Win32

Résolu
bnji17 Messages postés 101 Statut Membre -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
Je viens de revenir de vacances et je viens de remarquer que mon pc plus précisément avast a détecté win32 et bien qu'ayant supprimé certains fichiers infectés je n'arrive pas a le faire partir de mon ordinateur
J'ai regardé un peu le forum et je ne peux pas utiliser les méthodes recommandés puisque mon navigateur bug constament ( je n'arrives pas à accéder aux pages web) , je n'arrive plus à me rendre sur mon poste de travail donc je ne peux pas installer les logiciels recquis pour me débarasser de ce ver
J'écris ce message depuis un autre pc que j'ai en réseau qui fonctionne sans aucuns problêmes mais j'aimerais savoir s'il y a une autre solution que de réinstaller xp entièrement
Merci d'avance
Configuration: Windows XP
Internet Explorer 6.0

17 réponses

  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    tu vas utiliser une clé usb pour transférer d'un PC à L'autre

    Télécharge sur le Bureau HijackThis

    http://download.hijackthis.eu/HJTInstall.exe

    = Double-clique sur dessus pour l'installer
    = Clique sur Do a system scan and save the log
    = Colle le rapport
    si problème voir l'aide
    http://www.swl1f.net/viewtopic.php?f=14&t=153&p=1100#p1100
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    @+
    0
  2. bnji17 Messages postés 101 Statut Membre
     
    voila j'ai finalement réussi à faire le rapport et voila le résultat
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:55:45, on 23/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D7795574412C36CE - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
    O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
    O18 - Protocol: bw+0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Microsoft File Mapping Service (mshlpkd) - Unknown owner - C:\WINDOWS\system32\mshlp.exe
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: perfmons - Unknown owner - C:\WINDOWS\system32\perfs.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
    O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe
    0
  3. bnji17 Messages postés 101 Statut Membre
     
    je up le sujet j'attend vos conseils merci :)
    0
  4. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    ok

    Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Double-clique sur ToolBar-SD afin de lancer l'installation, un raccourci sera ajouté sur le Bureau.
    * Double-clique dessus pour démarrer l'outil; choisis la langue.
    * Sous Vista, faire un clic droit et "Exécuter en tant qu'administrateur" (Elévation des privilèges), puis -> Continuer.
    * Tape 2 puis sur la touche [Entrée] afin de lancer lasuppression.
    * Patiente jusqu'à la fin de la recherche.
    * À la fin du scan, le rapport s'ouvrira dans le Bloc-notes.
    * Poste ce rapport, par copier/coller, dans ta prochaine réponse.
    * Le rapport se trouve également sous : C:\TB.txt

    ** Aide en images
    https://sites.google.com/site/toolbarsd/aideenimages

    ensuite
    Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Déconnecte toi d'internet et ferme toutes tes applications.
    * Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
    * Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
    * /! Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!
    * Attends que Combofix ait terminé, un rapport sera créé.
    * réactive ton parefeu, ton antivirus, la garde de ton antispyware
    * copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
    * Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. bnji17 Messages postés 101 Statut Membre
     
    ok merci je m'y met et je donne le résultat rapidement
    0
  7. bnji17 Messages postés 101 Statut Membre
     
    rapport toolbar
    ComboFix 08-08-21.02 - Administrateur 2008-08-23 21:41:33.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.356 [GMT 2:00]
    Endroit: F:\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Gijon\Cookies\gijon@adopt.hotbar[1].txt
    C:\Documents and Settings\Gijon\Cookies\gijon@diffusion[2].txt
    C:\Documents and Settings\Gijon\Cookies\gijon@edt02[1].txt
    C:\Documents and Settings\Gijon\Cookies\gijon@serving-sys[2].txt
    C:\Documents and Settings\Gijon\Cookies\gijon@trafiz[2].txt
    C:\Documents and Settings\Gijon\Cookies\gijon@www.pixmania[2].txt
    C:\Documents and Settings\Gijon\Cookies\MM2048.DAT
    C:\Documents and Settings\Gijon\Cookies\MM256.DAT
    C:\WINDOWS\system32\afinding.exe
    C:\WINDOWS\system32\comsa32.sys
    C:\WINDOWS\system32\Nobicyt.exe
    C:\WINDOWS\system32\perfs.exe
    C:\WINDOWS\system32\routing.exe
    C:\WINDOWS\system32\tmp0_84189577062.bk
    C:\WINDOWS\system32\WServing.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_AFINDING
    -------\Legacy_PERFMONS
    -------\Legacy_ROUTING
    -------\Legacy_WSERVING
    -------\Service_AFinding
    -------\Service_perfmons
    -------\Service_Routing
    -------\Service_WServing
    -------\Legacy_NOBICYT
    -------\Service_NOBICYT

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-23 20:55 . 2008-08-23 20:55 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-23 20:54 . 2004-12-01 16:06 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-08-23 20:54 . 2004-08-16 19:19 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-08-23 20:54 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-08-23 20:54 . 2004-12-01 16:15 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-08-23 20:54 . 2008-08-23 21:37 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
    2008-08-23 20:54 . 2004-12-01 16:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
    2008-08-23 20:54 . 2004-12-01 16:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2008-08-23 20:54 . 2008-08-23 20:54 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-08-23 20:07 . 2008-08-23 20:07 <REP> d-------- C:\Program Files\Pack Securite
    2008-08-23 20:07 . 2008-08-23 20:07 118,842 --a------ C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe
    2008-08-23 20:07 . 2008-08-23 20:07 31 --a------ C:\WINDOWS\warhead.ini
    2008-08-23 17:21 . 2008-08-23 17:21 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-07-25 13:22 . 2008-07-25 13:22 665 --a------ C:\Documents and Settings\Gijon\Application Data\waver_2.95.dat
    2008-07-25 13:19 . 2008-07-25 13:19 <REP> d-------- C:\Program Files\Flop
    2008-07-25 13:19 . 2008-07-25 13:19 4 --a------ C:\WINDOWS\system32\qwolt.pdg
    2008-07-25 11:35 . 2008-07-28 12:10 60,928 --a------ C:\WINDOWS\system32\msdcb.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-23 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-23 18:48 --------- d-----w C:\Documents and Settings\Gijon\Application Data\DNA
    2008-08-23 17:08 --------- d-----w C:\Program Files\eMule
    2008-08-23 15:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-07-24 22:02 --------- d-----w C:\Program Files\Cool MP3 Converter
    2008-07-18 15:24 --------- d-----w C:\Program Files\Microsoft FrontPage Express
    2008-07-17 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-17 17:44 --------- d-----w C:\Program Files\Gpotato.eu
    2008-07-17 09:36 --------- d-----w C:\Documents and Settings\Gijon\Application Data\BitTorrent
    2008-07-17 09:35 --------- d-----w C:\Program Files\CamStudio
    2008-07-10 22:13 --------- d-----w C:\Documents and Settings\Gijon\Application Data\vlc
    2008-07-10 22:12 --------- d-----w C:\Program Files\VideoLAN
    2008-07-08 20:11 --------- d-----w C:\Documents and Settings\Gijon\Application Data\Skype
    2008-07-07 18:02 --------- d-----w C:\Program Files\Replay Converter
    2008-07-07 18:02 --------- d-----w C:\Documents and Settings\Gijon\Application Data\GetRightToGo
    2008-07-05 09:30 --------- d-----w C:\Program Files\Replay Media Catcher
    2008-07-05 09:23 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2008-07-03 13:56 --------- d-----w C:\Documents and Settings\Gijon\Application Data\gtk-2.0
    2008-07-01 11:08 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-07-01 08:42 --------- d-----w C:\Program Files\Windows Live
    2008-07-01 08:42 --------- d-----w C:\Program Files\MSN Messenger
    2008-07-01 08:42 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-28 17:16 --------- d-----w C:\Documents and Settings\Gijon\Application Data\Samsung
    2008-06-28 17:02 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
    2008-06-28 16:51 --------- d-----w C:\Program Files\Samsung
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-19 17:34 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-05 16:38 65,536 ----a-w C:\WINDOWS\IFinst27.exe
    2007-09-20 16:16 5,632 --sha-w C:\Program Files\Thumbs.db
    2007-04-13 12:32 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2006-09-08 12:13 66,179,586 ----a-w C:\Program Files\partie online.fm
    2005-04-04 15:11 760,173,456 ----a-w C:\Program Files\rld-sw4a.bin
    2005-04-04 15:11 74 ----a-w C:\Program Files\rld-sw4a.cue
    2005-03-17 15:45 56 --sh--r C:\WINDOWS\system32\9383173AC3.sys
    2006-04-06 07:22 7,362 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-05 00:23 289088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-12-01 16:21 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 01:52 849280]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50 86016]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "SoundMan"="SOUNDMAN.EXE" [2004-02-26 17:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
    "VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
    "nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.SP53"= SP5X_32.DLL
    "VIDC.SP54"= SP5X_32.DLL
    "VIDC.SP55"= SP5X_32.DLL
    "VIDC.SP56"= SP5X_32.DLL
    "VIDC.SP57"= SP5X_32.DLL
    "VIDC.SP58"= SP5X_32.DLL
    "VIDC.SP59"= SP5X_32.DLL
    "vidc.mxmc"= MimicICM.DLL
    "VIDC.FMVC"= fmcodec.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HdReg]
    --a------ 2004-08-09 19:45 24576 C:\APPS\HDReg\HDRegApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2006-11-04 15:48 36864 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
    --a------ 2002-09-11 13:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
    --a------ 2002-09-11 13:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
    --a------ 2002-09-09 18:16 90112 C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVComS.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2004-10-08 04:14 81920 c:\APPS\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2004-12-01 16:21 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    --a------ 2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\APPS\\Inventime\\my.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\WINDOWS\\system32\\dplaysvr.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10093:UDP"= 10093:UDP:port fm 1
    "10094:TCP"= 10094:TCP:port fm 2
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    S2 mshlpkd;Microsoft File Mapping Service;C:\WINDOWS\system32\mshlp.exe [2004-08-05 15:00]
    S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]
    S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 15:21]
    S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 15:24]
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
    S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b64e937-5913-11da-9e9f-00ff00300101}]
    \Shell\AutoRun\command - E:\autorun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
    ShellIconOverlayIdentifiers-{E4000AC4-5E5F-4956-807A-C5854405D64F} - %SystemRoot%\system32\VirtualExpander\VEShellExt.dll
    HKLM-Run-VVSN - C:\Program Files\VVSN\VVSN.exe
    MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
    MSConfigStartUp-ccApp - C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    MSConfigStartUp-HbTools - C:\Program Files\HbTools\Bin\4.7.2.1\HbtOEAddOn.exe
    MSConfigStartUp-MessengerPlus3 - C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    MSConfigStartUp-Microsoft Works Portfolio - C:\Program Files\Microsoft Works\WksSb.exe
    MSConfigStartUp-Microsoft Works Update Detection - C:\Program Files\Microsoft Works\WkDetect.exe
    MSConfigStartUp-Shareaza - C:\Program Files\Shareaza\Shareaza.exe
    MSConfigStartUp-Steam - C:\Valve\Steam\Steam.exe
    MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    MSConfigStartUp-URLLSTCK - C:\Program Files\Norton Internet Security\UrlLstCk.exe
    MSConfigStartUp-WeatherOnTray - C:\Program Files\HbTools\Bin\4.7.2.1\HbtWeatherOnTray.exe

    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Gijon\Application Data\Mozilla\Firefox\Profiles\y5pm6d3x.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - www.orange.fr
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-23 21:51:45
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Inventel\Gateway\WLANCFG.EXE
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-23 22:08:16 - machine was rebooted [Gijon]
    ComboFix-quarantined-files.txt 2008-08-23 20:08:11

    Pre-Run: 5,618,757,632 octets libres
    Post-Run: 9,770,483,712 octets libres

    270 --- E O F --- 2008-07-10 06:40:36

    rapport combofix

    ComboFix 08-08-21.02 - Gijon 2008-08-23 22:18:40.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.260 [GMT 2:00]
    Endroit: C:\Documents and Settings\Gijon\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-23 20:55 . 2008-08-23 20:55 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-23 20:54 . 2004-12-01 16:06 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-08-23 20:54 . 2004-08-16 19:19 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-08-23 20:54 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-08-23 20:54 . 2004-12-01 16:15 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-08-23 20:54 . 2008-08-23 21:37 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
    2008-08-23 20:54 . 2004-12-01 16:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
    2008-08-23 20:54 . 2004-12-01 16:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2008-08-23 20:54 . 2008-08-23 20:54 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-08-23 20:07 . 2008-08-23 20:07 <REP> d-------- C:\Program Files\Pack Securite
    2008-08-23 20:07 . 2008-08-23 20:07 118,842 --a------ C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe
    2008-08-23 20:07 . 2008-08-23 20:07 31 --a------ C:\WINDOWS\warhead.ini
    2008-08-23 17:21 . 2008-08-23 17:21 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-07-25 13:22 . 2008-07-25 13:22 665 --a------ C:\Documents and Settings\Gijon\Application Data\waver_2.95.dat
    2008-07-25 13:19 . 2008-07-25 13:19 <REP> d-------- C:\Program Files\Flop
    2008-07-25 13:19 . 2008-07-25 13:19 4 --a------ C:\WINDOWS\system32\qwolt.pdg
    2008-07-25 11:35 . 2008-07-28 12:10 60,928 --a------ C:\WINDOWS\system32\msdcb.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-23 20:05 --------- d-----w C:\Documents and Settings\Gijon\Application Data\DNA
    2008-08-23 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-23 17:08 --------- d-----w C:\Program Files\eMule
    2008-08-23 15:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-07-24 22:02 --------- d-----w C:\Program Files\Cool MP3 Converter
    2008-07-18 15:24 --------- d-----w C:\Program Files\Microsoft FrontPage Express
    2008-07-17 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-17 17:44 --------- d-----w C:\Program Files\Gpotato.eu
    2008-07-17 09:36 --------- d-----w C:\Documents and Settings\Gijon\Application Data\BitTorrent
    2008-07-17 09:35 --------- d-----w C:\Program Files\CamStudio
    2008-07-10 22:13 --------- d-----w C:\Documents and Settings\Gijon\Application Data\vlc
    2008-07-10 22:12 --------- d-----w C:\Program Files\VideoLAN
    2008-07-08 20:11 --------- d-----w C:\Documents and Settings\Gijon\Application Data\Skype
    2008-07-07 18:02 --------- d-----w C:\Program Files\Replay Converter
    2008-07-07 18:02 --------- d-----w C:\Documents and Settings\Gijon\Application Data\GetRightToGo
    2008-07-05 09:30 --------- d-----w C:\Program Files\Replay Media Catcher
    2008-07-05 09:23 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2008-07-03 13:56 --------- d-----w C:\Documents and Settings\Gijon\Application Data\gtk-2.0
    2008-07-01 11:08 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-07-01 08:42 --------- d-----w C:\Program Files\Windows Live
    2008-07-01 08:42 --------- d-----w C:\Program Files\MSN Messenger
    2008-07-01 08:42 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-28 17:16 --------- d-----w C:\Documents and Settings\Gijon\Application Data\Samsung
    2008-06-28 17:02 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
    2008-06-28 16:51 --------- d-----w C:\Program Files\Samsung
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-19 17:34 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-05 16:38 65,536 ----a-w C:\WINDOWS\IFinst27.exe
    2007-09-20 16:16 5,632 --sha-w C:\Program Files\Thumbs.db
    2007-04-13 12:32 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2006-09-08 12:13 66,179,586 ----a-w C:\Program Files\partie online.fm
    2005-04-04 15:11 760,173,456 ----a-w C:\Program Files\rld-sw4a.bin
    2005-04-04 15:11 74 ----a-w C:\Program Files\rld-sw4a.cue
    2005-03-17 15:45 56 --sh--r C:\WINDOWS\system32\9383173AC3.sys
    2006-04-06 07:22 7,362 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-23_22.07.45,68 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-28 10:10:23 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-08-23 20:02:46 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-07-28 10:10:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-08-23 20:02:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-07-28 10:10:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-23 20:02:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-23 20:15:41 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_6b4.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
    @="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
    [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
    %SystemRoot%\system32\VirtualExpander\VEShellExt.dll [BU]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-05 00:23 289088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-12-01 16:21 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 01:52 849280]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50 86016]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "SoundMan"="SOUNDMAN.EXE" [2004-02-26 17:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
    "VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
    "nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

    C:\Documents and Settings\Gijon\Menu D‚marrer\Programmes\D‚marrage\
    VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2007-08-30 00:27:41 434176]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.SP53"= SP5X_32.DLL
    "VIDC.SP54"= SP5X_32.DLL
    "VIDC.SP55"= SP5X_32.DLL
    "VIDC.SP56"= SP5X_32.DLL
    "VIDC.SP57"= SP5X_32.DLL
    "VIDC.SP58"= SP5X_32.DLL
    "VIDC.SP59"= SP5X_32.DLL
    "vidc.mxmc"= MimicICM.DLL
    "VIDC.FMVC"= fmcodec.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HdReg]
    --a------ 2004-08-09 19:45 24576 C:\APPS\HDReg\HDRegApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2006-11-04 15:48 36864 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
    --a------ 2002-09-11 13:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
    --a------ 2002-09-11 13:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
    --a------ 2002-09-09 18:16 90112 C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVComS.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2004-10-08 04:14 81920 c:\APPS\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2004-12-01 16:21 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    --a------ 2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\APPS\\Inventime\\my.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\WINDOWS\\system32\\dplaysvr.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10093:UDP"= 10093:UDP:port fm 1
    "10094:TCP"= 10094:TCP:port fm 2
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]
    S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 15:21]
    S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 15:24]
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
    S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b64e937-5913-11da-9e9f-00ff00300101}]
    \Shell\AutoRun\command - E:\autorun.exe

    *Newly Created Service* - CATCHME

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Gijon\Application Data\Mozilla\Firefox\Profiles\y5pm6d3x.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - www.orange.fr
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-23 22:23:17
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
    .
    Temps d'accomplissement: 2008-08-23 22:25:47
    ComboFix-quarantined-files.txt 2008-08-23 20:25:33
    ComboFix2.txt 2008-08-23 20:08:18

    Pre-Run: 9,763,172,352 octets libres
    Post-Run: 9,748,832,256 octets libres

    232 --- E O F --- 2008-07-10 06:40:36
    0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    selectionne ceci

    File::
    C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe
    C:\WINDOWS\system32\msdcb.exe
    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\IFinst27.exe
    C:\WINDOWS\system32\9383173AC3.sys


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Veille à ce que Retour à la ligne ne soit pas coché dans Format.
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
    si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

    @+
    0
  9. bnji17 Messages postés 101 Statut Membre
     
    ComboFix 08-08-21.02 - Gijon 2008-08-23 23:05:08.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.222 [GMT 2:00]
    Endroit: C:\Documents and Settings\Gijon\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Gijon\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe
    C:\WINDOWS\IFinst27.exe
    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\system32\9383173AC3.sys
    C:\WINDOWS\system32\msdcb.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe
    C:\WINDOWS\IFinst27.exe
    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\system32\9383173AC3.sys
    C:\WINDOWS\system32\msdcb.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-23 20:55 . 2008-08-23 20:55 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-23 20:54 . 2004-12-01 16:06 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-08-23 20:54 . 2004-08-16 19:19 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-08-23 20:54 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-08-23 20:54 . 2004-12-01 16:15 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-08-23 20:54 . 2008-08-23 21:37 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
    2008-08-23 20:54 . 2004-12-01 16:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
    2008-08-23 20:54 . 2004-12-01 16:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2008-08-23 20:54 . 2008-08-23 20:54 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-08-23 20:07 . 2008-08-23 20:07 <REP> d-------- C:\Program Files\Pack Securite
    2008-08-23 20:07 . 2008-08-23 20:07 31 --a------ C:\WINDOWS\warhead.ini
    2008-08-23 17:21 . 2008-08-23 17:21 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-07-25 13:22 . 2008-07-25 13:22 665 --a------ C:\Documents and Settings\Gijon\Application Data\waver_2.95.dat
    2008-07-25 13:19 . 2008-07-25 13:19 <REP> d-------- C:\Program Files\Flop
    2008-07-25 13:19 . 2008-07-25 13:19 4 --a------ C:\WINDOWS\system32\qwolt.pdg

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-23 21:06 --------- d-----w C:\Documents and Settings\Gijon\Application Data\DNA
    2008-08-23 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-23 17:08 --------- d-----w C:\Program Files\eMule
    2008-08-23 15:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-07-24 22:02 --------- d-----w C:\Program Files\Cool MP3 Converter
    2008-07-18 15:24 --------- d-----w C:\Program Files\Microsoft FrontPage Express
    2008-07-17 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-17 17:44 --------- d-----w C:\Program Files\Gpotato.eu
    2008-07-17 09:36 --------- d-----w C:\Documents and Settings\Gijon\Application Data\BitTorrent
    2008-07-17 09:35 --------- d-----w C:\Program Files\CamStudio
    2008-07-10 22:13 --------- d-----w C:\Documents and Settings\Gijon\Application Data\vlc
    2008-07-10 22:12 --------- d-----w C:\Program Files\VideoLAN
    2008-07-08 20:11 --------- d-----w C:\Documents and Settings\Gijon\Application Data\Skype
    2008-07-07 18:02 --------- d-----w C:\Program Files\Replay Converter
    2008-07-07 18:02 --------- d-----w C:\Documents and Settings\Gijon\Application Data\GetRightToGo
    2008-07-05 09:30 --------- d-----w C:\Program Files\Replay Media Catcher
    2008-07-03 13:56 --------- d-----w C:\Documents and Settings\Gijon\Application Data\gtk-2.0
    2008-07-01 11:08 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-07-01 08:42 --------- d-----w C:\Program Files\Windows Live
    2008-07-01 08:42 --------- d-----w C:\Program Files\MSN Messenger
    2008-07-01 08:42 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-28 17:16 --------- d-----w C:\Documents and Settings\Gijon\Application Data\Samsung
    2008-06-28 17:02 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
    2008-06-28 16:51 --------- d-----w C:\Program Files\Samsung
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-19 17:34 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2007-09-20 16:16 5,632 --sha-w C:\Program Files\Thumbs.db
    2007-04-13 12:32 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2006-09-08 12:13 66,179,586 ----a-w C:\Program Files\partie online.fm
    2005-04-04 15:11 760,173,456 ----a-w C:\Program Files\rld-sw4a.bin
    2005-04-04 15:11 74 ----a-w C:\Program Files\rld-sw4a.cue
    2006-04-06 07:22 7,362 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-23_22.07.45,68 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-28 10:10:23 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-08-23 20:02:46 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-07-28 10:10:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-08-23 20:02:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-07-28 10:10:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-23 20:02:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-23 20:15:41 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_6b4.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
    @="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
    [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
    %SystemRoot%\system32\VirtualExpander\VEShellExt.dll [BU]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-05 00:23 289088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-12-01 16:21 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 01:52 849280]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50 86016]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "SoundMan"="SOUNDMAN.EXE" [2004-02-26 17:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
    "VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
    "nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

    C:\Documents and Settings\Gijon\Menu D‚marrer\Programmes\D‚marrage\
    VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2007-08-30 00:27:41 434176]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.SP53"= SP5X_32.DLL
    "VIDC.SP54"= SP5X_32.DLL
    "VIDC.SP55"= SP5X_32.DLL
    "VIDC.SP56"= SP5X_32.DLL
    "VIDC.SP57"= SP5X_32.DLL
    "VIDC.SP58"= SP5X_32.DLL
    "VIDC.SP59"= SP5X_32.DLL
    "vidc.mxmc"= MimicICM.DLL
    "VIDC.FMVC"= fmcodec.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HdReg]
    --a------ 2004-08-09 19:45 24576 C:\APPS\HDReg\HDRegApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2006-11-04 15:48 36864 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
    --a------ 2002-09-11 13:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
    --a------ 2002-09-11 13:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
    --a------ 2002-09-09 18:16 90112 C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVComS.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2004-10-08 04:14 81920 c:\APPS\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2004-12-01 16:21 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    --a------ 2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\APPS\\Inventime\\my.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\WINDOWS\\system32\\dplaysvr.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10093:UDP"= 10093:UDP:port fm 1
    "10094:TCP"= 10094:TCP:port fm 2
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]
    S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 15:21]
    S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 15:24]
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b64e937-5913-11da-9e9f-00ff00300101}]
    \Shell\AutoRun\command - E:\autorun.exe

    *Newly Created Service* - CATCHME

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-23 23:09:36
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
    .
    Temps d'accomplissement: 2008-08-23 23:13:10
    ComboFix-quarantined-files.txt 2008-08-23 21:12:05
    ComboFix2.txt 2008-08-23 20:25:48
    ComboFix3.txt 2008-08-23 20:08:18

    Pre-Run: 9,698,881,536 octets libres
    Post-Run: 9,685,307,392 octets libres

    235 --- E O F --- 2008-07-10 06:40:36
    0
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    très bien

    Télécharge malwarebytes
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    Une aide pour l'installation
    http://www.swl1f.net/viewtopic.php?f=14&t=68

    => Installe le
    => Ensuite va en mode sans echec

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

    => Lance malwarebytes
    => Coche "Executer un examen complet"
    => Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
    => Clique sur Supprimer la sélection
    => Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
    => Fait copier coller et poste le rapport

    --------------------------

    ensuite

    * Télécharge CCleaner
    https://filehippo.com/download_ccleaner/
    => Aide toi de ce tuto pour l'utiliser
    http://www.swl1f.net/viewtopic.php?f=14&t=69
    0
  11. bnji17 Messages postés 101 Statut Membre
     
    voici le rapport
    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1078
    Windows 5.1.2600 Service Pack 2

    09:09:19 2008-08-24
    mbam-log-08-24-2008 (09-09-19).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 137637
    Temps écoulé: 2 hour(s), 6 minute(s), 1 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  12. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    pour la suite

    fait un scan en ligne

    avec bitdefender et colle le rapport

    https://www.bitdefender.com/toolbox/

    Scan à faire sous Internet Explorer

    un tuto
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    ensuite un nouveau rapport hijack stp
    @+
    0
  13. bnji17 Messages postés 101 Statut Membre
     
    j'ai fait le scan avec bitdefender j'ai enregistré le rapport mais lorsque je l'ouvre c'est vide il n'y a rien
    j'ai refais un scan hijack le voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:28, on 2008-08-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
    O18 - Protocol: bw+0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
    0
  14. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    va dans le panneau de config et désinstalle le programme le Desktop Messeger.

    Ensuite

    Relance HijackThis et clique sur "Do a system scan only"
    Ensuite recherche ces lignes et coches les cases

    O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
    O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab

    Une fois coché, ferme toutes les fenêtres et applications et clique sur "Fix checked"

    redémarre ton PC et dit moi si tu as encore des soucis
    0
  15. bnji17 Messages postés 101 Statut Membre
     
    je viens de redémarrer et apparemment tout fonctionne bien
    Penses tu que je devrais prendreun autre antivirus que Avast?
    En tous cas merci beaucoup de ton aide , vraiment merci pour m'avoir aider à remettre mon pc sur pied ;)
    0
  16. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    pour lantivirus oui je pense qu'il y a beaucoup mieux

    regarde ceci
    http://www.swl1f.net/viewtopic.php?f=14&t=59
    0
  17. bnji17 Messages postés 101 Statut Membre
     
    ok j'ai désinstalé avast la et je viens d'installer Avia Antivir il est vrai qu'avec avast j'ai eu quelques soucis donc je vais tester celui la
    Merci encore pour tout !
    0
  18. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    oki ;)

    Si tu n'a plus de soucis

    Tu peux supprimer tous les logiciels que nous avons utilisés
    va dans ajout/suppression de programes et dans programmes files
    pour vérifier

    ensuite fait ceci (IMPORTANT)

    * Désactivation :
    Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
    > Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

    * Activation :
    Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
    > Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..

    Pense aussi à faire tes mises à jours régulièrement

    Windows update : ==> ici =>http://www.update.microsoft.com/windowsupdate/v6/default.aspx
    Java : ==> ici => https://www.java.com/fr/download/

    Ces mises à jours sont très importantes pour la sécurité de ton PC.

    N'installe qu'un seul parefeu !!
    et bien sur qu'un antivirus

    N'oublie pas de faire régulièrement les mises à jour de tes logiciels avant chaque scan.

    * Tu peux aussi utiliser ces logiciels de sécurité

    Malwarebytes => C'est un anti-malwares gratuit et en français, tu devras une fois installer le lancer périodiquement pour contrôler ton PC.
    Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=68

    Spyware Terminator => C'est un anti-spyware gratuit et en français, Il travaillera automatiquement grâce à son module résident, tu pourras le programmer pour effectuer un scan journalier.
    Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=66

    * Ensuite quelques conseils
    L'infection de ton pc peut se faire de différente façon, voici en quelques lignes plusieurs points à éviter. ==> ici =>http://www.swl1f.net/viewtopic.php?f=14&t=67

    * le navigateur

    Essaye le navigateur Firefox plus sur/securisé qu IE
    Firefox n'utilise pas le dangereux protocole ActiveX
    * Téléchargement: ==> Firefox => http://www.mozilla-europe.org/fr/products/firefox/
    * Tutorial pour le sécuriser: ==> ici =>https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/

    Important
    Surfez avec les droits administrateurs sur le net te rend vulnérable, il faut donc utiliser un autre compte que celui de l'administrateur


    * Pour que ton pc retrouve un peu de jeunesse
    * Pense a lancer une petite défragmentation.
    * Utilise CCleaner régulièrement.
    * Gère tes services grâce a ces 2 liens
    ==> ici => http://speedweb1.free.fr/frames2.php?page=service3 et ==> ici => http://speedweb1.free.fr/frames2.php?page=service4
    * Utilise Zeb Utility
    une application ne nécessitant pas d’installation, pour optimiser un poil ton pc. (merci a l ami Zebulon)
    Téléchargement : ==> ici ==> https://www.zebulon.fr/telechargements/utilitaires/optimisation/zeb-utility.html
    Tuto : ==> ici => https://www.zebulon.fr/dossiers/autres/58-zebutility.html

    Et pour finir

    Dénonce ton infection pour faire condamner les auteurs.

    Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection

    - Voir les règles du forum : ==> ici => https://malwarecomplaints.info/
    - Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
    Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
    Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

    Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

    * malwarecomplaints => https://malwarecomplaints.info/

    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections
    conforme au règle du forum (age, ville, département etc..)

    Indique aussi le nom du Forum qui t'a aidé

    * Tuto => http://www.malekal.com/malwarecomplaints.html

    @+
    0