infection à l'horizon :( Résolu/Fermé

Question

Bonjour,
 eh oui, comme beaucoup d'entre vous je vous envoies mon rapport non pas de mon budget ,mais d'un hijackthis :) ... j'ai besoin de vos bons conseils...mon système est rendu sous windows xp , , il est rendu très très lent, mon anti-virus avast edition familial à detecté 3 virus ainsi que 4 cheval de troies, j'ai même effectué un smitfraudfix , mais tjrs là...(dsl je veux trop en dire lolll .. ) je vous envoie mon rapport pour commencer... ;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:18:58, on 2008-06-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3934F86C-2D84-4EAF-9065-65322C1AFE25} - (no file)
O2 - BHO: (no name) - {58FF5B3A-2CF6-4B72-919A-AE590AA7890D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {291a47de-2140-24e9-1124-71d8f83cb32f} - {f23bc38f-8d17-4211-9e42-0412ed74a192} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: Choisir comme avatar pour &Messenger - C:\Program Files\MSN Pictures Displayer\AddIEPicture.htm
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: bw+0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ddcbxww - C:\WINDOWS\
O20 - Winlogon Notify: qomliii - qomliii.dll (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

Utilisateur anonyme · Answer

Bonjour, Alors, oui tu es encore infecté. Désinstalle Desktop Messenger de Logitech via le panneau ajout/suppression de programme. Ensuite, On fait un gros nettoyage : > Les logiciels suivants (MalwareByte's Anti-Malware et Ccleaner) te seront utiles par la suite - ils sont à conserver... > Télécharge MalwareByte's Anti-Malware : - Installe le programme puis lance le stp. NB : S'il te manque COMCTL32.OCX alors télécharge le ici - Fais les mises à jour (clique sur "Mises à jour" puis "Recherche de mises à jour") puis ferme le programme. NB : Si tu as besoin : Tuto > Télécharge et installe Ccleaner : - Fais les mises à jour puis ferme le programme. Si besoin est tu trouveras des Tutoriaux : ici, ici et là. > Télécharge Clean (de Malekal Morte) (différent de Ccleaner) > Télécharge SDFix (de AndyManchesta) sur ton bureau : - Double clique sur l'archive SDFix qui à été créé sur le Bureau et installe le programme (l'installation va créer un dossier (à la racine du disque dur par défaut) nommé SDFix. Ferme ensuite le programme. > Commence par faire un copier/coller de ce poste (cette manip.): (conseillé) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" => "Programmes" =>"Accessoires" => "Bloc notes"), puis fait un copier/coller de tout le contenu de la fenêtre de ce poste dans le fichier texte. Sauvegarde le sur le bureau, tu pourras alors y avoir accès même déconnecté ou en mode sans échec. > Démarre en mode sans échec : (image). Si problème : tuto ici > Lance MalwareByte's Anti-Malware, - Clique sur "Executer un examen complet" puis "Rechercher" et sélectionne tous tes disques durs => le scan débute....patiente... - A la fin du scanne, clique sur "supprimer" (Si des éléments sont difficiles à supprimer, un message te demandera de redémarrer : clique sur "Oui" alors) - après suppression des infections : un rapport va être généré : sauvegarde le et poste le sur forum. > Lance Ccleaner, - Choisi l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures" (tout doit être supprimé). - Dans l'onglet "Nettoyeur" clique sur "Analyse". - Une fois l'analyse terminée, clique sur "Lancer le Nettoyage". - Dans l'onglet "registre" => Recherches des erreurs => Réparer les erreurs sélectionnées => enregistre une sauvegarde => corriger toutes erreurs sélectionnées => ok => fermer. N.B : Si Ccleaner te propose d'enregistrer une sauvegarde, reponds oui et enregistre sous 'Bureau' Recommence jusqu’à ce qu’il ne trouve plus rien (cela varie en général entre 1 et 4 fois). > Pour Clean (encore en mode sans échec) : - Double-clic sur clean.cmd - Une fenêtre va apparaître, choisis l'option 2, suis les consignes et poste le rapport clean (Le rapport clean se trouve ici : C:\rapport_clean.txt) NB : Si besoin : Tuto > Pour SDFix (toujours en mode sans échec) : - Vas dans c:/SDFix et double-clique sur RunThis.bat - Appuie sur < Y > puis < Entrée >....Le nettoyage commence....patience... - Le programme va te demander de relancer le PC, frappe une touche... - Le nettoyage se termine...un rapport apparait... -Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse > Relance ton PC en mode normal > Relance Hijackthis : Puis sélectionne < do a system scan and save a logfile >, Et envoie moi, par collier/coller, ton log Hijackthis, Bon courage, :) NB : N'oublie pas de poster TOUS les rapports stp ( MalwareByte's Anti-Malware, Clean (différent de Ccleaner - ne poste pas celui de Ccleaner), SDFix puis HiJAckT). A+

Utilisateur anonyme · Answer

Bonsoir,
Je suis de retour.

Alors :
Peux tu faire ceci stp ? (j'ai l'impression qu'il reste des fichiers infectieux dans ton PC).

> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.


Après on termine.

Comment va le PC ?


A+

ticlaine · Answer

hé hé ! bon matin DIID... bon je dois t'avouer que j'avais déjà fais un combofix avant que tu me le demandes , un ancien copain(en informatique..) m'avait déjà donné ce programme à faire que j'ai remis la main dessus ... sans trop connaître parcontre tous ce que ça peut faire :(... ( je sais , c'est pour les pros ... ! loll ) mais bon ! je t'envoies le log ! j'y connais rien.... lolll et merci encore ... pour ce qui est de mon ordi , elle est plus rapide mais hier j'ai parti un scan adware et déjà après 5 min. 4 infections... j'ai arrêté le scan au cas ou le virus serait dans ce programme.... j'attends de tes nouvelles ComboFix 08-06-20.4 - guillaine 2008-06-29 14:15:07.3 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.232 [GMT -4:00] Endroit: C:\Documents and Settings\guillaine.HOME-6620B39EBF\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\BM335ac9bc.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\acbeg.ini C:\WINDOWS\system32\acbeg.ini2 C:\WINDOWS\system32 qtss.ini C:\WINDOWS\system32 qtss.ini2 C:\WINDOWS\system32\stvwa.ini C:\WINDOWS\system32\stvwa.ini2 C:\WINDOWS\system32 tutv.ini C:\WINDOWS\system32 tutv.ini2 C:\WINDOWS\system32\vycdd.ini C:\WINDOWS\system32\vycdd.ini2 . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))))))) . 2008-06-29 09:38 . 2008-06-29 10:04 134,290,536 --a------ C:\Program Files\OOo_2.4.1_Win32Intel_install_wJRE_fr.exe 2008-06-26 12:51 . 2008-06-26 16:09 51,755 --a------ C:\lucmp3.nr3 2008-06-22 10:38 . 2008-06-22 10:38 36,544 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-06-22 10:25 . 2006-10-04 22:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-06-22 10:25 . 2006-10-04 22:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-06-20 07:19 . 2008-06-22 10:25 d-------- C:\Program Files\Picasa2 2008-06-20 07:17 . 2008-06-20 07:18 4,909,136 --a------ C:\Program Files\picasa2Setup.exe 2008-06-15 16:41 . 2008-06-15 16:42 d-------- C:\Documents and Settings\enfants\Application Data\OpenOffice.org2 2008-06-13 07:09 . 2008-06-13 07:09 d-------- C:\WINDOWS\system32\bits 2008-06-13 07:05 . 2007-03-29 08:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll 2008-06-13 07:05 . 2007-03-29 08:58 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll 2008-06-10 23:54 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 23:54 . 2008-06-14 13:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-04 07:32 . 2008-06-04 07:32 1,534,464 --a------ C:\Program Files\siw.exe 2008-06-03 19:03 . 2008-06-03 19:03 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech 2008-06-01 14:17 . 2008-06-01 14:17 1,491,365 --a------ C:\Program Files\wlm.exe 2008-06-01 13:45 . 2008-06-01 13:45 d-------- C:\Documents and Settings\enfants\Application Data\GlarySoft . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-29 14:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\OpenOffice.org2 2008-06-29 14:19 --------- d-----w C:\Program Files\OpenOffice.org 2.4 (fr) Installation Files 2008-06-29 13:34 --------- d-----w C:\Program Files\Windows Defender 2008-06-29 12:20 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-06-29 12:10 --------- d-----w C:\Program Files\Java 2008-06-27 04:04 --------- d-----r C:\Program Files\EClea2_0 2008-06-27 03:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\LimeWire 2008-06-27 03:59 --------- d-----w C:\Documents and Settings\enfants\Application Data\LimeWire 2008-06-26 11:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-24 10:56 --------- d-----w C:\Program Files\MesPolices10 2008-06-15 21:51 --------- d-----w C:\Documents and Settings\enfants\Application Data\Arcsoft 2008-06-15 06:51 --------- d-----w C:\Program Files\Circle Developement 2008-06-15 06:51 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\programidle 2008-06-15 06:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Frag great bend logo 2008-06-14 23:40 2,402,832 ----a-w C:\Program Files\WLinstaller.exe 2008-06-14 23:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-06-04 14:06 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ESTsoft 2008-06-03 23:04 --------- d-----w C:\Program Files\Fichiers communs\Logishrd 2008-06-03 23:03 --------- d-----w C:\Program Files\Logitech 2008-06-03 23:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd 2008-06-01 00:18 --------- d-----w C:\Program Files\LimeWire 2008-05-28 11:09 --------- d-----w C:\Program Files\Lavasoft 2008-05-28 11:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-05-28 11:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-05-27 14:47 --------- d-----w C:\Program Files\ESTsoft 2008-05-27 14:41 19,153,264 ----a-w C:\Program Files\Lavasoft_Adaware_multi.exe 2008-05-24 01:22 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Apple Computer 2008-05-22 13:32 2,869,264 ----a-w C:\Program Files\dotNetFx35setup.exe 2008-05-21 13:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-05-21 12:12 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Malwarebytes 2008-05-21 12:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-05-19 16:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\DisplayTune 2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Logitech 2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Grisoft 2008-05-14 22:44 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ArcSoft 2008-05-13 13:24 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Logitech 2008-05-12 20:16 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-05-12 20:16 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-05-12 20:16 --------- d-----r C:\Program Files\Creative 2008-05-12 19:34 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\GlarySoft 2008-05-09 21:09 --------- d-----w C:\Program Files\ANI 2008-05-09 21:08 --------- d-----w C:\Program Files\D-Link 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers mcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-05 11:15 --------- d-----r C:\Program Files\Panasonic 2008-05-05 11:07 --------- d-----r C:\Program Files\Alwil Software 2008-05-05 04:47 --------- d-----w C:\Documents and Settings\Marie\Application Data\Bell 2008-05-03 00:38 --------- d-----w C:\Documents and Settings\enfants\Application Data\Bell 2008-04-29 19:54 --------- d-----w C:\Program Files\Fichiers communs\Logitech 2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-29 13:20 27,100,264 -c--a-w C:\Program Files\PowerPointViewer.exe 2008-04-28 15:53 --------- d-----w C:\Program Files\Incomplete 2008-04-28 15:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Calendrier Xtra 2008-04-28 15:53 --------- d-----w C:\Documents and Settings\enfants\Application Data\Chessmaster Challenge 2008-04-28 13:43 --------- d-----w C:\Program Files\Windows Installer Clean Up 2008-04-28 13:43 --------- d-----w C:\Program Files\MSECache 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-20 20:30 1,338,384 -c--a-w C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe 2008-04-20 19:51 2,517 -c--a-w C:\Program Files\INSTALL.LOG 2008-04-08 06:52 119,479,710 -c--a-w C:\Program Files\OOo_2.4.0_Win32Intel_install_fr.exe 2008-04-08 06:27 1,664,591 -c--a-w C:\Program Files\pf-setup.exe 2008-04-05 16:33 9,309,624 -c--a-w C:\Program Files\Shockwave_Installer_Full.exe 2008-04-04 14:15 46,391,264 -c--a-w C:\Program Files\8-3_xp32_dd_ccc_wdm_enu_59746.exe 2008-04-03 23:50 57,144,896 -c--a-w C:\Program Files\setpoint440.exe 2008-04-02 17:45 2,751,368 -c--a-w C:\Program Files\ccsetup206.exe 2008-03-23 01:01 9,722,720 -c--a-w C:\Program Files\spybotsd152.exe 2008-03-21 14:38 8,161,400 -c--a-w C:\Program Files\Windows-KB890830-V1.39.exe 2008-03-09 14:21 407,680 -c--a-w C:\Program Files\aswclnr.exe 2008-02-25 15:15 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe 2008-02-25 15:11 881,192 -c--a-w C:\Program Files\WGAPluginInstall.exe 2008-02-24 01:22 1,491,592 -c--a-w C:\Program Files\install_flash_player.exe 2008-02-17 17:42 1,729 -c--a-w C:\Program Files\Adobe Reader 8.lnk 2008-02-12 16:50 95 -csh--w C:\Program Files\desktop.ini 2008-02-12 16:50 15,086 -csh--w C:\Program Files\ShedkoFolderico3_0627.ico 2007-12-09 00:04 12,413,440 -c--a-w C:\Program Files\avgas-setup-7.5.1.43.exe 2002-06-04 09:06 65,536 -c--a-w C:\WINDOWS\inf\copyinf.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3934F86C-2D84-4EAF-9065-65322C1AFE25}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58FF5B3A-2CF6-4B72-919A-AE590AA7890D}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f23bc38f-8d17-4211-9e42-0412ed74a192}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] C:\Documents and Settings\guillaine.HOME-6620B39EBF\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\ddcbxww] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\qomliii] qomliii.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk] backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service] --a------ 2008-05-28 11:05 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] --a--c--- 2007-11-13 15:24 72192 C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a--c--- 2001-09-04 04:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a--c--- 2004-02-24 22:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp] --a--c--- 2007-11-19 10:33 1468928 C:\Program Files\BellCanada\McciTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-05 08:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320] --a------ 2005-12-14 15:56 2711552 C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a--c--- 2004-08-05 08:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-05-11 08:43 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a--c--- 2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2007-10-25 16:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] --a--c--- 2003-12-01 12:38 892928 C:\Program Files\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WLSetupSvc"=3 (0x3) "WinDefend"=2 (0x2) "usnjsvc"=3 (0x3) "SPTISRV"=3 (0x3) "SoundMAX Agent Service (default)"=2 (0x2) "PACSPTISVR"=3 (0x3) "MSCSPTISRV"=3 (0x3) "McciCMService"=2 (0x2) "LVSrvLauncher"=2 (0x2) "LVPrcSrv"=2 (0x2) "LVCOMSer"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "DTSRVC"=2 (0x2) "CTDevice_Srv"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "aswUpdSv"=2 (0x2) "Apple Mobile Device"=2 (0x2) "ANIWZCSdService"=2 (0x2) "ACDaemon"=2 (0x2) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-disabled] "D-Link Wireless G WDA-1320"=C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\iTunes\iTunes.exe"= S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-08-25 15:00] S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 05:50] S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [] S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 17:51] S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 17:51] S4 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2007-11-14 13:04] S4 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-11-01 11:59] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-29 14:16:50 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . Temps d'accomplissement: 2008-06-29 14:19:36 ComboFix-quarantined-files.txt 2008-06-29 18:18:33 Pre-Run: 62,989,586,432 octets libres Post-Run: 62,975,143,936 octets libres 272 --- E O F --- 2008-06-26 11:25:56 ComboFix 08-06-20.4 - guillaine 2008-06-29 14:15:07.3 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.232 [GMT -4:00] Endroit: C:\Documents and Settings\guillaine.HOME-6620B39EBF\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\BM335ac9bc.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\acbeg.ini C:\WINDOWS\system32\acbeg.ini2 C:\WINDOWS\system32 qtss.ini C:\WINDOWS\system32 qtss.ini2 C:\WINDOWS\system32\stvwa.ini C:\WINDOWS\system32\stvwa.ini2 C:\WINDOWS\system32 tutv.ini C:\WINDOWS\system32 tutv.ini2 C:\WINDOWS\system32\vycdd.ini C:\WINDOWS\system32\vycdd.ini2 . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))))))) . 2008-06-29 09:38 . 2008-06-29 10:04 134,290,536 --a------ C:\Program Files\OOo_2.4.1_Win32Intel_install_wJRE_fr.exe 2008-06-26 12:51 . 2008-06-26 16:09 51,755 --a------ C:\lucmp3.nr3 2008-06-22 10:38 . 2008-06-22 10:38 36,544 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-06-22 10:25 . 2006-10-04 22:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-06-22 10:25 . 2006-10-04 22:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-06-20 07:19 . 2008-06-22 10:25 d-------- C:\Program Files\Picasa2 2008-06-20 07:17 . 2008-06-20 07:18 4,909,136 --a------ C:\Program Files\picasa2Setup.exe 2008-06-15 16:41 . 2008-06-15 16:42 d-------- C:\Documents and Settings\enfants\Application Data\OpenOffice.org2 2008-06-13 07:09 . 2008-06-13 07:09 d-------- C:\WINDOWS\system32\bits 2008-06-13 07:05 . 2007-03-29 08:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll 2008-06-13 07:05 . 2007-03-29 08:58 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll 2008-06-10 23:54 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 23:54 . 2008-06-14 13:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-04 07:32 . 2008-06-04 07:32 1,534,464 --a------ C:\Program Files\siw.exe 2008-06-03 19:03 . 2008-06-03 19:03 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech 2008-06-01 14:17 . 2008-06-01 14:17 1,491,365 --a------ C:\Program Files\wlm.exe 2008-06-01 13:45 . 2008-06-01 13:45 d-------- C:\Documents and Settings\enfants\Application Data\GlarySoft . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-29 14:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\OpenOffice.org2 2008-06-29 14:19 --------- d-----w C:\Program Files\OpenOffice.org 2.4 (fr) Installation Files 2008-06-29 13:34 --------- d-----w C:\Program Files\Windows Defender 2008-06-29 12:20 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-06-29 12:10 --------- d-----w C:\Program Files\Java 2008-06-27 04:04 --------- d-----r C:\Program Files\EClea2_0 2008-06-27 03:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\LimeWire 2008-06-27 03:59 --------- d-----w C:\Documents and Settings\enfants\Application Data\LimeWire 2008-06-26 11:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-24 10:56 --------- d-----w C:\Program Files\MesPolices10 2008-06-15 21:51 --------- d-----w C:\Documents and Settings\enfants\Application Data\Arcsoft 2008-06-15 06:51 --------- d-----w C:\Program Files\Circle Developement 2008-06-15 06:51 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\programidle 2008-06-15 06:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Frag great bend logo 2008-06-14 23:40 2,402,832 ----a-w C:\Program Files\WLinstaller.exe 2008-06-14 23:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-06-04 14:06 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ESTsoft 2008-06-03 23:04 --------- d-----w C:\Program Files\Fichiers communs\Logishrd 2008-06-03 23:03 --------- d-----w C:\Program Files\Logitech 2008-06-03 23:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd 2008-06-01 00:18 --------- d-----w C:\Program Files\LimeWire 2008-05-28 11:09 --------- d-----w C:\Program Files\Lavasoft 2008-05-28 11:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-05-28 11:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-05-27 14:47 --------- d-----w C:\Program Files\ESTsoft 2008-05-27 14:41 19,153,264 ----a-w C:\Program Files\Lavasoft_Adaware_multi.exe 2008-05-24 01:22 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Apple Computer 2008-05-22 13:32 2,869,264 ----a-w C:\Program Files\dotNetFx35setup.exe 2008-05-21 13:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-05-21 12:12 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Malwarebytes 2008-05-21 12:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-05-19 16:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\DisplayTune 2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Logitech 2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Grisoft 2008-05-14 22:44 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ArcSoft 2008-05-13 13:24 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Logitech 2008-05-12 20:16 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-05-12 20:16 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-05-12 20:16 --------- d-----r C:\Program Files\Creative 2008-05-12 19:34 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\GlarySoft 2008-05-09 21:09 --------- d-----w C:\Program Files\ANI 2008-05-09 21:08 --------- d-----w C:\Program Files\D-Link 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers mcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-05 11:15 --------- d-----r C:\Program Files\Panasonic 2008-05-05 11:07 --------- d-----r C:\Program Files\Alwil Software 2008-05-05 04:47 --------- d-----w C:\Documents and Settings\Marie\Application Data\Bell 2008-05-03 00:38 --------- d-----w C:\Documents and Settings\enfants\Application Data\Bell 2008-04-29 19:54 --------- d-----w C:\Program Files\Fichiers communs\Logitech 2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-29 13:20 27,100,264 -c--a-w C:\Program Files\PowerPointViewer.exe 2008-04-28 15:53 --------- d-----w C:\Program Files\Incomplete 2008-04-28 15:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Calendrier Xtra 2008-04-28 15:53 --------- d-----w C:\Documents and Settings\enfants\Application Data\Chessmaster Challenge 2008-04-28 13:43 --------- d-----w C:\Program Files\Windows Installer Clean Up 2008-04-28 13:43 --------- d-----w C:\Program Files\MSECache 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-20 20:30 1,338,384 -c--a-w C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe 2008-04-20 19:51 2,517 -c--a-w C:\Program Files\INSTALL.LOG 2008-04-08 06:52 119,479,710 -c--a-w C:\Program Files\OOo_2.4.0_Win32Intel_install_fr.exe 2008-04-08 06:27 1,664,591 -c--a-w C:\Program Files\pf-setup.exe 2008-04-05 16:33 9,309,624 -c--a-w C:\Program Files\Shockwave_Installer_Full.exe 2008-04-04 14:15 46,391,264 -c--a-w C:\Program Files\8-3_xp32_dd_ccc_wdm_enu_59746.exe 2008-04-03 23:50 57,144,896 -c--a-w C:\Program Files\setpoint440.exe 2008-04-02 17:45 2,751,368 -c--a-w C:\Program Files\ccsetup206.exe 2008-03-23 01:01 9,722,720 -c--a-w C:\Program Files\spybotsd152.exe 2008-03-21 14:38 8,161,400 -c--a-w C:\Program Files\Windows-KB890830-V1.39.exe 2008-03-09 14:21 407,680 -c--a-w C:\Program Files\aswclnr.exe 2008-02-25 15:15 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe 2008-02-25 15:11 881,192 -c--a-w C:\Program Files\WGAPluginInstall.exe 2008-02-24 01:22 1,491,592 -c--a-w C:\Program Files\install_flash_player.exe 2008-02-17 17:42 1,729 -c--a-w C:\Program Files\Adobe Reader 8.lnk 2008-02-12 16:50 95 -csh--w C:\Program Files\desktop.ini 2008-02-12 16:50 15,086 -csh--w C:\Program Files\ShedkoFolderico3_0627.ico 2007-12-09 00:04 12,413,440 -c--a-w C:\Program Files\avgas-setup-7.5.1.43.exe 2002-06-04 09:06 65,536 -c--a-w C:\WINDOWS\inf\copyinf.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3934F86C-2D84-4EAF-9065-65322C1AFE25}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58FF5B3A-2CF6-4B72-919A-AE590AA7890D}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f23bc38f-8d17-4211-9e42-0412ed74a192}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] C:\Documents and Settings\guillaine.HOME-6620B39EBF\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\ddcbxww] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\qomliii] qomliii.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk] backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service] --a------ 2008-05-28 11:05 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] --a--c--- 2007-11-13 15:24 72192 C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a--c--- 2001-09-04 04:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a--c--- 2004-02-24 22:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp] --a--c--- 2007-11-19 10:33 1468928 C:\Program Files\BellCanada\McciTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-05 08:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320] --a------ 2005-12-14 15:56 2711552 C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a--c--- 2004-08-05 08:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-05-11 08:43 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a--c--- 2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2007-10-25 16:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] --a--c--- 2003-12-01 12:38 892928 C:\Program Files\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WLSetupSvc"=3 (0x3) "WinDefend"=2 (0x2) "usnjsvc"=3 (0x3) "SPTISRV"=3 (0x3) "SoundMAX Agent Service (default)"=2 (0x2) "PACSPTISVR"=3 (0x3) "MSCSPTISRV"=3 (0x3) "McciCMService"=2 (0x2) "LVSrvLauncher"=2 (0x2) "LVPrcSrv"=2 (0x2) "LVCOMSer"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "DTSRVC"=2 (0x2) "CTDevice_Srv"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "aswUpdSv"=2 (0x2) "Apple Mobile Device"=2 (0x2) "ANIWZCSdService"=2 (0x2) "ACDaemon"=2 (0x2) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-disabled] "D-Link Wireless G WDA-1320"=C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\iTunes\iTunes.exe"= S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-08-25 15:00] S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 05:50] S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [] S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 17:51] S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 17:51] S4 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2007-11-14 13:04] S4 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-11-01 11:59] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-29 14:16:50 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . Temps d'accomplissement: 2008-06-29 14:19:36 ComboFix-quarantined-files.txt 2008-06-29 18:18:33 Pre-Run: 62,989,586,432 octets libres Post-Run: 62,975,143,936 octets libres 272 --- E O F --- 2008-06-26 11:25:56 ComboFix 08-06-20.4 - guillaine 2008-06-29 14:15:07.3 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.232 [GMT -4:00] Endroit: C:\Documents and Settings\guillaine.HOME-6620B39EBF\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\BM335ac9bc.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\acbeg.ini C:\WINDOWS\system32\acbeg.ini2 C:\WINDOWS\system32 qtss.ini C:\WINDOWS\system32 qtss.ini2 C:\WINDOWS\system32\stvwa.ini C:\WINDOWS\system32\stvwa.ini2 C:\WINDOWS\system32 tutv.ini C:\WINDOWS\system32 tutv.ini2 C:\WINDOWS\system32\vycdd.ini C:\WINDOWS\system32\vycdd.ini2 . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))))))) . 2008-06-29 09:38 . 2008-06-29 10:04 134,290,536 --a------ C:\Program Files\OOo_2.4.1_Win32Intel_install_wJRE_fr.exe 2008-06-26 12:51 . 2008-06-26 16:09 51,755 --a------ C:\lucmp3.nr3 2008-06-22 10:38 . 2008-06-22 10:38 36,544 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-06-22 10:25 . 2006-10-04 22:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-06-22 10:25 . 2006-10-04 22:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-06-20 07:19 . 2008-06-22 10:25 d-------- C:\Program Files\Picasa2 2008-06-20 07:17 . 2008-06-20 07:18 4,909,136 --a------ C:\Program Files\picasa2Setup.exe 2008-06-15 16:41 . 2008-06-15 16:42 d-------- C:\Documents and Settings\enfants\Application Data\OpenOffice.org2 2008-06-13 07:09 . 2008-06-13 07:09 d-------- C:\WINDOWS\system32\bits 2008-06-13 07:05 . 2007-03-29 08:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll 2008-06-13 07:05 . 2007-03-29 08:58 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll 2008-06-10 23:54 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 23:54 . 2008-06-14 13:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-04 07:32 . 2008-06-04 07:32 1,534,464 --a------ C:\Program Files\siw.exe 2008-06-03 19:03 . 2008-06-03 19:03 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech 2008-06-01 14:17 . 2008-06-01 14:17 1,491,365 --a------ C:\Program Files\wlm.exe 2008-06-01 13:45 . 2008-06-01 13:45 d-------- C:\Documents and Settings\enfants\Application Data\GlarySoft . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-29 14:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\OpenOffice.org2 2008-06-29 14:19 --------- d-----w C:\Program Files\OpenOffice.org 2.4 (fr) Installation Files 2008-06-29 13:34 --------- d-----w C:\Program Files\Windows Defender 2008-06-29 12:20 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-06-29 12:10 --------- d-----w C:\Program Files\Java 2008-06-27 04:04 --------- d-----r C:\Program Files\EClea2_0 2008-06-27 03:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\LimeWire 2008-06-27 03:59 --------- d-----w C:\Documents and Settings\enfants\Application Data\LimeWire 2008-06-26 11:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-24 10:56 --------- d-----w C:\Program Files\MesPolices10 2008-06-15 21:51 --------- d-----w C:\Documents and Settings\enfants\Application Data\Arcsoft 2008-06-15 06:51 --------- d-----w C:\Program Files\Circle Developement 2008-06-15 06:51 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\programidle 2008-06-15 06:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Frag great bend logo 2008-06-14 23:40 2,402,832 ----a-w C:\Program Files\WLinstaller.exe 2008-06-14 23:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-06-04 14:06 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ESTsoft 2008-06-03 23:04 --------- d-----w C:\Program Files\Fichiers communs\Logishrd 2008-06-03 23:03 --------- d-----w C:\Program Files\Logitech 2008-06-03 23:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd 2008-06-01 00:18 --------- d-----w C:\Program Files\LimeWire 2008-05-28 11:09 --------- d-----w C:\Program Files\Lavasoft 2008-05-28 11:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-05-28 11:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-05-27 14:47 --------- d-----w C:\Program Files\ESTsoft 2008-05-27 14:41 19,153,264 ----a-w C:\Program Files\Lavasoft_Adaware_multi.exe 2008-05-24 01:22 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Apple Computer 2008-05-22 13:32 2,869,264 ----a-w C:\Program Files\dotNetFx35setup.exe 2008-05-21 13:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-05-21 12:12 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Malwarebytes 2008-05-21 12:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-05-19 16:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\DisplayTune 2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Logitech 2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Grisoft 2008-05-14 22:44 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ArcSoft 2008-05-13 13:24 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Logitech 2008-05-12 20:16 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-05-12 20:16 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-05-12 20:16 --------- d-----r C:\Program Files\Creative 2008-05-12 19:34 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\GlarySoft 2008-05-09 21:09 --------- d-----w C:\Program Files\ANI 2008-05-09 21:08 --------- d-----w C:\Program Files\D-Link 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers mcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-05 11:15 --------- d-----r C:\Program Files\Panasonic 2008-05-05 11:07 --------- d-----r C:\Program Files\Alwil Software 2008-05-05 04:47 --------- d-----w C:\Documents and Settings\Marie\Application Data\Bell 2008-05-03 00:38 --------- d-----w C:\Documents and Settings\enfants\Application Data\Bell 2008-04-29 19:54 --------- d-----w C:\Program Files\Fichiers communs\Logitech 2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-29 13:20 27,100,264 -c--a-w C:\Program Files\PowerPointViewer.exe 2008-04-28 15:53 --------- d-----w C:\Program Files\Incomplete 2008-04-28 15:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Calendrier Xtra 2008-04-28 15:53 --------- d-----w C:\Documents and Settings\enfants\Application Data\Chessmaster Challenge 2008-04-28 13:43 --------- d-----w C:\Program Files\Windows Installer Clean Up 2008-04-28 13:43 --------- d-----w C:\Program Files\MSECache 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-20 20:30 1,338,384 -c--a-w C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe 2008-04-20 19:51 2,517 -c--a-w C:\Program Files\INSTALL.LOG 2008-04-08 06:52 119,479,710 -c--a-w C:\Program Files\OOo_2.4.0_Win32Intel_install_fr.exe 2008-04-08 06:27 1,664,591 -c--a-w C:\Program Files\pf-setup.exe 2008-04-05 16:33 9,309,624 -c--a-w C:\Program Files\Shockwave_Installer_Full.exe 2008-04-04 14:15 46,391,264 -c--a-w C:\Program Files\8-3_xp32_dd_ccc_wdm_enu_59746.exe 2008-04-03 23:50 57,144,896 -c--a-w C:\Program Files\setpoint440.exe 2008-04-02 17:45 2,751,368 -c--a-w C:\Program Files\ccsetup206.exe 2008-03-23 01:01 9,722,720 -c--a-w C:\Program Files\spybotsd152.exe 2008-03-21 14:38 8,161,400 -c--a-w C:\Program Files\Windows-KB890830-V1.39.exe 2008-03-09 14:21 407,680 -c--a-w C:\Program Files\aswclnr.exe 2008-02-25 15:15 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe 2008-02-25 15:11 881,192 -c--a-w C:\Program Files\WGAPluginInstall.exe 2008-02-24 01:22 1,491,592 -c--a-w C:\Program Files\install_flash_player.exe 2008-02-17 17:42 1,729 -c--a-w C:\Program Files\Adobe Reader 8.lnk 2008-02-12 16:50 95 -csh--w C:\Program Files\desktop.ini 2008-02-12 16:50 15,086 -csh--w C:\Program Files\ShedkoFolderico3_0627.ico 2007-12-09 00:04 12,413,440 -c--a-w C:\Program Files\avgas-setup-7.5.1.43.exe 2002-06-04 09:06 65,536 -c--a-w C:\WINDOWS\inf\copyinf.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3934F86C-2D84-4EAF-9065-65322C1AFE25}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58FF5B3A-2CF6-4B72-919A-AE590AA7890D}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f23bc38f-8d17-4211-9e42-0412ed74a192}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] C:\Documents and Settings\guillaine.HOME-6620B39EBF\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\ddcbxww] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\qomliii] qomliii.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk] backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service] --a------ 2008-05-28 11:05 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] --a--c--- 2007-11-13 15:24 72192 C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a--c--- 2001-09-04 04:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a--c--- 2004-02-24 22:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp] --a--c--- 2007-11-19 10:33 1468928 C:\Program Files\BellCanada\McciTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-05 08:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320] --a------ 2005-12-14 15:56 2711552 C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a--c--- 2004-08-05 08:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-05-11 08:43 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a--c--- 2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2007-10-25 16:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] --a--c--- 2003-12-01 12:38 892928 C:\Program Files\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WLSetupSvc"=3 (0x3) "WinDefend"=2 (0x2) "usnjsvc"=3 (0x3) "SPTISRV"=3 (0x3) "SoundMAX Agent Service (default)"=2 (0x2) "PACSPTISVR"=3 (0x3) "MSCSPTISRV"=3 (0x3) "McciCMService"=2 (0x2) "LVSrvLauncher"=2 (0x2) "LVPrcSrv"=2 (0x2) "LVCOMSer"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "DTSRVC"=2 (0x2) "CTDevice_Srv"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "aswUpdSv"=2 (0x2) "Apple Mobile Device"=2 (0x2) "ANIWZCSdService"=2 (0x2) "ACDaemon"=2 (0x2) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-disabled] "D-Link Wireless G WDA-1320"=C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\iTunes\iTunes.exe"= S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-08-25 15:00] S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 05:50] S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [] S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 17:51] S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 17:51] S4 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2007-11-14 13:04] S4 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-11-01 11:59] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-29 14:16:50 Windows 5.1.2600 Service Pack 2 NTFS

Utilisateur anonyme · Answer

Bonsoir, bonsoir,.....


Alors...

Il y a pas mal de fichier suspects... mais sans véritables importances je pense....
Ton rapport COmbo (pas besoin d'en coller 3) est compliqué à lire...).

Je voulais te demander de faire des scans en lignes de fichiers douteux... mais bon.....J'ai fermé la fenêtre internet avec ce que je te préparais.... C'est parti à la trappe.... sauf ce dont je suis quasi sur.....


Alors,
> Télécharge Lopxp (by Moe) : http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
- Double clic sur Lopxpsetup.exe pour lancer l'installation
- Choisis l'option 1
- Patiente jusqu'à ce qu'on te demande d'appuyer sur une touche.
- Un rapport sera alors crée, copie/colle le sur le forum.


Ensuite,
> Télécharge, puis installe MSNFix (de !aur3n7) : http://sosvirus.changelog.fr/MSNFix.zip , tuto de Malekal : https://www.malekal.com/supprimer-virus-desinfecter-pc/ (si tu as besion).
- Décompresse donc le dossier zip MSNFix et lance le fichier "MSNFix.bat". Une fenêtre bleue doit apparaitre.
- Mets l'interface en français en appuyant sur la touche F puis sur Entrée.
- Lance la recherche de virus en appuyant sur la touche R puis sur Entrée.
Si un virus est détecté, il te sera alors demandé de nettoyer l'ordinateur.
Un message d'erreur concernant la suppression impossible d'un fichier sera résolu par un redémarrage.
Après le nettoyage, la barre "Démarrer" s'efface puis réapparait, cela fait partie de la procédure de nettoyage.
- Poste le rapport qui s'ouvre en fin de nettoyage sur le forum

Si ta barre "Démarrer" ne s'affiche toujours pas, il suffit de faire :
Ctrl + Alt + Suppr (sous Windows XP), ou Ctrl + Maj + Echap (sous Windows Vista) pour ouvrir le Gestionnaire de tâches Windows.
- Fais ensuite "Fichier", puis "Nouvelle tâche" et entre explorer.exe dans la fenêtre qui apparait et finis par "OK".

- redémarre ton ordinateur pour achever le nettoyage !


Dis moi ou en sont tes soucis aussi .


Bon courage,


A+

ticlaine · Answer

Re-bonjour à toi cher DllD..... je sais il y a longtemps  que tu avais si gentiment commencé à désinfecter mon pc, mais n'étant pas trop habituée aux forums, j'avait ouvert mon sujet aussi sur zébulon....on m'avait alors demandé de travailler avec UNE SEULE personne , ce que "maintenant" je comprends très bien ! :)   je tiens alors à m'excuser très sincèrement de ne pas t'en avoir avisé.... 

encore merci à toi et on ne pourrait se passer de gens comme vous !

à bientôt ;)

guillou

Utilisateur anonyme · Answer

Hello Guillou .

C'est avant tout sympa de me prévenir. Oui, il faut éviter les doublons. 
S'ils t'ont dit cela sur Zeb c'est qu'ils ont bien raison.

Prends soin de ton PC.
Merci d'être passé.

A+

Le sioux · Answer

Hello DllD, ticlaine

Salut DllD, pour info, la suite se passe ici  https://forum.zebulon.fr/topic/152750-r%C3%A9solubesoin-dune-analyse-hijackthisinfection/

Cordialement, Le sioux.

Infection à l'horizon :(

7 réponses

Discussions similaires