infectée par virus et trojan (brastk...) Fermé

Question

Bonjour,

j'ai chopé des saletés
avast m'a deja signalé (et j'ai suprimé ) :
c: windows system 32 drivers beep.sys
c: system 32 brastk.exe
c: windows brastk.exe
et j'ai relevé un des noms de virus (il y avait aussi un trojan) win32.lighty-B "crochet"Cryp"crochet

je suis entrain de scanner avec avast, a squared spybot s and d, avg anti spyware, fsecure
et j'ai deja suprimé des rootkit avec avg anti rootkit
j'ai suprimé ausis avec smit fraudix
cependant ma page internet explorer veut toujours se mettre avec google en demarage

voici mon scan hijackthis (j'ai voulu le mettre sur la page qui explique ce qu'il faut enlever,mais il me dit que je n'ai ni antivirus ni firewall et que mon pc n'est pas a jour, ce qui est faut et je n'arrive odnc pas a acceder a la page )

merci pour v otre aide
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Multimedia Combo Set Driver\MouseDrv.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Multimedia Combo Set Driver\PS2USBKbdDrv.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\5JuMIkH.exe
C:\PROGRAM FILES\A-SQUARED FREE\A2FREE.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Sylvia\Bureau\fsbl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O18 - Protocol: bw+0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {98CA92F2-E321-450D-A001-D65B16628E0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Destrio5 · Answer

Salut,

---> Télécharge SDFix (créé par AndyManchesta) sur ton Bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
- Double-clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. 
- Redémarre ton ordinateur en mode sans échec.

---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ton compte.

---> Déroule la liste des instructions ci-dessous :
- Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer le script.
- Appuie sur Y pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
- Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.

jacques.gache · Answer

bonjour, pour ta page d'acceuil d'internet explorer dont on ignore la version car tu n'as pas mis l'entête du rapport hijackthis qui nous permet de savoir la version de ton IE et celle de hijackthis des fois quel soit périmé et ça peux fosser la lecture , as tu été une fois IE ouvert dans outils , options internet et la changer dans le cadre prévu pour cela.
sinon dans un premier temps tu relances hijackthis comme expliqué pour Fixer les lignes

.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux 
.Lances HijackThis 
.Cliques sur "Do a system scan only" 
.Tu coches les lignes suivantes : 
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe 
 ET PUIS TOUTES LES LIGNES 018

.Tu cliques sur "Fix Checked" 
.Tu fermes HijackThis 

des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm

******************************************************************************************

postes un nouveau hijackthis mais avec l'entête, Merci

sylviabiscotte · Answer

bonjour et merci Destrio et Jacques

j'ai internet exploreur 7, je pensé que c'est noté dans mon profil, desolee

j'ai scanné mon ordi jusqu'a tot ce matin, suprimé pas mal de saletés et là j'ai fait ce que vous m'avez demandé
a savoir le scan en sans echec avec sdfix
j'ai refai un scan aussi avec smitfraudfix (qui m'avait deja trouvé des saletés hier)
j'ai fait le menage dansl e log hijack
voici les trois rapports (sdfix puis smitfraudfix et hijak
j'espere etre debarrassée, si vous pouviez voir si c'est ok ? merci

RAPPORT SDFIX :


[b]SDFix: Version 1.237 [/b]
Run by Sylvia on 24/10/2008 at 12:54

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\WINDOWS\system32\wini10801.exe - Deleted





Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware 

detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 13:04:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedacc

ess\parameters\firewallpolicy\standardprofile\authorizedapplica

tions\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.

exe:*:enabled:@xpsp2res.dll,-22019"
"J:\SAUVEGARDE 13 DECEMBRE 

2007\TELECHARGEMENT\incredimail_install.exe"="J:\SAUVEGARDE 

13 DECEMBRE 

2007\TELECHARGEMENT\incredimail_install.exe:*:Enabled:Incredi

Mail Installer"
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"="

C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:E

nabled:Kaspersky AV Scanner"
"C:\Documents and Settings\Sylvia\Local 

Settings\Temp\ImInstaller\IncrediMail\incredimail_install.e

xe"="C:\Documents and Settings\Sylvia\Local 

Settings\Temp\ImInstaller\IncrediMail\incredimail_install.e

xe:*:Enabled:IncrediMail Installer"
"%windir%\Network 

Diagnostic\xpnetdiag.exe"="%windir%\Network 

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Sylvia\Local Settings\Temporary 

Internet 

Files\Content.IE5\5OFAWR9J\incredimail_install[1].exe"="C:\

Documents and Settings\Sylvia\Local Settings\Temporary 

Internet 

Files\Content.IE5\5OFAWR9J\incredimail_install[1].exe:*:Enab

led:IncrediMail Installer"
"C:\Documents and Settings\Sylvia\Local 

Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1

].exe"="C:\Documents and Settings\Sylvia\Local 

Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1

].exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\Sylvia\Local Settings\Temporary 

Internet 

Files\Content.IE5\5OFAWR9J\incredimail_incredimail_build_308

8_francais_10318[1].exe"="C:\Documents and 

Settings\Sylvia\Local Settings\Temporary Internet 

Files\Content.IE5\5OFAWR9J\incredimail_incredimail_build_308

8_francais_10318[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program 

Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program 

Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program 

Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Logitech\Desktop 

Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\

\Program Files\Logitech\Desktop 

Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Dis

abled:Logitech Desktop Messenger"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WI

NDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assis

tance … distance - Windows Messenger et voix"
"C:\Program Files\Windows 

Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows 

Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows 

Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows 

Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program 

Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program 

Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedacc

ess\parameters\firewallpolicy\domainprofile\authorizedapplicati

ons\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.

exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network 

Diagnostic\xpnetdiag.exe"="%windir%\Network 

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop 

Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\

\Program Files\Logitech\Desktop 

Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Ena

bled:Logitech Desktop Messenger"
"C:\Program Files\Windows 

Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows 

Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows 

Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows 

Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu  5 Aug 2004        94,864 ..SH. --- "C:\WINDOWS	wain.dll"
Mon 14 Apr 2008        50,688 ..SH. --- 

"C:\WINDOWS	wain_32.dll"
Sun  9 Dec 2007             0 A.SH. --- 

"C:\WINDOWS\SMINST\HPCD.sys"
Mon 14 Apr 2008     1,028,096 A.SH. --- 

"C:\WINDOWS\system32\mfc42.dll"
Mon 14 Apr 2008        57,344 ..SH. --- 

"C:\WINDOWS\system32\msvcirt.dll"
Mon 14 Apr 2008       413,696 A.SH. --- 

"C:\WINDOWS\system32\msvcp60.dll"
Mon 14 Apr 2008       343,040 A.SH. --- 

"C:\WINDOWS\system32\msvcrt.dll"
Mon 14 Apr 2008       551,936 ..SH. --- 

"C:\WINDOWS\system32\oleaut32.dll"
Mon 14 Apr 2008        84,992 A.SH. --- 

"C:\WINDOWS\system32\olepro32.dll"
Mon 14 Apr 2008        12,288 ..SH. --- 

"C:\WINDOWS\system32egsvr32.exe"
Thu  5 Aug 2004        12,288 ..SH. --- "C:\Program 

Files\MUSICMATCH\Musicmatch Jukebox\MMComReg.exe"

[b]Finished![/b]

RAPPORT SMITFRAUDFIX :

SmitFraudFix v2.148

Rapport fait à 13:11:27,01, 24/10/2008
Executé à partir de C:\Documents and 

Settings\Sylvia\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément 

infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément 

infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows 

NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément 

infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


RAPPORT HIJACKTHIS :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:23, on 24/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Multimedia Combo Set Driver\MouseDrv.exe
C:\Program Files\Multimedia Combo Set Driver\PS2USBKbdDrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS
otepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.mc243.mail.yahoo.com/mc/showFolder?fid=Inbox&.rand=128214909&da=0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Destrio5 · Answer

- Télécharge et installe Malwarebytes' Anti-Malware  :
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware

- Mets-le à jour.

- Redémarre en mode sans échec (Recommandé) :
https://blog.sosordi.net/

- Choisis ta session habituelle.

- Fais un scan complet avec Malwarebytes' Anti-Malware .

- Supprime tout ce que le logiciel trouve, enregistre le rapport.

- Redémarre en mode normal et poste le rapport ici.

Destrio5 · Answer

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt

sylviabiscotte · Answer

voila le rapport : (J: etant mon disque dur externe, est il normal que "aurorun" ait été supprimé ???) merci ComboFix 08-11-01.01 - Sylvia 2008-11-02 11:21:12.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1449 [GMT 0:00] Lancé depuis: C:\Documents and Settings\Sylvia\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\ODCTOOLS C:\WINDOWS\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab C:\WINDOWS\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab C:\WINDOWS\system32\_000007_.tmp.dll C:\WINDOWS\system32\TDSSlrvd.dat J:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-02 au 2008-11-02 )))))))))))))))))))))))))))))))))))) . 2008-10-28 19:31 . 2008-10-28 19:31 d-------- C:\Program Files\Apple Software Update 2008-10-28 19:30 . 2008-04-17 12:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll 2008-10-28 19:30 . 2008-04-17 12:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2008-10-28 19:29 . 2008-10-28 19:30 d-------- C:\Program Files\iTunes 2008-10-28 19:29 . 2008-10-28 19:29 d-------- C:\Program Files\iPod 2008-10-28 19:29 . 2008-10-28 19:29 d-------- C:\Program Files\Bonjour 2008-10-28 19:29 . 2008-10-28 19:30 d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-28 19:22 . 2008-10-28 19:23 d-------- C:\Program Files\QuickTime 2008-10-28 19:22 . 2008-10-28 19:29 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-10-28 14:25 . 2008-10-28 14:25 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-10-27 22:17 . 2008-10-27 22:17 d-------- C:\Program Files\FTP 2008-10-26 21:30 . 2008-10-26 21:31 d-------- C:\Program Files\TeamSpeak3 2008-10-25 19:31 . 2008-10-25 19:31 d-------- C:\Documents and Settings\All Users\Application Data\IM 2008-10-25 19:30 . 2008-10-25 19:30 d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail 2008-10-24 12:54 . 2008-10-24 12:54 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-10-24 12:50 . 2008-10-24 12:51 d-------- C:\WINDOWS\ERUNT 2008-10-23 20:10 . 2008-10-15 16:35 337,408 -----c--- C:\WINDOWS\system32\dllcache etapi32.dll 2008-10-23 19:36 . 2008-10-24 13:09 d-------- C:\SDFix 2008-10-23 19:22 . 2008-10-24 18:21 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-23 19:22 . 2008-10-23 19:22 d-------- C:\Documents and Settings\Sylvia\Application Data\Malwarebytes 2008-10-23 19:22 . 2008-10-23 19:22 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-23 19:22 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-23 19:22 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-23 15:02 . 2008-10-23 15:02 d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Neopets Toolbar 2008-10-18 10:07 . 2008-10-18 10:07 d-------- C:\Documents and Settings\Sylvia\Application Data\Uniblue 2008-10-16 11:53 . 2008-08-14 13:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache toskrnl.exe 2008-10-16 11:53 . 2008-08-14 13:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache tkrnlmp.exe 2008-10-16 11:53 . 2008-08-14 13:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache tkrnlpa.exe 2008-10-16 11:53 . 2008-08-14 13:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache tkrpamp.exe 2008-10-16 11:53 . 2008-09-15 15:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-16 11:53 . 2008-09-08 10:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-09 00:47 . 2008-10-09 00:47 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-10-04 12:22 . 2008-10-04 12:22 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm 2008-10-04 12:21 . 2008-10-04 12:21 d-------- C:\Program Files\Siber Systems . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-02 11:26 51,079,200 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-11-02 01:20 598,772 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-10-28 19:30 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Apple Computer 2008-10-28 19:24 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-10-28 19:23 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-10-26 21:42 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Xfire 2008-10-25 19:30 --------- d-----w C:\Program Files\IncrediMail 2008-10-24 13:14 4,092 ----a-w C:\WINDOWS\system32 mp.reg 2008-10-24 02:21 --------- d-----w C:\Program Files\SpywareBlaster 2008-10-24 02:19 --------- d-----w C:\Program Files\Xfire 2008-10-24 02:16 --------- d-----w C:\Program Files\SpywareGuard 2008-10-24 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-24 02:06 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-10-24 01:07 --------- d-----w C:\Program Files\a-squared Free 2008-10-23 18:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-10-14 17:54 --------- d-----w C:\Program Files\DivX 2008-09-29 22:41 --------- d-----w C:\Program Files\Windows Desktop Search 2008-09-19 11:40 --------- d-----w C:\Program Files\Windows Live 2008-09-19 11:38 --------- d-----w C:\Program Files\Microsoft 2008-09-19 11:34 --------- d-----w C:\Program Files\Fichiers communs\Windows Live 2008-09-18 11:47 --------- d-----w C:\Program Files\Winamp 2008-09-16 00:14 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-09-16 00:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-09-16 00:11 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-09-16 00:11 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-09-16 00:11 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-09-16 00:11 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-09-16 00:11 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-14 22:01 --------- d-----w C:\Program Files\Dictionnaire 2008-09-09 22:57 --------- d-----w C:\Program Files\RarZilla Free Unrar 2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-09-03 18:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire 2008-08-29 09:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe 2008-08-29 08:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll 2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-21 10:39 5,986,133 ----a-w C:\WINDOWS\Internet Logs vDebug.zip 2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32 toskrnl.exe 2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32 tkrnlpa.exe 2004-08-05 19:00 94,864 --sh--w C:\WINDOWS wain.dll 2008-04-14 02:33 50,688 --sh--w C:\WINDOWS wain_32.dll 2007-12-09 11:25 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys 2008-04-14 02:33 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll 2008-04-14 02:33 57,344 --sh--w C:\WINDOWS\system32\msvcirt.dll 2008-04-14 02:33 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2008-04-14 02:33 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll 2008-04-14 02:33 551,936 --sh--w C:\WINDOWS\system32\oleaut32.dll 2008-04-14 02:33 84,992 --sha-w C:\WINDOWS\system32\olepro32.dll 2008-04-14 02:34 12,288 --sh--w C:\WINDOWS\system32 egsvr32.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="\Program\" [X] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-10-04 160592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 212992] "WireLessMouse"="C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe" [2005-11-30 94208] "WireLessKeyboard"="C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe" [2005-11-30 94208] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-07-19 53248] "Launch LgDevAgt"="C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-07-18 99600] "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824] "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32 wiz.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\Sylvia\Menu D‚marrer\Programmes\D‚marrage\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 360448] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-19 528384] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\IncrediMail\bin\ImApp.exe"= "C:\Program Files\IncrediMail\bin\IncMail.exe"= "C:\Program Files\IncrediMail\bin\ImpCnt.exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"= "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\iTunes\iTunes.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 34944] R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\wd_windows_tools\WDSetup.exe *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2008-10-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\Sylvia\Application Data\Mozilla\Firefox\Profiles\466b0t8x.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.mc236.mail.yahoo.com/mc/welcome?.rand=bfpq7k5if858d FF -: plugin - C:\Program Files\Virtools\3D Life Player pvirtools.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-02 11:26:11 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-11-02 11:27:36 ComboFix-quarantined-files.txt 2008-11-02 11:27:27 Avant-CF: 289 387 831 296 octets libres Après-CF: 289,797,332,992 octets libres 208 --- E O F --- 2008-10-24 02:02:51

Destrio5 · Answer

"voila le rapport : (J: etant mon disque dur externe, est il normal que "aurorun" ait été supprimé ???)"
---> Oui.

---> Poste un nouveau rapport HijackThis.

Destrio5 · Answer

---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. 
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs sans sauvegarder la base de registre.

---> Poste un nouveau rapport HijackThis.

Destrio5 · Answer

---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"     

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"     

O4 - HKCU\..\Run: [LDM] \Program\ 

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose (Pareil pour Spybot).

---> Redémarre ton PC et poste un dernier rapport HijackThis.

Destrio5 · Answer

As-tu encore des problèmes ?

Destrio5 · Answer

Que se passe-t-il avec ton imprimante ?

sylviabiscotte · Answer

et bien malgré les netoyages, mes cartouches imprimes striées et tirant vers le rose... voici le lien :

http://www.commentcamarche.net/forum/affich 7296921 imprimante hp psc 750 imprime mal
merci

Infectée par virus et trojan (brastk...)

12 réponses

Discussions similaires

Newsletters