05 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-05 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2004-08-05 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:34 . 2004-08-05 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\L:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check(2).lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(2).lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WinVNC4"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UStorage Server Service"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"Stormser"=2 (0x2)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SCardDrv"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Net Driver HPZ12"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LmHosts"=2 (0x2)
"LEC TranslateDotNet Server"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gupdate1c9bf42a4438a2a"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EpsonBidirectionalService"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AudioSrv"=2 (0x2)
"aswUpdSv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17601:TCP"= 17601:TCP:BitComet 17601 TCP
"17601:UDP"= 17601:UDP:BitComet 17601 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/09/2009 16:54 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/09/2009 16:54 20560]
R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [18/12/2006 20:38 362688]
S2 spzdgkssbmj;spzdgkssbmj;\??\c:\windows\system32\drivers\ntnnnucniqx.sys --> c:\windows\system32\drivers\ntnnnucniqx.sys [?]
S4 gupdate1c9bf42a4438a2a;Service Google Update (gupdate1c9bf42a4438a2a);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2009 11:55 133104]
S4 Stormser;Stormser;c:\progra~1\RINGZS~1\STORMC~1\Stormser.exe --> c:\progra~1\RINGZS~1\STORMC~1\Stormser.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st/
mStart Page = hxxp://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4f1088bafcc04244a459a68904098d0a
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4f1088bafcc04244a459a68904098d0a
TCP: {276FEDDC-CAF9-4FB1-83CA-F0BCEFC86E39} = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\CWS Leonard\Application Data\Mozilla\Firefox\Profiles\cqjqjxfy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-17 16:54
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1604)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\SoftwareDistribution\Download\Install\dotnetfx35_x86.exe
c:\6020aec6bc32c7f333\dotnetfx35setup.exe
c:\c65acef301beab0b4823ad5396e338\setup.exe
.
**************************************************************************
.
Heure de fin: 2009-09-17 16:59 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-17 14:59

Avant-CF: 112.009.699.328 octets libres
Après-CF: 111.706.599.424 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
314 --- E O F --- 2009-09-10 08:16
0
Réponse 2 / 15
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
17 sept. 2009 à 18:24
- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes :


KILLALL::

Driver::
spzdgkssbmj
Stormser

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] 
"Stormser"=-  

File::
c:\progra~1\RINGZS~1\STORMC~1\Stormser.exe
c:\windows\system32\drivers\ntnnnucniqx.sys



- Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)

- Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est).

- Désactive ton antivirus et tes autres protections résidentes.

- Fais un glissé/déposé de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image

( Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).

- Cela va relancer Combofix

- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !

- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !

- Une fois le scan achevé, un rapport va s'afficher: poste le stp.

--------------------------------
0
sese
18 sept. 2009 à 13:26
bonjour

voici le dernier rapport demandé

ComboFix 09-09-17.04 - CWS Leonard 18/09/2009 11:55.2.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.510.254 [GMT 2:00]
Lancé depuis: c:\documents and settings\CWS Leonard\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\CWS Leonard\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090917-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\progra~1\RINGZS~1\STORMC~1\Stormser.exe"
"c:\windows\system32\drivers\ntnnnucniqx.sys"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SPZDGKSSBMJ
-------\Legacy_STORMSER
-------\Service_spzdgkssbmj
-------\Service_Stormser


((((((((((((((((((((((((((((( Fichiers créés du 2009-08-18 au 2009-09-18 ))))))))))))))))))))))))))))))))))))
.

2009-09-16 14:55 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-16 14:55 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-16 14:55 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-16 14:54 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-16 14:54 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-16 14:54 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-16 14:54 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-16 14:54 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-16 14:52 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-16 14:52 . 2009-09-16 14:52 -------- d-----w- c:\program files\Alwil Software
2009-09-16 08:51 . 2009-09-16 08:51 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Malwarebytes
2009-09-16 08:51 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 08:50 . 2009-09-16 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 08:50 . 2009-09-16 08:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 08:50 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-15 14:50 . 2009-09-15 14:54 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-15 14:06 . 2009-09-15 14:06 -------- d-----w- c:\documents and settings\CWS Leonard\Tracing
2009-09-15 14:03 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-15 13:57 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-15 13:55 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft
2009-09-15 13:55 . 2009-09-15 13:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-15 13:55 . 2009-09-15 14:49 -------- d-----w- c:\program files\Windows Live
2009-09-15 13:49 . 2009-09-15 13:49 -------- d-----w- c:\program files\Fichiers communs\Windows Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 09:54 . 2004-08-05 12:00 90838 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-18 09:54 . 2004-08-05 12:00 111778 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-15 14:06 . 2007-05-29 09:53 64576 ----a-w- c:\documents and settings\CWS Leonard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 13:58 . 2007-07-30 09:02 -------- d-----w- c:\program files\Windows Live Toolbar
2009-09-10 07:51 . 2008-12-15 08:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-31 13:16 . 2008-07-23 14:57 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\uTorrent
2009-08-26 08:12 . 2009-07-09 14:46 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\vlc
2009-08-17 06:49 . 2009-01-13 17:25 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-14 09:48 . 2009-03-02 12:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-08-11 16:28 . 2008-07-28 12:30 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\dvdcss
2009-08-10 06:57 . 2009-03-02 12:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 15:54 . 2009-07-23 09:04 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Image Zone Express
2009-08-05 12:25 . 2006-12-18 23:10 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Skype
2009-08-05 12:23 . 2009-03-09 14:22 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\skypePM
2009-08-05 09:06 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:56 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 07:27 . 2006-12-18 19:06 98304 ----a-w- c:\windows\DUMP5f85.tmp
2009-06-26 16:18 . 2004-08-05 12:00 663552 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:44 . 2004-08-05 12:00 731136 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-05 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-05 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-05 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-05 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2004-08-05 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:34 . 2004-08-05 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-17_14.54.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-18 09:50 . 2009-09-18 09:50 16384 c:\windows\Temp\Perflib_Perfdata_484.dat
+ 2009-09-18 10:28 . 2009-09-18 10:28 16384 c:\windows\Temp\Perflib_Perfdata_480.dat
- 2009-09-17 14:53 . 2009-09-17 14:53 16384 c:\windows\Temp\Perflib_Perfdata_480.dat
+ 2004-08-05 12:00 . 2009-09-18 09:54 91758 c:\windows\system32\perfc009.dat
+ 2004-08-05 12:00 . 2009-09-18 09:54 478168 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\L:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check(2).lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(2).lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WinVNC4"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UStorage Server Service"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SCardDrv"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Net Driver HPZ12"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LmHosts"=2 (0x2)
"LEC TranslateDotNet Server"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gupdate1c9bf42a4438a2a"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EpsonBidirectionalService"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AudioSrv"=2 (0x2)
"aswUpdSv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17601:TCP"= 17601:TCP:BitComet 17601 TCP
"17601:UDP"= 17601:UDP:BitComet 17601 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/09/2009 16:54 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/09/2009 16:54 20560]
R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [18/12/2006 20:38 362688]
S4 gupdate1c9bf42a4438a2a;Service Google Update (gupdate1c9bf42a4438a2a);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2009 11:55 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st/
mStart Page = hxxp://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4f1088bafcc04244a459a68904098d0a
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4f1088bafcc04244a459a68904098d0a
TCP: {276FEDDC-CAF9-4FB1-83CA-F0BCEFC86E39} = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\CWS Leonard\Application Data\Mozilla\Firefox\Profiles\cqjqjxfy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 12:29
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(596)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2009-09-18 12:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-18 10:32
ComboFix2.txt 2009-09-17 14:59

Avant-CF: 111.652.544.512 octets libres
Après-CF: 111.750.508.544 octets libres

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
300 --- E O F --- 2009-09-18 09:52
0
Réponse 3 / 15
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
18 sept. 2009 à 14:21
♦ Télécharge Ad-remover ( de C_XX ) sur ton bureau :


♦ Déconnecte toi et ferme toutes applications en cours !

♦ Double-clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

♦ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

♦ Au menu principal choisis l'option "L" et tape sur [entrée] .

♦ Laisse travailler l'outil et ne touche à rien ...

♦ Un rapport est généré, postes le stp

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )


♦ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
sese
18 sept. 2009 à 14:41
Bonjour

voici le rapport Ad-Remover

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_V | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 15/09/2009 à 10:00 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 14:32:24, 18/09/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: LEONARD | Utilisateur actuel: CWS Leonard
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Trymedia Systems
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{08165EA0-E946-11CF-9C87-00AA005127ED}
HKLM\Software\Classes\CLSID\{8A60B490-CFA0-4D00-AFC8-8E350F660061}
.
C:\Documents and Settings\CWS Leonard\Application Data\EoRezo
C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\cmhost.cyp
C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\ConfMedia.cyp
C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\db
C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\db\cat.cyp
C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\eoDesktop\config.xml
C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\eoDesktop\userConfig.xml
C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\host.cyp
C:\Documents and Settings\CWS Leonard\Application Data\EoRezo\user.cyp
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\bar\History
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\bar\Settings
C:\Program Files\AskTBar\PopSwatr
C:\Program Files\AskTBar\PopSwatr\History
C:\Program Files\AskTBar\PopSwatr\History\allowed
C:\Program Files\AskTBar\PopSwatr\History\notallow

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.3 *
.
Nom du profil: cqjqjxfy.default (CWS Leonard)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Yahoo");
(Prefs.js) user_pref("browser.search.selectedEngine", "DAEMON Search");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.3");
.
.
* Internet Explorer Version 6.0.2900.2180 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
3821 Octet(s) - C:\Ad-Report-CLEAN.log
.
1 Fichier(s) - C:\DOCUME~1\CWSLEO~1\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
.
18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
8 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 14:38:35 | 18/09/2009
.
============== E.O.F ==============
.
0
Réponse 4 / 15
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
18 sept. 2009 à 14:49
- Met un coup de ccleaner >> nettoyage
Puis, clique sur " Registre " -->" Chercher des erreurs " --> " corriger les erreurs "
--> Recommence l'opération jusqu'à 0 erreur --> réponds Non à la sauvegarde

------------------------------
Telecharges RSIT " Random's System Information Tool " sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe

- Fermes toutes les applications en cours et double clic sur RSIT.exe
- Selectionnes " Continue " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est present sur le pc, si ce n'est pas le cas, RSIT le telechargera >> acceptes la license
- Une fois l'analyse terminée, 2 rapports.txt s'ouvrent, log.txt à l'écran et info.txt dans la barre des taches
- Postes le contenu des 2 rapports
0
sese
18 sept. 2009 à 14:57
bonjour en faisant le nettoyage de regitre je n'arrive pas a supprimer 2 ligne (essai 5 fois)

je lance tout de meme RSIT et je reviens
0
sese
18 sept. 2009 à 15:03
voici donc les 2 rapports

Logfile of random's system information tool 1.06 (written by random/random)
Run by CWS Leonard at 2009-09-18 14:59:37
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 107 GB (70%) free of 153 GB
Total RAM: 510 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:48, on 18/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\CWS Leonard\Bureau\RSIT.exe
C:\Documents and Settings\CWS Leonard\Bureau\CWS Leonard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4f1088bafcc04244a459a68904098d0a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4f1088bafcc04244a459a68904098d0a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{276FEDDC-CAF9-4FB1-83CA-F0BCEFC86E39}: NameServer = 192.168.2.1
O18 - Protocol: bw+0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8CE73396-E7A3-4055-9E08-5F7509895531} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
freelog Messages postés 2067 Date d'inscription vendredi 12 octobre 2007 Statut Membre Dernière intervention 16 avril 2011 130
18 sept. 2009 à 14:53
C:\Documents and Settings\CWS Leonard\Application Data\EoRezo
0
Réponse 6 / 15
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
18 sept. 2009 à 14:57
C:\Documents and Settings\CWS Leonard\Application Data\EoRezo

--> Et alors ?
0
Réponse 7 / 15
freelog Messages postés 2067 Date d'inscription vendredi 12 octobre 2007 Statut Membre Dernière intervention 16 avril 2011 130
18 sept. 2009 à 14:58
désolé Eorozo y a truc pour le virer
mais je me mèle de ce qui me rgarde pas
c'est plus fort que moi
0
Réponse 8 / 15
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
19 sept. 2009 à 10:42
Bonjour,

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

• Lance l'installation du programme en exécutant le fichier téléchargé.
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)
0
sese
21 sept. 2009 à 09:23
bonjour

voici le rapport toolbar
merci
sese


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : Version 5.00 R1.04-01.1826
USER : CWS Leonard ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1351 [VPS 090920-0] 4.8.1351 (Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:103 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 21/09/2009| 9:20 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
C:\Program Files\DAEMON Tools Toolbar\Resources
C:\Program Files\DAEMON Tools Toolbar\uninst.exe
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome.manifest
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\install.rdf
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome\dttoolbar.jar
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.xpt
C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.png
C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png
C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(CWS Leonard) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr"
"Search bar"="http://www.bing.com/spresults.aspx"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 21/09/2009| 9:21 - Option : [1]

-----------\\ Fin du rapport a 9:21:47,18
0
Réponse 9 / 15
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
21 sept. 2009 à 15:51
Salut,

Relance ToolbarSD et choisis l'option2 (suppression)

--> laisse l'outil travailler et ne ferme aucune fenêtre

--> Un rapport sera généré, poste le stp

Note : le rapport est également à C:\TB.txt
0
sese
21 sept. 2009 à 16:29
merci

voici le second rapport


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : Version 5.00 R1.04-01.1826
USER : CWS Leonard ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1351 [VPS 090920-0] 4.8.1351 (Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:104 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 21/09/2009|16:26 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Supprime! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(CWS Leonard) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 21/09/2009| 9:21 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 21/09/2009|16:27 - Option : [2]

-----------\\ Fin du rapport a 16:27:57,37
0
Réponse 10 / 15
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
21 sept. 2009 à 16:43
Très bien,

- Je te conseille de changer d'antivirus car Avast n'est plus l'antivirus qu'il était, supprimes Avast à partir du panneau de conf--> ajouter/supprimer un programme
Désactive le résident avant de lancer la désinstallation --> clic-droit sur l'icône d'Avast en bas à droite

Télécharge Avira antivir

Sers-toi de ce tutoriel pour l'installer correctement


* Installe Antivir et mets-le à jour.
* Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
* Dans Antivir, choisis Outils puis Configuration.
* Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

Une fois à jour et paramétré, redémarre le pc en " Mode sans échec " :

- Au démarrage de l'ordi, tapotes sur la touche F8 ou F5 de ton clavier ( juste après le bip du bios et avant l'apparition du logo " Windows ")
- Un écran avec plusieurs choix apparaitra, sélectionne à l'aide des flèches du clavier, le mode sans échec et valides avec la touche " Entrée "

- Une fois en mode sans échec, lance un scan et poste le rapport généré à la fin stp.
0
Réponse 11 / 15
sese
21 sept. 2009 à 17:39
bonjour

impossible d'installer antivir!!!! (je suis actuellement en mode DIAG car impossible de travailler en mode normal)

il me fait l'extraction ensuite il y a le message " installation en cours de preparation" puis plus rien
je remets avast en attendant pour eviter les mauvaises surprises
0
Réponse 12 / 15
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
21 sept. 2009 à 18:15
Télécharge gmer sur le bureau et dézippe-le (clic droit et extraire ici) :
http://www2.gmer.net/gmer.zip

* Double-clique sur gmer.exe sur le bureau. Si ton antivirus réagit, ne t'inquiète pas et ignore l'alerte.
* Clique sur l'onglet "rootkit", puis clique sur scan.
* A la fin du scan, clique sur le bouton copy.
* Dans démarrer>programmes>accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
* poste le rapport stp ...
0
sese
22 sept. 2009 à 09:25
bonjour

voici le rapport Gmer


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x62 0x12 0x84 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0xF0 0x9B 0x09 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x1D 0xE0 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx@imagepath \systemroot\system32\drivers\kbiwkmwsklypni.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main@aid 10002
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main@sid 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main\injector@* kbiwkmwsp8.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmwsklypni.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmqoirqvov.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmmpjyutpb.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmjnptjkvt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules@kbiwkm.dat \systemroot\system32\kbiwkmjcxiwwow.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmrxfumupx\modules@kbiwkmwsp8.dll \systemroot\system32\kbiwkmabdpybiq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x62 0x12 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0xF0 0x9B 0x09 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x1D 0xE0 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x62 0x12 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0xF0 0x9B 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x1D 0xE0 0x56 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x62 0x12 0x84 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0xF0 0x9B 0x09 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x1D 0xE0 0x56 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----
0
Réponse 13 / 15
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
22 sept. 2009 à 14:00
Salut,

Le rootkit est de retour, on va essayer une méthode qui devrait permettre de le virer avec Malwarebytes :

* Télécharge Rootrepeal
* Dézippe-le sur le Bureau (Fais un clic droit sur l'archive et choisis extraire vers> Bureau),
* Double-clique sur Rootrepeal.exe
* Clique sur l'onglet File et choisis Scan. L'analyse peut durer quelques minutes,
* Clique sur "Save report". Enregistre le rapport sur le Bureau en lui donnant le nom Rootrepeal.txt,
* Ouvre ce rapport, fais CTRL+A pour tout sélectionner, CTRL+C pour copier son contenu, CTRL+V pour coller ce rapport dans ta prochaine réponse,



*Au cas où le rapport serait trop long, utilises cijoint pour le poster : http://www.cijoint.fr/

Cliques sur <Parcourir> et cherche le fichier C:

Cliques sur <Ouvrir>.

Cliques sur "Cliquez ici pour déposer le fichier".

Un lien présenté sous cette forme ( ci-dessous) sera généré :

hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijWLET7cO.txt

Copie celui-ci dans ta réponse.
0
sese
22 sept. 2009 à 15:04
bonjour

voici le rapport Rootpeal

http://www.cijoint.fr/cjlink.php?file=cj200909/cijtA7q3cy.txt

merci
0
Réponse 14 / 15
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
22 sept. 2009 à 16:13
Mouais, on va faire autrement,

Dans l'ordre :

1°) Supprimes la version de combofix sur ton bureau :

Clique sur Démarrer puis Exécuter. Tapes combofix /u dans la zone de saisie puis OK.
- ( il y a un espace entre combofix et /u)

--> Supprime C:\qoobox

2°) Télécharge Combofix en prenant soin de le renommer ( c'est important)

Regarde là en cas de difficulté : renommer Combofix au téléchargement


* Fais un clic droit ici
* Choisir : Enregistrer la cible du lien sous
* Choisir le Bureau comme destination.
* Dans le champ "Nom du fichier", renommer ComboFix.exe en CCM.exe par exemple, puis enregistrez.
* Déconnecte-toi d'Internet et ferme toutes les applications et programmes.
* Désactive tes défenses ( antivirus, antispyware...)
* Double-clique sur CCM.exe pour lancer le fix
* Accepte le message d'avertissement et accepte l'installation de la Console de récupération.
* Le rapport sera créé sous la racine : C:\Combofix.txt , poste le stp
0
sese
22 sept. 2009 à 17:35
voici donc le rapport

ComboFix 09-09-21.04 - CWS Leonard 22/09/2009 17:12.4.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.510.247 [GMT 2:00]
Lancé depuis: c:\documents and settings\CWS Leonard\Bureau\CCM.exe
AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-08-22 au 2009-09-22 ))))))))))))))))))))))))))))))))))))
.

2009-09-21 15:43 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-21 15:43 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-21 15:43 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-21 15:43 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-21 15:43 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-21 15:43 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-21 15:43 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-21 15:43 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-21 15:43 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-21 07:19 . 2009-09-21 14:27 -------- d-----w- C:\ToolBar SD
2009-09-18 12:59 . 2009-09-18 12:59 -------- d-----w- C:\rsit
2009-09-18 12:32 . 2009-09-18 12:38 -------- d-----w- c:\program files\Ad-Remover
2009-09-16 14:52 . 2009-09-16 14:52 -------- d-----w- c:\program files\Alwil Software
2009-09-16 08:51 . 2009-09-16 08:51 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Malwarebytes
2009-09-16 08:51 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 08:50 . 2009-09-16 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 08:50 . 2009-09-16 08:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 08:50 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-15 14:50 . 2009-09-15 14:54 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-15 14:06 . 2009-09-15 14:06 -------- d-----w- c:\documents and settings\CWS Leonard\Tracing
2009-09-15 14:03 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-15 13:57 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-15 13:55 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft
2009-09-15 13:55 . 2009-09-15 13:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-15 13:55 . 2009-09-15 14:49 -------- d-----w- c:\program files\Windows Live
2009-09-15 13:49 . 2009-09-15 13:49 -------- d-----w- c:\program files\Fichiers communs\Windows Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 06:50 . 2004-08-05 12:00 92728 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-22 06:50 . 2004-08-05 12:00 112518 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-15 14:06 . 2007-05-29 09:53 64576 ----a-w- c:\documents and settings\CWS Leonard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 13:58 . 2007-07-30 09:02 -------- d-----w- c:\program files\Windows Live Toolbar
2009-09-10 07:51 . 2008-12-15 08:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-31 13:16 . 2008-07-23 14:57 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\uTorrent
2009-08-26 08:12 . 2009-07-09 14:46 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\vlc
2009-08-14 09:48 . 2009-03-02 12:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-08-11 16:28 . 2008-07-28 12:30 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\dvdcss
2009-08-10 06:57 . 2009-03-02 12:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 15:54 . 2009-07-23 09:04 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Image Zone Express
2009-08-05 12:25 . 2006-12-18 23:10 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Skype
2009-08-05 12:23 . 2009-03-09 14:22 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\skypePM
2009-08-05 09:06 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:56 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 07:27 . 2006-12-18 19:06 98304 ----a-w- c:\windows\DUMP5f85.tmp
2009-06-26 16:18 . 2004-08-05 12:00 663552 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:44 . 2004-08-05 12:00 731136 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-05 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-05 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-05 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-05 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2004-08-05 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\L:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check(2).lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(2).lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WinVNC4"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UStorage Server Service"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SCardDrv"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Net Driver HPZ12"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LmHosts"=2 (0x2)
"LEC TranslateDotNet Server"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gupdate1c9bf42a4438a2a"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EpsonBidirectionalService"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AudioSrv"=2 (0x2)
"aswUpdSv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17601:TCP"= 17601:TCP:BitComet 17601 TCP
"17601:UDP"= 17601:UDP:BitComet 17601 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/09/2009 17:43 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/09/2009 17:43 20560]
R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [18/12/2006 20:38 362688]
S4 gupdate1c9bf42a4438a2a;Service Google Update (gupdate1c9bf42a4438a2a);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2009 11:55 133104]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
*NewlyCreated* - UFRDAPOG
*Deregistered* - ufrdapog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4f1088bafcc04244a459a68904098d0a
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4f1088bafcc04244a459a68904098d0a
TCP: {276FEDDC-CAF9-4FB1-83CA-F0BCEFC86E39} = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\CWS Leonard\Application Data\Mozilla\Firefox\Profiles\cqjqjxfy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 17:15
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3080)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-09-22 17:17
ComboFix-quarantined-files.txt 2009-09-22 15:16
ComboFix2.txt 2009-09-22 15:10

Avant-CF: 111.787.540.480 octets libres
Après-CF: 111.773.093.888 octets libres

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
276 --- E O F --- 2009-09-18 09:52
0
Réponse 15 / 15
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
22 sept. 2009 à 19:10
- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes :


KILLALL::

File::
c:\windows\system32\drivers\lvuvc.hs 
c:\windows\DUMP5f85.tmpw


- Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)

- Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est).

- Désactive ton antivirus et tes autres protections résidentes.

- Fais un glissé/déposé de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image

( Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).

- Cela va relancer Combofix

- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !

- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !

- Une fois le scan achevé, un rapport va s'afficher: poste le stp.

Puis relances un scan rapide avec Malwarebytes et poste le rapport stp

Edit : Mets à jour MBAM avant de lancer le scan

0
sese
23 sept. 2009 à 09:16
bonjour

voici le rapport combofix

merci

ComboFix 09-09-21.04 - CWS Leonard 23/09/2009 8:48.5.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.510.319 [GMT 2:00]
Lancé depuis: c:\documents and settings\CWS Leonard\Bureau\CCM.exe
Commutateurs utilisés :: c:\documents and settings\CWS Leonard\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090922-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\DUMP5f85.tmpw"
"c:\windows\system32\drivers\lvuvc.hs"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-23 au 2009-09-23 ))))))))))))))))))))))))))))))))))))
.

2009-09-21 15:43 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-21 15:43 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-21 15:43 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-21 15:43 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-21 15:43 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-21 15:43 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-21 15:43 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-21 15:43 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-21 15:43 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-21 07:19 . 2009-09-21 14:27 -------- d-----w- C:\ToolBar SD
2009-09-18 12:59 . 2009-09-18 12:59 -------- d-----w- C:\rsit
2009-09-18 12:32 . 2009-09-18 12:38 -------- d-----w- c:\program files\Ad-Remover
2009-09-16 14:52 . 2009-09-16 14:52 -------- d-----w- c:\program files\Alwil Software
2009-09-16 08:51 . 2009-09-16 08:51 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Malwarebytes
2009-09-16 08:51 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 08:50 . 2009-09-16 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 08:50 . 2009-09-16 08:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 08:50 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-15 14:50 . 2009-09-15 14:54 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-15 14:06 . 2009-09-15 14:06 -------- d-----w- c:\documents and settings\CWS Leonard\Tracing
2009-09-15 14:03 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-15 13:57 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-15 13:55 . 2009-09-15 14:03 -------- d-----w- c:\program files\Microsoft
2009-09-15 13:55 . 2009-09-15 13:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-15 13:55 . 2009-09-15 14:49 -------- d-----w- c:\program files\Windows Live
2009-09-15 13:49 . 2009-09-15 13:49 -------- d-----w- c:\program files\Fichiers communs\Windows Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 06:39 . 2004-08-05 12:00 93106 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-23 06:39 . 2004-08-05 12:00 112666 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-15 14:06 . 2007-05-29 09:53 64576 ----a-w- c:\documents and settings\CWS Leonard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 13:58 . 2007-07-30 09:02 -------- d-----w- c:\program files\Windows Live Toolbar
2009-09-10 07:51 . 2008-12-15 08:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-31 13:16 . 2008-07-23 14:57 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\uTorrent
2009-08-26 08:12 . 2009-07-09 14:46 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\vlc
2009-08-11 16:28 . 2008-07-28 12:30 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\dvdcss
2009-08-10 06:57 . 2009-03-02 12:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 15:54 . 2009-07-23 09:04 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Image Zone Express
2009-08-05 12:25 . 2006-12-18 23:10 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\Skype
2009-08-05 12:23 . 2009-03-09 14:22 -------- d-----w- c:\documents and settings\CWS Leonard\Application Data\skypePM
2009-08-05 09:06 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:56 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 07:27 . 2006-12-18 19:06 98304 ----a-w- c:\windows\DUMP5f85.tmp
2009-06-26 16:18 . 2004-08-05 12:00 663552 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:44 . 2004-08-05 12:00 731136 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-05 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-05 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-05 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-05 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2004-08-05 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-22_15.15.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-23 07:01 . 2009-09-23 07:01 16384 c:\windows\Temp\Perflib_Perfdata_4b8.dat
+ 2004-08-05 12:00 . 2009-09-23 06:39 92454 c:\windows\system32\perfc009.dat
+ 2004-08-05 12:00 . 2009-09-23 06:39 480016 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\L:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check(2).lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(2).lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WinVNC4"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UStorage Server Service"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SCardDrv"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Net Driver HPZ12"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LmHosts"=2 (0x2)
"LEC TranslateDotNet Server"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gupdate1c9bf42a4438a2a"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EpsonBidirectionalService"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AudioSrv"=2 (0x2)
"aswUpdSv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17601:TCP"= 17601:TCP:BitComet 17601 TCP
"17601:UDP"= 17601:UDP:BitComet 17601 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/09/2009 17:43 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/09/2009 17:43 20560]
R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [18/12/2006 20:38 362688]
S4 gupdate1c9bf42a4438a2a;Service Google Update (gupdate1c9bf42a4438a2a);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2009 11:55 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 09:55]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4f1088bafcc04244a459a68904098d0a
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4f1088bafcc04244a459a68904098d0a
TCP: {276FEDDC-CAF9-4FB1-83CA-F0BCEFC86E39} = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\CWS Leonard\Application Data\Mozilla\Firefox\Profiles\cqjqjxfy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-23 09:01
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Heure de fin: 2009-09-23 9:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-23 07:05
ComboFix2.txt 2009-09-22 15:17
ComboFix3.txt 2009-09-22 15:10

Avant-CF: 111.722.262.528 octets libres
Après-CF: 111.738.003.456 octets libres

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
293 --- E O F --- 2009-09-23 06:41
0