Win32 Résolu

Question

Bonjour,
Je viens de revenir de vacances et je viens de remarquer que mon pc plus précisément avast a détecté win32 et bien qu'ayant supprimé certains fichiers infectés je n'arrive pas a le faire partir de mon ordinateur 
J'ai regardé un peu le forum et je ne peux pas utiliser les méthodes recommandés puisque mon navigateur bug constament ( je n'arrives pas à accéder aux pages web) , je n'arrive plus à me rendre sur mon poste de travail donc je ne peux pas installer les logiciels recquis pour me débarasser de ce ver
J'écris ce message depuis un autre pc que j'ai en réseau qui fonctionne sans aucuns problêmes mais j'aimerais savoir s'il y a une autre solution que de réinstaller xp entièrement
Merci d'avance

ep44 · Answer

Bonsoir 

tu vas utiliser une clé usb pour transférer d'un PC à L'autre 


Télécharge sur le Bureau HijackThis  

http://download.hijackthis.eu/HJTInstall.exe

= Double-clique sur dessus pour l'installer 
= Clique sur Do a system scan and save the log
= Colle le rapport
si problème voir l'aide
http://www.swl1f.net/viewtopic.php?f=14&t=153&p=1100#p1100
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 

@+

bnji17 · Answer

voila j'ai finalement réussi à faire le rapport et voila le résultat
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:45, on 23/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D7795574412C36CE - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O18 - Protocol: bw+0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Microsoft File Mapping Service (mshlpkd) - Unknown owner - C:\WINDOWS\system32\mshlp.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: perfmons - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32outing.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

bnji17 · Answer

je up le sujet j'attend vos conseils merci :)

ep44 · Answer

ok

Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Double-clique sur ToolBar-SD afin de lancer l'installation, un raccourci sera ajouté sur le Bureau.
    * Double-clique dessus pour démarrer l'outil; choisis la langue.
    * Sous Vista, faire un clic droit et "Exécuter en tant qu'administrateur" (Elévation des privilèges), puis -> Continuer.
    * Tape 2 puis sur la touche [Entrée] afin de lancer lasuppression.
    * Patiente jusqu'à la fin de la recherche.
    * À la fin du scan, le rapport s'ouvrira dans le Bloc-notes.
    * Poste ce rapport, par copier/coller, dans ta prochaine réponse.
    * Le rapport se trouve également sous : C:\TB.txt

** Aide en images
https://sites.google.com/site/toolbarsd/aideenimages

ensuite 
 Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /! Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.

bnji17 · Answer

ok merci je m'y met et je donne le résultat rapidement

bnji17 · Answer

rapport toolbar
ComboFix 08-08-21.02 - Administrateur 2008-08-23 21:41:33.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.356 [GMT 2:00]
Endroit: F:\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gijon\Cookies\gijon@adopt.hotbar[1].txt
C:\Documents and Settings\Gijon\Cookies\gijon@diffusion[2].txt
C:\Documents and Settings\Gijon\Cookies\gijon@edt02[1].txt
C:\Documents and Settings\Gijon\Cookies\gijon@serving-sys[2].txt
C:\Documents and Settings\Gijon\Cookies\gijon@trafiz[2].txt
C:\Documents and Settings\Gijon\Cookies\gijon@www.pixmania[2].txt
C:\Documents and Settings\Gijon\Cookies\MM2048.DAT
C:\Documents and Settings\Gijon\Cookies\MM256.DAT
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\tmp0_84189577062.bk
C:\WINDOWS\system32\WServing.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_perfmons
-------\Service_Routing
-------\Service_WServing
-------\Legacy_NOBICYT
-------\Service_NOBICYT

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
.

2008-08-23 20:55 . 2008-08-23 20:55 <REP> d-------- C:\Program Files\Trend Micro
2008-08-23 20:54 . 2004-12-01 16:06 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-08-23 20:54 . 2004-08-16 19:19 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-23 20:54 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-08-23 20:54 . 2004-12-01 16:15 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-08-23 20:54 . 2008-08-23 21:37 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2008-08-23 20:54 . 2004-12-01 16:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-08-23 20:54 . 2004-12-01 16:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-08-23 20:54 . 2008-08-23 20:54 <REP> d-------- C:\Documents and Settings\Administrateur
2008-08-23 20:07 . 2008-08-23 20:07 <REP> d-------- C:\Program Files\Pack Securite
2008-08-23 20:07 . 2008-08-23 20:07 118,842 --a------ C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe
2008-08-23 20:07 . 2008-08-23 20:07 31 --a------ C:\WINDOWS\warhead.ini
2008-08-23 17:21 . 2008-08-23 17:21 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-07-25 13:22 . 2008-07-25 13:22 665 --a------ C:\Documents and Settings\Gijon\Application Data\waver_2.95.dat
2008-07-25 13:19 . 2008-07-25 13:19 <REP> d-------- C:\Program Files\Flop
2008-07-25 13:19 . 2008-07-25 13:19 4 --a------ C:\WINDOWS\system32\qwolt.pdg
2008-07-25 11:35 . 2008-07-28 12:10 60,928 --a------ C:\WINDOWS\system32\msdcb.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 18:48 --------- d-----w C:\Documents and Settings\Gijon\Application Data\DNA
2008-08-23 17:08 --------- d-----w C:\Program Files\eMule
2008-08-23 15:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-24 22:02 --------- d-----w C:\Program Files\Cool MP3 Converter
2008-07-18 15:24 --------- d-----w C:\Program Files\Microsoft FrontPage Express
2008-07-17 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 17:44 --------- d-----w C:\Program Files\Gpotato.eu
2008-07-17 09:36 --------- d-----w C:\Documents and Settings\Gijon\Application Data\BitTorrent
2008-07-17 09:35 --------- d-----w C:\Program Files\CamStudio
2008-07-10 22:13 --------- d-----w C:\Documents and Settings\Gijon\Application Data\vlc
2008-07-10 22:12 --------- d-----w C:\Program Files\VideoLAN
2008-07-08 20:11 --------- d-----w C:\Documents and Settings\Gijon\Application Data\Skype
2008-07-07 18:02 --------- d-----w C:\Program Files\Replay Converter
2008-07-07 18:02 --------- d-----w C:\Documents and Settings\Gijon\Application Data\GetRightToGo
2008-07-05 09:30 --------- d-----w C:\Program Files\Replay Media Catcher
2008-07-05 09:23 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-07-03 13:56 --------- d-----w C:\Documents and Settings\Gijon\Application Data\gtk-2.0
2008-07-01 11:08 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-01 08:42 --------- d-----w C:\Program Files\Windows Live
2008-07-01 08:42 --------- d-----w C:\Program Files\MSN Messenger
2008-07-01 08:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-28 17:16 --------- d-----w C:\Documents and Settings\Gijon\Application Data\Samsung
2008-06-28 17:02 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
2008-06-28 16:51 --------- d-----w C:\Program Files\Samsung
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 17:34 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 16:38 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-09-20 16:16 5,632 --sha-w C:\Program Files\Thumbs.db
2007-04-13 12:32 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-09-08 12:13 66,179,586 ----a-w C:\Program Files\partie online.fm
2005-04-04 15:11 760,173,456 ----a-w C:\Program Files\rld-sw4a.bin
2005-04-04 15:11 74 ----a-w C:\Program Files\rld-sw4a.cue
2005-03-17 15:45 56 --sh--r C:\WINDOWS\system32\9383173AC3.sys
2006-04-06 07:22 7,362 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-05 00:23 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-12-01 16:21 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 01:52 849280]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 17:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"vidc.mxmc"= MimicICM.DLL
"VIDC.FMVC"= fmcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HdReg]
--a------ 2004-08-09 19:45 24576 C:\APPS\HDReg\HDRegApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-11-04 15:48 36864 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-09-11 13:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-09-11 13:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-09-09 18:16 90112 C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2004-10-08 04:14 81920 c:\APPS\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-12-01 16:21 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10093:UDP"= 10093:UDP:port fm 1
"10094:TCP"= 10094:TCP:port fm 2
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 mshlpkd;Microsoft File Mapping Service;C:\WINDOWS\system32\mshlp.exe [2004-08-05 15:00]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 15:21]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 15:24]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b64e937-5913-11da-9e9f-00ff00300101}]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
ShellIconOverlayIdentifiers-{E4000AC4-5E5F-4956-807A-C5854405D64F} - %SystemRoot%\system32\VirtualExpander\VEShellExt.dll
HKLM-Run-VVSN - C:\Program Files\VVSN\VVSN.exe
MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
MSConfigStartUp-ccApp - C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
MSConfigStartUp-HbTools - C:\Program Files\HbTools\Bin\4.7.2.1\HbtOEAddOn.exe
MSConfigStartUp-MessengerPlus3 - C:\Program Files\MessengerPlus! 3\MsgPlus.exe
MSConfigStartUp-Microsoft Works Portfolio - C:\Program Files\Microsoft Works\WksSb.exe
MSConfigStartUp-Microsoft Works Update Detection - C:\Program Files\Microsoft Works\WkDetect.exe
MSConfigStartUp-Shareaza - C:\Program Files\Shareaza\Shareaza.exe
MSConfigStartUp-Steam - C:\Valve\Steam\Steam.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
MSConfigStartUp-URLLSTCK - C:\Program Files\Norton Internet Security\UrlLstCk.exe
MSConfigStartUp-WeatherOnTray - C:\Program Files\HbTools\Bin\4.7.2.1\HbtWeatherOnTray.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Gijon\Application Data\Mozilla\Firefox\Profiles\y5pm6d3x.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.orange.fr
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 21:51:45
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-23 22:08:16 - machine was rebooted [Gijon]
ComboFix-quarantined-files.txt 2008-08-23 20:08:11

Pre-Run: 5,618,757,632 octets libres
Post-Run: 9,770,483,712 octets libres

270 --- E O F --- 2008-07-10 06:40:36

rapport combofix

ComboFix 08-08-21.02 - Gijon 2008-08-23 22:18:40.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.260 [GMT 2:00]
Endroit: C:\Documents and Settings\Gijon\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
.

2008-08-23 20:55 . 2008-08-23 20:55 <REP> d-------- C:\Program Files\Trend Micro
2008-08-23 20:54 . 2004-12-01 16:06 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-23 20:54 . 2004-08-16 19:19 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-23 20:54 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-23 20:54 . 2004-12-01 16:15 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-08-23 20:54 . 2008-08-23 21:37 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2008-08-23 20:54 . 2004-12-01 16:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-08-23 20:54 . 2004-12-01 16:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-08-23 20:54 . 2008-08-23 20:54 <REP> d-------- C:\Documents and Settings\Administrateur
2008-08-23 20:07 . 2008-08-23 20:07 <REP> d-------- C:\Program Files\Pack Securite
2008-08-23 20:07 . 2008-08-23 20:07 118,842 --a------ C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe
2008-08-23 20:07 . 2008-08-23 20:07 31 --a------ C:\WINDOWS\warhead.ini
2008-08-23 17:21 . 2008-08-23 17:21 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-07-25 13:22 . 2008-07-25 13:22 665 --a------ C:\Documents and Settings\Gijon\Application Data\waver_2.95.dat
2008-07-25 13:19 . 2008-07-25 13:19 <REP> d-------- C:\Program Files\Flop
2008-07-25 13:19 . 2008-07-25 13:19 4 --a------ C:\WINDOWS\system32\qwolt.pdg
2008-07-25 11:35 . 2008-07-28 12:10 60,928 --a------ C:\WINDOWS\system32\msdcb.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 20:05 --------- d-----w C:\Documents and Settings\Gijon\Application Data\DNA
2008-08-23 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 17:08 --------- d-----w C:\Program Files\eMule
2008-08-23 15:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-24 22:02 --------- d-----w C:\Program Files\Cool MP3 Converter
2008-07-18 15:24 --------- d-----w C:\Program Files\Microsoft FrontPage Express
2008-07-17 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 17:44 --------- d-----w C:\Program Files\Gpotato.eu
2008-07-17 09:36 --------- d-----w C:\Documents and Settings\Gijon\Application Data\BitTorrent
2008-07-17 09:35 --------- d-----w C:\Program Files\CamStudio
2008-07-10 22:13 --------- d-----w C:\Documents and Settings\Gijon\Application Data\vlc
2008-07-10 22:12 --------- d-----w C:\Program Files\VideoLAN
2008-07-08 20:11 --------- d-----w C:\Documents and Settings\Gijon\Application Data\Skype
2008-07-07 18:02 --------- d-----w C:\Program Files\Replay Converter
2008-07-07 18:02 --------- d-----w C:\Documents and Settings\Gijon\Application Data\GetRightToGo
2008-07-05 09:30 --------- d-----w C:\Program Files\Replay Media Catcher
2008-07-05 09:23 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-07-03 13:56 --------- d-----w C:\Documents and Settings\Gijon\Application Data\gtk-2.0
2008-07-01 11:08 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-01 08:42 --------- d-----w C:\Program Files\Windows Live
2008-07-01 08:42 --------- d-----w C:\Program Files\MSN Messenger
2008-07-01 08:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-28 17:16 --------- d-----w C:\Documents and Settings\Gijon\Application Data\Samsung
2008-06-28 17:02 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
2008-06-28 16:51 --------- d-----w C:\Program Files\Samsung
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 17:34 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 16:38 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-09-20 16:16 5,632 --sha-w C:\Program Files\Thumbs.db
2007-04-13 12:32 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-09-08 12:13 66,179,586 ----a-w C:\Program Files\partie online.fm
2005-04-04 15:11 760,173,456 ----a-w C:\Program Files\rld-sw4a.bin
2005-04-04 15:11 74 ----a-w C:\Program Files\rld-sw4a.cue
2005-03-17 15:45 56 --sh--r C:\WINDOWS\system32\9383173AC3.sys
2006-04-06 07:22 7,362 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-23_22.07.45,68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-28 10:10:23 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-23 20:02:46 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-28 10:10:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-08-23 20:02:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-07-28 10:10:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-23 20:02:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-23 20:15:41 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_6b4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
%SystemRoot%\system32\VirtualExpander\VEShellExt.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-05 00:23 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-12-01 16:21 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 01:52 849280]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 17:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

C:\Documents and Settings\Gijon\Menu D‚marrer\Programmes\D‚marrage\
VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2007-08-30 00:27:41 434176]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"vidc.mxmc"= MimicICM.DLL
"VIDC.FMVC"= fmcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HdReg]
--a------ 2004-08-09 19:45 24576 C:\APPS\HDReg\HDRegApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-11-04 15:48 36864 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-09-11 13:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-09-11 13:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-09-09 18:16 90112 C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2004-10-08 04:14 81920 c:\APPS\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-12-01 16:21 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10093:UDP"= 10093:UDP:port fm 1
"10094:TCP"= 10094:TCP:port fm 2
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 15:21]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 15:24]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b64e937-5913-11da-9e9f-00ff00300101}]
\Shell\AutoRun\command - E:\autorun.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Gijon\Application Data\Mozilla\Firefox\Profiles\y5pm6d3x.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.orange.fr
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 22:23:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
Temps d'accomplissement: 2008-08-23 22:25:47
ComboFix-quarantined-files.txt 2008-08-23 20:25:33
ComboFix2.txt 2008-08-23 20:08:18

Pre-Run: 9,763,172,352 octets libres
Post-Run: 9,748,832,256 octets libres

232 --- E O F --- 2008-07-10 06:40:36

ep44 · Answer

selectionne ceci


File::
C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe  
C:\WINDOWS\system32\msdcb.exe  
C:\WINDOWS\iun6002.exe       
C:\WINDOWS\IFinst27.exe       
C:\WINDOWS\system32\9383173AC3.sys  


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format. 
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci 
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.  

@+

bnji17 · Answer

ComboFix 08-08-21.02 - Gijon 2008-08-23 23:05:08.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.222 [GMT 2:00]
Endroit: C:\Documents and Settings\Gijon\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gijon\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\9383173AC3.sys
C:\WINDOWS\system32\msdcb.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\9383173AC3.sys
C:\WINDOWS\system32\msdcb.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
.

2008-08-23 20:55 . 2008-08-23 20:55 <REP> d-------- C:\Program Files\Trend Micro
2008-08-23 20:54 . 2004-12-01 16:06 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-23 20:54 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-23 20:54 . 2004-08-16 19:19 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-23 20:54 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-23 20:54 . 2004-12-01 16:15 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-08-23 20:54 . 2008-08-23 21:37 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2008-08-23 20:54 . 2004-12-01 16:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-08-23 20:54 . 2004-12-01 16:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-08-23 20:54 . 2008-08-23 20:54 <REP> d-------- C:\Documents and Settings\Administrateur
2008-08-23 20:07 . 2008-08-23 20:07 <REP> d-------- C:\Program Files\Pack Securite
2008-08-23 20:07 . 2008-08-23 20:07 31 --a------ C:\WINDOWS\warhead.ini
2008-08-23 17:21 . 2008-08-23 17:21 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-07-25 13:22 . 2008-07-25 13:22 665 --a------ C:\Documents and Settings\Gijon\Application Data\waver_2.95.dat
2008-07-25 13:19 . 2008-07-25 13:19 <REP> d-------- C:\Program Files\Flop
2008-07-25 13:19 . 2008-07-25 13:19 4 --a------ C:\WINDOWS\system32\qwolt.pdg

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 21:06 --------- d-----w C:\Documents and Settings\Gijon\Application Data\DNA
2008-08-23 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 17:08 --------- d-----w C:\Program Files\eMule
2008-08-23 15:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-24 22:02 --------- d-----w C:\Program Files\Cool MP3 Converter
2008-07-18 15:24 --------- d-----w C:\Program Files\Microsoft FrontPage Express
2008-07-17 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 17:44 --------- d-----w C:\Program Files\Gpotato.eu
2008-07-17 09:36 --------- d-----w C:\Documents and Settings\Gijon\Application Data\BitTorrent
2008-07-17 09:35 --------- d-----w C:\Program Files\CamStudio
2008-07-10 22:13 --------- d-----w C:\Documents and Settings\Gijon\Application Data\vlc
2008-07-10 22:12 --------- d-----w C:\Program Files\VideoLAN
2008-07-08 20:11 --------- d-----w C:\Documents and Settings\Gijon\Application Data\Skype
2008-07-07 18:02 --------- d-----w C:\Program Files\Replay Converter
2008-07-07 18:02 --------- d-----w C:\Documents and Settings\Gijon\Application Data\GetRightToGo
2008-07-05 09:30 --------- d-----w C:\Program Files\Replay Media Catcher
2008-07-03 13:56 --------- d-----w C:\Documents and Settings\Gijon\Application Data\gtk-2.0
2008-07-01 11:08 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-01 08:42 --------- d-----w C:\Program Files\Windows Live
2008-07-01 08:42 --------- d-----w C:\Program Files\MSN Messenger
2008-07-01 08:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-28 17:16 --------- d-----w C:\Documents and Settings\Gijon\Application Data\Samsung
2008-06-28 17:02 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
2008-06-28 16:51 --------- d-----w C:\Program Files\Samsung
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 17:34 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2007-09-20 16:16 5,632 --sha-w C:\Program Files\Thumbs.db
2007-04-13 12:32 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-09-08 12:13 66,179,586 ----a-w C:\Program Files\partie online.fm
2005-04-04 15:11 760,173,456 ----a-w C:\Program Files\rld-sw4a.bin
2005-04-04 15:11 74 ----a-w C:\Program Files\rld-sw4a.cue
2006-04-06 07:22 7,362 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-23_22.07.45,68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-28 10:10:23 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-23 20:02:46 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-28 10:10:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-08-23 20:02:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-07-28 10:10:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-23 20:02:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-23 20:15:41 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_6b4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
%SystemRoot%\system32\VirtualExpander\VEShellExt.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-05 00:23 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-12-01 16:21 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 01:52 849280]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 17:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

C:\Documents and Settings\Gijon\Menu D‚marrer\Programmes\D‚marrage\
VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2007-08-30 00:27:41 434176]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"vidc.mxmc"= MimicICM.DLL
"VIDC.FMVC"= fmcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HdReg]
--a------ 2004-08-09 19:45 24576 C:\APPS\HDReg\HDRegApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-11-04 15:48 36864 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-09-11 13:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-09-11 13:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-09-09 18:16 90112 C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2004-10-08 04:14 81920 c:\APPS\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-12-01 16:21 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10093:UDP"= 10093:UDP:port fm 1
"10094:TCP"= 10094:TCP:port fm 2
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 15:21]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 15:24]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b64e937-5913-11da-9e9f-00ff00300101}]
\Shell\AutoRun\command - E:\autorun.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 23:09:36
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
Temps d'accomplissement: 2008-08-23 23:13:10
ComboFix-quarantined-files.txt 2008-08-23 21:12:05
ComboFix2.txt 2008-08-23 20:25:48
ComboFix3.txt 2008-08-23 20:08:18

Pre-Run: 9,698,881,536 octets libres
Post-Run: 9,685,307,392 octets libres

235 --- E O F --- 2008-07-10 06:40:36

ep44 · Answer

très bien

Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation 
http://www.swl1f.net/viewtopic.php?f=14&t=68


=> Installe le 
=> Ensuite va en mode sans echec 


   Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
   Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel


=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport 

--------------------------

ensuite 

* Télécharge CCleaner 
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser 
http://www.swl1f.net/viewtopic.php?f=14&t=69

bnji17 · Answer

voici le rapport 
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1078
Windows 5.1.2600 Service Pack 2

09:09:19 2008-08-24
mbam-log-08-24-2008 (09-09-19).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 137637
Temps écoulé: 2 hour(s), 6 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

ep44 · Answer

Bonjour 


pour la suite 

fait un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

Scan à faire sous Internet Explorer

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

ensuite un nouveau rapport hijack stp
@+

bnji17 · Answer

j'ai fait le scan avec bitdefender j'ai enregistré le rapport mais lorsque je l'ouvre c'est vide il n'y a rien 
j'ai refais un scan hijack le voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28, on 2008-08-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O18 - Protocol: bw+0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {03FEC2B6-E33D-4611-8D6B-3E99E51A64C6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

ep44 · Answer

va dans le panneau de config et désinstalle  le programme le Desktop Messeger.

Ensuite 

Relance HijackThis et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases 

O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab 
 O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab 

Une fois coché, ferme toutes les fenêtres et applications et clique sur "Fix checked" 


redémarre ton PC et dit moi si tu as encore des soucis

bnji17 · Answer

je viens de redémarrer et apparemment tout fonctionne bien
Penses tu que je devrais prendreun autre antivirus que Avast? 
En tous cas merci beaucoup de ton aide , vraiment merci pour m'avoir aider à remettre mon pc sur pied ;)

ep44 · Answer

pour lantivirus oui je pense qu'il y a beaucoup mieux 

regarde ceci 
http://www.swl1f.net/viewtopic.php?f=14&t=59

bnji17 · Answer

ok j'ai désinstalé avast la et je viens d'installer Avia Antivir il est  vrai qu'avec avast j'ai eu quelques soucis donc je vais tester celui la 
Merci encore pour tout !

ep44 · Answer

oki ;)

Si tu n'a plus de soucis 

Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier


ensuite fait ceci (IMPORTANT)

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..



      Pense aussi à faire tes mises à jours régulièrement

      Windows update : ==> ici =>http://www.update.microsoft.com/windowsupdate/v6/default.aspx
      Java : ==> ici => https://www.java.com/fr/download/

      Ces mises à jours sont très importantes pour la sécurité de ton PC.



      N'installe qu'un seul parefeu !!
      et bien sur qu'un antivirus

      N'oublie pas de faire régulièrement les mises à jour de tes logiciels avant chaque scan.

    * Tu peux aussi utiliser ces logiciels de sécurité

      Malwarebytes => C'est un anti-malwares gratuit et en français, tu devras une fois installer le lancer périodiquement pour contrôler ton PC.
      Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=68

      Spyware Terminator => C'est un anti-spyware gratuit et en français, Il travaillera automatiquement grâce à son module résident, tu pourras le programmer pour effectuer un scan journalier.
     Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=66




    * Ensuite quelques conseils
      L'infection de ton pc peut se faire de différente façon, voici en quelques lignes plusieurs points à éviter. ==> ici =>http://www.swl1f.net/viewtopic.php?f=14&t=67



    * le navigateur

      Essaye le navigateur Firefox plus sur/securisé qu IE
      Firefox n'utilise pas le dangereux protocole ActiveX
    * Téléchargement: ==> Firefox => http://www.mozilla-europe.org/fr/products/firefox/
    * Tutorial pour le sécuriser: ==> ici =>https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/



      Important
      Surfez avec les droits administrateurs sur le net te rend vulnérable, il faut donc utiliser un autre compte que celui de l'administrateur





    * Pour que ton pc retrouve un peu de jeunesse
    * Pense a lancer une petite défragmentation.
    * Utilise CCleaner régulièrement.
    * Gère tes services grâce a ces 2 liens
      ==> ici => http://speedweb1.free.fr/frames2.php?page=service3 et ==> ici => http://speedweb1.free.fr/frames2.php?page=service4
    * Utilise Zeb Utility
      une application ne nécessitant pas d’installation, pour optimiser un poil ton pc. (merci a l ami Zebulon)
      Téléchargement : ==> ici ==> https://www.zebulon.fr/telechargements/utilitaires/optimisation/zeb-utility.html
      Tuto : ==> ici => https://www.zebulon.fr/dossiers/autres/58-zebutility.html






Et pour finir


Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection

- Voir les règles du forum : ==> ici => https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).


* malwarecomplaints => https://malwarecomplaints.info/

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections
conforme au règle du forum (age, ville, département etc..)


Indique aussi le nom du Forum qui t'a aidé 

* Tuto => http://www.malekal.com/malwarecomplaints.html

@+

Win32

17 réponses

Votre réponse

Discussions similaires

Newsletters