Sujet Précédent Sujet Suivant

INFECTIONS TROJAN-Rapport Hijackthis

Résolu/Fermé
sab.dac - 13 déc. 2008 à 19:30
sab.dac Messages postés 69 Date d'inscription samedi 6 décembre 2008 Statut Membre Dernière intervention 5 juillet 2012 - 16 déc. 2008 à 11:51
Bonjour,

Depuis quelques jours, j'ai des rapports de plantage qui s'affichent chaque fois que je ferme internet.
Je viens de lancer Pc Tools Spyware Doctor. Il me détecte plusieurs infections par des Trojans:
- Trojan.PWS.Tanspy
-Trojan.Spy.delf.UC

Je vous laisse le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:48, on 13/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\lxcrcoms.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

65 réponses

Précédent
Réponse 21 / 65
sab.dac Messages postés 69 Date d'inscription samedi 6 décembre 2008 Statut Membre Dernière intervention 5 juillet 2012 21
15 déc. 2008 à 13:58
autant pour moi...Je viens d'avoir un nouveau rapport de plantage de Mozilla.

C'est dû à quoi?

C'est le virus?
0
Réponse 22 / 65
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 déc. 2008 à 14:25
refais

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre le debut :processus)





:processus
explorer.exe
:files
c:\users\marlene\AppData\Local\Temp\IadHide5.dll
:commands
[purity]
[emptytemp]
[start explorer]






clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.


_________________________
0
Réponse 23 / 65
sab.dac Messages postés 69 Date d'inscription samedi 6 décembre 2008 Statut Membre Dernière intervention 5 juillet 2012 21
15 déc. 2008 à 14:40
Ca me met toujours [error] pour les 2 premières commandes!!!

Le rapport :

Error: Unable to interpret <:processus> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
========== FILES ==========
DllUnregisterServer procedure not found in c:\users\marlene\AppData\Local\Temp\IadHide5.dll
c:\users\marlene\AppData\Local\Temp\IadHide5.dll NOT unregistered.
c:\users\marlene\AppData\Local\Temp\IadHide5.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\marlene\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12152008_143431

Files moved on Reboot...
C:\Users\marlene\AppData\Local\Temp\ehmsas.txt moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
0
Réponse 24 / 65
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 déc. 2008 à 14:42
telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !



Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :




File::
c:\users\marlene\AppData\Local\Temp\IadHide5.dll
C:\Users\marlene\AppData\Local\Temp\ehmsas.txt
C:\Windows\temp\_avast4_\Webshlock.txt







Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 65
sab.dac Messages postés 69 Date d'inscription samedi 6 décembre 2008 Statut Membre Dernière intervention 5 juillet 2012 21
15 déc. 2008 à 14:54
Quand je telecharge Combofix, il ne se met pas sur mon bureau et je ne peux pas choisir l'emplacement lors du telechargement!
Du coup j'ai créé un raccourci sur le bureau et je vais cliquer/glisser les instructions que tu m'as données.

Je te colle le rapport ensuite
0
Réponse 26 / 65
sab.dac Messages postés 69 Date d'inscription samedi 6 décembre 2008 Statut Membre Dernière intervention 5 juillet 2012 21
15 déc. 2008 à 15:07
une fois que j'ai cliqué/glissé tes commandes Combofix s'est lancé directement.Je n'ai pas eu à taper 1 ou 2.
Pendant que le rapport est en préparation, une fenêtre microsoft Windows s'est ouverte: "FindString(QGREP) a cessé de fonctionner".Comme la dernière fois que tu m'as fait utiliser Combofix.

Voici le rapport :

ComboFix 08-12-14.04 - marlene 2008-12-15 14:52:26.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1013.377 [GMT 1:00]
Lancé depuis: c:\users\marlene\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\marlene\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
.

2008-12-15 13:51 . 2008-12-15 13:51 <REP> d-------- c:\program files\CCleaner
2008-12-15 11:10 . 2008-12-15 11:10 <REP> d-------- C:\_OTMoveIt
2008-12-14 14:58 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2008-12-14 14:57 . 2008-12-14 14:57 <REP> d-------- c:\program files\Panda Security
2008-12-11 23:54 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 21:04 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 21:03 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 21:03 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 21:02 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 21:02 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-11 21:01 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 21:01 . 2008-10-16 03:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-11 21:01 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 21:01 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-06 18:48 . 2008-12-06 18:48 <REP> d-------- c:\program files\Microsoft Silverlight
2008-12-06 18:46 . 2008-12-06 18:48 <REP> d-------- c:\users\marlene\{76c580e5-91fb-4a05-82b9-41ed5b006121}
2008-11-29 14:47 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-29 14:47 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-29 14:47 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-29 14:47 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-29 14:47 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-18 17:02 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-18 17:02 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-18 17:02 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-18 17:02 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-18 17:01 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-18 17:01 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-18 17:01 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-18 17:01 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-18 17:01 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-15 15:41 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-15 15:41 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-15 15:41 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-15 15:33 . 2008-11-15 15:33 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 18:17 --------- d-----w c:\program files\CONEXANT
2008-12-12 09:57 --------- d-----w c:\program files\Windows Mail
2008-12-11 20:56 --------- d-----w c:\program files\+-DicoScrabble-+
2008-12-06 17:25 --------- d-----w c:\program files\Spyware Doctor
2008-12-06 17:25 --------- d-----w c:\program files\lx_cats
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-03 16:27 --------- d-----w c:\program files\Neuf
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-30 14:05 174 --sha-w c:\program files\desktop.ini
2008-09-30 13:24 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-30 13:24 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-27 13:24 2,902 ----a-w c:\users\marlene\AppData\Roaming\wklnhst.dat
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot_2008-12-14_18.33.07,40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-14 17:24:52 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-15 13:36:03 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-14 17:24:52 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-15 13:36:03 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-14 17:26:03 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-15 13:37:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-15 13:37:57 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-14 17:25:58 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-15 13:37:52 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-15 13:37:52 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-14 17:26:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-15 12:52:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-14 17:26:35 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-15 12:52:05 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-14 17:26:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-15 12:52:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-14 17:28:33 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-15 13:51:34 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-10-25 18:34:16 324,808 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2008-12-15 10:52:03 324,808 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2008-12-15 09:46:21 2,456 ----a-w c:\windows\System32\networklist\icons\{2E3C964F-120F-4EAB-8529-80BB0FDD4204}_24.bin
+ 2008-12-15 09:46:21 4,280 ----a-w c:\windows\System32\networklist\icons\{2E3C964F-120F-4EAB-8529-80BB0FDD4204}_32.bin
+ 2008-12-15 09:46:21 9,560 ----a-w c:\windows\System32\networklist\icons\{2E3C964F-120F-4EAB-8529-80BB0FDD4204}_48.bin
- 2008-12-14 17:27:01 10,976 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3783075968-4130472836-2407510724-1000_UserData.bin
+ 2008-12-15 13:38:13 10,976 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3783075968-4130472836-2407510724-1000_UserData.bin
- 2008-12-14 17:27:01 60,642 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-15 13:38:12 60,786 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-14 17:26:59 46,262 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-15 13:38:10 46,478 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-19 36864]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 291760]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 295856]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SDTray"="c:\program files\Spyware Doctor\SDTrayApp.exe" [2007-06-12 1053264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-19 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-11 20:13 166424 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2006-12-04 12:39 46704 c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-10-18 09:32 472800 c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-02-11 20:13 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-11 20:13 133656 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-11-06 10:58 159744 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-12-02 16:32 167936 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 08:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-20 07:01 77824 c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-09-15 02:50 1021224 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2006-10-18 09:56 317152 c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0043770-305B-4FA8-868E-E4576F3A5797}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{4F3925C3-2FFC-4F50-AFE7-067306899C64}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{1E4129A5-EC96-4023-B0A0-2DB69C56782B}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3ECAB5DC-1984-4685-856C-B84C6E9545E3}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A6BAE491-DF9A-4214-8020-5599E9F9A572}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F770603F-1EF2-48A3-854E-9D39AFE2C38C}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{25B7F735-23C5-4F69-A260-273EEC3DE094}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{20E0346B-D12F-4C47-B775-55F7B9B31FC2}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{D6573B89-E752-4355-87BB-D818F2C2FCD3}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Browser
"{B969EFF8-F975-46DA-B0F3-E456EDE9EECA}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Browser
"{E4D1EABC-690D-4D30-80BC-2CFDB3A29928}"= UDP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System
"{3AC41D49-37FD-4626-AA65-BAE54532EC77}"= TCP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System
"{16E402F8-D8C3-4D0A-89C7-B47DFA9B91CC}"= UDP:c:\program files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{0DD37103-69A5-414B-ACFE-521DAFF1C6DA}"= TCP:c:\program files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{1372C7FB-CEA4-4DC9-8EC8-190DE3031FD6}"= UDP:c:\program files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"{166F7794-2C9E-487F-8C89-3F68731C294C}"= TCP:c:\program files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"{A71D3177-D8EA-4646-9A92-3063658E9E07}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C8AF94C9-7B28-444A-8847-338C3397D035}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{88E69979-E3E0-4EA8-8746-35FB213D7E59}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{499EBCCD-D14F-4EE1-BD62-4D7E21A2E965}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{1512AB64-A15A-4115-9FFE-0952AD00BAD3}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{F86E9170-64CE-415D-A635-1840F09796DE}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-14 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2007-08-03 51792]
R2 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2007-08-03 708688]
.
Contenu du dossier 'Tâches planifiées'

2008-12-15 c:\windows\Tasks\User_Feed_Synchronization-{EC20444E-8575-437F-9B82-75D3461B8EF3}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 14:56:32
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(5648)
c:\users\marlene\AppData\Local\Temp\IadHide5.dll
.
Heure de fin: 2008-12-15 15:03:20
ComboFix-quarantined-files.txt 2008-12-15 14:03:06
ComboFix2.txt 2008-03-29 15:47:57

Avant-CF: 43 402 358 784 octets libres
Après-CF: 42,636,161,024 octets libres

228 --- E O F --- 2008-12-13 18:18:47
0
Réponse 27 / 65
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 déc. 2008 à 15:15
télécharges et installes :

kill box
https://www.bleepingcomputer.com/download/linux/


aide kill box
http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm


- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

- Double-clic sur fix.reg

Ouvres killbox
- Sélectionne "delete on reboot"
- Clique sur le dossier jaune à droite et sélectionne le fichier :

c:\users\marlene\AppData\Local\Temp\IadHide5.dll

- Clique sur la croix rouge et et blanche
- Répond yes et laisse redémarrer ton pc.
N'hésite pas à consulter l'Aide killbox


__________________

passe ensuite un coup de ccleaner en mode sans echec



redemarre et remet moi un rapport combofix
0
Réponse 28 / 65
sab.dac Messages postés 69 Date d'inscription samedi 6 décembre 2008 Statut Membre Dernière intervention 5 juillet 2012 21
15 déc. 2008 à 15:15
le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:17, on 15/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\lxcrcoms.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5335AAD0-4C78-4D6E-8A8C-70EB71006376} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 29 / 65
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 déc. 2008 à 15:17
fais le message 28
0
Réponse 30 / 65
sab.dac Messages postés 69 Date d'inscription samedi 6 décembre 2008 Statut Membre Dernière intervention 5 juillet 2012 21
15 déc. 2008 à 15:55
tout s'est déroulé normalement sauf au moment de la création du rapport de combofix encore(le même message que tout a l'heure)

ComboFix 08-12-14.04 - marlene 2008-12-15 15:37:04.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1013.374 [GMT 1:00]
Lancé depuis: c:\users\marlene\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
.

2008-12-15 15:27 . 2008-12-15 15:30 <REP> d-------- C:\!KillBox
2008-12-15 13:51 . 2008-12-15 13:51 <REP> d-------- c:\program files\CCleaner
2008-12-15 11:10 . 2008-12-15 11:10 <REP> d-------- C:\_OTMoveIt
2008-12-14 14:58 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2008-12-14 14:57 . 2008-12-14 14:57 <REP> d-------- c:\program files\Panda Security
2008-12-11 23:54 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 21:04 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 21:03 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 21:03 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 21:02 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 21:02 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-11 21:01 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 21:01 . 2008-10-16 03:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-11 21:01 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 21:01 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-06 18:48 . 2008-12-06 18:48 <REP> d-------- c:\program files\Microsoft Silverlight
2008-12-06 18:46 . 2008-12-06 18:48 <REP> d-------- c:\users\marlene\{76c580e5-91fb-4a05-82b9-41ed5b006121}
2008-11-29 14:47 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-29 14:47 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-29 14:47 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-29 14:47 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-29 14:47 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-18 17:02 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-18 17:02 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-18 17:02 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-18 17:02 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-18 17:01 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-18 17:01 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-18 17:01 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-18 17:01 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-18 17:01 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-15 15:41 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-15 15:41 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-15 15:41 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-15 15:33 . 2008-11-15 15:33 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 18:17 --------- d-----w c:\program files\CONEXANT
2008-12-12 09:57 --------- d-----w c:\program files\Windows Mail
2008-12-11 20:56 --------- d-----w c:\program files\+-DicoScrabble-+
2008-12-06 17:25 --------- d-----w c:\program files\Spyware Doctor
2008-12-06 17:25 --------- d-----w c:\program files\lx_cats
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-03 16:27 --------- d-----w c:\program files\Neuf
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-30 14:05 174 --sha-w c:\program files\desktop.ini
2008-09-30 13:24 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-30 13:24 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-27 13:24 2,902 ----a-w c:\users\marlene\AppData\Roaming\wklnhst.dat
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot_2008-12-14_18.33.07,40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-14 17:24:52 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-15 14:33:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-14 17:24:52 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-15 14:33:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-14 17:26:03 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-15 14:34:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-15 14:34:51 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-14 17:25:58 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-15 14:34:46 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-15 14:34:46 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-14 17:26:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-15 13:58:13 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-14 17:26:35 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-15 13:58:13 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-14 17:26:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-15 13:58:13 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-14 17:28:33 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-15 14:36:39 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-10-25 18:34:16 324,808 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2008-12-15 14:23:32 324,808 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2008-12-15 09:46:21 2,456 ----a-w c:\windows\System32\networklist\icons\{2E3C964F-120F-4EAB-8529-80BB0FDD4204}_24.bin
+ 2008-12-15 09:46:21 4,280 ----a-w c:\windows\System32\networklist\icons\{2E3C964F-120F-4EAB-8529-80BB0FDD4204}_32.bin
+ 2008-12-15 09:46:21 9,560 ----a-w c:\windows\System32\networklist\icons\{2E3C964F-120F-4EAB-8529-80BB0FDD4204}_48.bin
- 2008-12-14 17:27:01 10,976 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3783075968-4130472836-2407510724-1000_UserData.bin
+ 2008-12-15 14:36:15 10,976 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3783075968-4130472836-2407510724-1000_UserData.bin
- 2008-12-14 17:27:01 60,642 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-15 14:36:14 60,818 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-14 17:26:59 46,262 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-15 14:35:54 46,478 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-19 36864]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 291760]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 295856]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SDTray"="c:\program files\Spyware Doctor\SDTrayApp.exe" [2007-06-12 1053264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-19 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-11 20:13 166424 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2006-12-04 12:39 46704 c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-10-18 09:32 472800 c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-02-11 20:13 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-11 20:13 133656 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-11-06 10:58 159744 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-12-02 16:32 167936 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 08:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-20 07:01 77824 c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-09-15 02:50 1021224 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2006-10-18 09:56 317152 c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0043770-305B-4FA8-868E-E4576F3A5797}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{4F3925C3-2FFC-4F50-AFE7-067306899C64}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{1E4129A5-EC96-4023-B0A0-2DB69C56782B}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3ECAB5DC-1984-4685-856C-B84C6E9545E3}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A6BAE491-DF9A-4214-8020-5599E9F9A572}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F770603F-1EF2-48A3-854E-9D39AFE2C38C}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{25B7F735-23C5-4F69-A260-273EEC3DE094}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{20E0346B-D12F-4C47-B775-55F7B9B31FC2}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{D6573B89-E752-4355-87BB-D818F2C2FCD3}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Browser
"{B969EFF8-F975-46DA-B0F3-E456EDE9EECA}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Browser
"{E4D1EABC-690D-4D30-80BC-2CFDB3A29928}"= UDP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System
"{3AC41D49-37FD-4626-AA65-BAE54532EC77}"= TCP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System
"{16E402F8-D8C3-4D0A-89C7-B47DFA9B91CC}"= UDP:c:\program files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{0DD37103-69A5-414B-ACFE-521DAFF1C6DA}"= TCP:c:\program files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{1372C7FB-CEA4-4DC9-8EC8-190DE3031FD6}"= UDP:c:\program files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"{166F7794-2C9E-487F-8C89-3F68731C294C}"= TCP:c:\program files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"{A71D3177-D8EA-4646-9A92-3063658E9E07}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C8AF94C9-7B28-444A-8847-338C3397D035}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{88E69979-E3E0-4EA8-8746-35FB213D7E59}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{499EBCCD-D14F-4EE1-BD62-4D7E21A2E965}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{1512AB64-A15A-4115-9FFE-0952AD00BAD3}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{F86E9170-64CE-415D-A635-1840F09796DE}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-14 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2007-08-03 51792]
R2 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2007-08-03 708688]
.
Contenu du dossier 'Tâches planifiées'

2008-12-15 c:\windows\Tasks\User_Feed_Synchronization-{EC20444E-8575-437F-9B82-75D3461B8EF3}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 15:41:45
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(5856)
c:\users\marlene\AppData\Local\Temp\IadHide5.dll
.
Heure de fin: 2008-12-15 15:47:31
ComboFix-quarantined-files.txt 2008-12-15 14:47:13
ComboFix2.txt 2008-12-15 14:03:23
ComboFix3.txt 2008-03-29 15:47:57

Avant-CF: 42 566 438 912 octets libres
Après-CF: 42,533,965,824 octets libres

228 --- E O F --- 2008-12-13 18:18:47
0
Réponse 31 / 65
sab.dac Messages postés 69 Date d'inscription samedi 6 décembre 2008 Statut Membre Dernière intervention 5 juillet 2012 21
15 déc. 2008 à 15:59
j'ai encore eu un nouveau rapport de plantage de Mozilla.

Je commence à m'énerver sérieux!!!

C'est dû à quoi????
0
Réponse 32 / 65
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 déc. 2008 à 16:02
mets combofix sur ton bureau et refais la procedure



Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :




File::
c:\users\marlene\AppData\Local\Temp\IadHide5.dll
C:\Users\marlene\AppData\Local\Temp\ehmsas.txt
C:\Windows\temp\_avast4_\Webshlock.txt







Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 33 / 65
sab.dac Messages postés 69 Date d'inscription samedi 6 décembre 2008 Statut Membre Dernière intervention 5 juillet 2012 21
15 déc. 2008 à 16:33
j'ai fait tout ce que tu m'as dit.Pendant combofix, je n'ai toujours pas eu à taper 1 ou 2, l'ordi à redémarrer une fois et au moment de créer le rapport toujours cette fenêtre qui s'ouvre : "FindString(QGREP)Utility a cessé de fonctionner"...Et seulement après l'apparition de cette fenêtre, le rapport se crée.

ComboFix 08-12-14.04 - marlene 2008-12-15 16:12:12.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1013.270 [GMT 1:00]
Lancé depuis: c:\users\marlene\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\marlene\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\users\marlene\AppData\Local\Temp\ehmsas.txt
c:\users\marlene\AppData\Local\Temp\IadHide5.dll
c:\windows\temp\_avast4_\Webshlock.txt
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\marlene\AppData\Local\Temp\IadHide5.dll
c:\windows\temp\_avast4_\Webshlock.txt . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
.

2008-12-15 15:27 . 2008-12-15 15:30 <REP> d-------- C:\!KillBox
2008-12-15 13:51 . 2008-12-15 13:51 <REP> d-------- c:\program files\CCleaner
2008-12-15 11:10 . 2008-12-15 11:10 <REP> d-------- C:\_OTMoveIt
2008-12-14 14:58 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2008-12-14 14:57 . 2008-12-14 14:57 <REP> d-------- c:\program files\Panda Security
2008-12-11 23:54 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 21:04 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 21:03 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 21:03 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 21:02 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 21:02 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-11 21:01 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 21:01 . 2008-10-16 03:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-11 21:01 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 21:01 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-06 18:48 . 2008-12-06 18:48 <REP> d-------- c:\program files\Microsoft Silverlight
2008-12-06 18:46 . 2008-12-06 18:48 <REP> d-------- c:\users\marlene\{76c580e5-91fb-4a05-82b9-41ed5b006121}
2008-11-29 14:47 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-29 14:47 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-29 14:47 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-29 14:47 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-29 14:47 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-18 17:02 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-18 17:02 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-18 17:02 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-18 17:02 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-18 17:01 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-18 17:01 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-18 17:01 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-18 17:01 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-18 17:01 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-15 15:41 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-15 15:41 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-15 15:41 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-15 15:33 . 2008-11-15 15:33 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 18:17 --------- d-----w c:\program files\CONEXANT
2008-12-12 09:57 --------- d-----w c:\program files\Windows Mail
2008-12-11 20:56 --------- d-----w c:\program files\+-DicoScrabble-+
2008-12-06 17:25 --------- d-----w c:\program files\Spyware Doctor
2008-12-06 17:25 --------- d-----w c:\program files\lx_cats
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-03 16:27 --------- d-----w c:\program files\Neuf
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-30 14:05 174 --sha-w c:\program files\desktop.ini
2008-09-30 13:24 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-30 13:24 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-27 13:24 2,902 ----a-w c:\users\marlene\AppData\Roaming\wklnhst.dat
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot_2008-12-14_18.33.07,40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-14 17:24:52 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-15 15:17:43 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-14 17:24:52 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-15 15:17:43 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-14 17:26:03 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-15 15:18:38 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-15 15:18:38 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-14 17:25:58 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-15 15:18:40 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-15 15:18:40 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-14 17:26:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-15 14:56:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-14 17:26:35 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-15 14:56:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-14 17:26:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-15 14:56:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-14 17:28:33 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-15 15:11:22 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-10-25 18:34:16 324,808 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2008-12-15 14:23:32 324,808 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2008-12-15 09:46:21 2,456 ----a-w c:\windows\System32\networklist\icons\{2E3C964F-120F-4EAB-8529-80BB0FDD4204}_24.bin
+ 2008-12-15 09:46:21 4,280 ----a-w c:\windows\System32\networklist\icons\{2E3C964F-120F-4EAB-8529-80BB0FDD4204}_32.bin
+ 2008-12-15 09:46:21 9,560 ----a-w c:\windows\System32\networklist\icons\{2E3C964F-120F-4EAB-8529-80BB0FDD4204}_48.bin
+ 2008-12-15 14:53:45 2,456 ----a-w c:\windows\System32\networklist\icons\{7DAE2AAC-D93C-4053-AFE7-0CBEECB173CF}_24.bin
+ 2008-12-15 14:53:45 4,280 ----a-w c:\windows\System32\networklist\icons\{7DAE2AAC-D93C-4053-AFE7-0CBEECB173CF}_32.bin
+ 2008-12-15 14:53:45 9,560 ----a-w c:\windows\System32\networklist\icons\{7DAE2AAC-D93C-4053-AFE7-0CBEECB173CF}_48.bin
- 2008-12-14 17:27:01 10,976 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3783075968-4130472836-2407510724-1000_UserData.bin
+ 2008-12-15 14:36:15 10,976 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3783075968-4130472836-2407510724-1000_UserData.bin
- 2008-12-14 17:27:01 60,642 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-15 15:20:20 60,826 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-14 17:26:59 46,262 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-15 15:19:57 46,748 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-19 36864]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 291760]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 295856]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SDTray"="c:\program files\Spyware Doctor\SDTrayApp.exe" [2007-06-12 1053264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-19 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-11 20:13 166424 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2006-12-04 12:39 46704 c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-10-18 09:32 472800 c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-02-11 20:13 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-11 20:13 133656 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-11-06 10:58 159744 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-12-02 16:32 167936 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 08:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-20 07:01 77824 c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-09-15 02:50 1021224 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2006-10-18 09:56 317152 c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0043770-305B-4FA8-868E-E4576F3A5797}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{4F3925C3-2FFC-4F50-AFE7-067306899C64}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{1E4129A5-EC96-4023-B0A0-2DB69C56782B}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3ECAB5DC-1984-4685-856C-B84C6E9545E3}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A6BAE491-DF9A-4214-8020-5599E9F9A572}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F770603F-1EF2-48A3-854E-9D39AFE2C38C}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{25B7F735-23C5-4F69-A260-273EEC3DE094}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{20E0346B-D12F-4C47-B775-55F7B9B31FC2}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{D6573B89-E752-4355-87BB-D818F2C2FCD3}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Browser
"{B969EFF8-F975-46DA-B0F3-E456EDE9EECA}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Browser
"{E4D1EABC-690D-4D30-80BC-2CFDB3A29928}"= UDP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System
"{3AC41D49-37FD-4626-AA65-BAE54532EC77}"= TCP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System
"{16E402F8-D8C3-4D0A-89C7-B47DFA9B91CC}"= UDP:c:\program files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{0DD37103-69A5-414B-ACFE-521DAFF1C6DA}"= TCP:c:\program files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{1372C7FB-CEA4-4DC9-8EC8-190DE3031FD6}"= UDP:c:\program files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"{166F7794-2C9E-487F-8C89-3F68731C294C}"= TCP:c:\program files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"{A71D3177-D8EA-4646-9A92-3063658E9E07}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C8AF94C9-7B28-444A-8847-338C3397D035}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{88E69979-E3E0-4EA8-8746-35FB213D7E59}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{499EBCCD-D14F-4EE1-BD62-4D7E21A2E965}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{1512AB64-A15A-4115-9FFE-0952AD00BAD3}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{F86E9170-64CE-415D-A635-1840F09796DE}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-14 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2007-08-03 51792]
R2 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2007-08-03 708688]

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'

2008-12-15 c:\windows\Tasks\User_Feed_Synchronization-{EC20444E-8575-437F-9B82-75D3461B8EF3}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 16:18:47
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\System32\lxcrcoms.exe
c:\program files\Spyware Doctor\swdsvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Heure de fin: 2008-12-15 16:28:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-15 15:28:20
ComboFix2.txt 2008-12-15 14:47:33
ComboFix3.txt 2008-12-15 14:03:23
ComboFix4.txt 2008-03-29 15:47:57

Avant-CF: 42 468 712 448 octets libres
Après-CF: 42,230,108,160 octets libres

268 --- E O F --- 2008-12-13 18:18:47
0
Réponse 34 / 65
sab.dac Messages postés 69 Date d'inscription samedi 6 décembre 2008 Statut Membre Dernière intervention 5 juillet 2012 21
15 déc. 2008 à 16:34
encore un nouveau rapport de plantage de mozilla une fois que je quitte internet
0
Réponse 35 / 65
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 déc. 2008 à 16:34
ok


Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).




________________


dis moi si ton ordi a encore des problèmes
0
Réponse 36 / 65
sab.dac Messages postés 69 Date d'inscription samedi 6 décembre 2008 Statut Membre Dernière intervention 5 juillet 2012 21
15 déc. 2008 à 16:47
voici le rapport :

[ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\!Killbox: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Users\marlene\Desktop\HijackThis.lnk: trouvé !
C:\Users\marlene\Downloads\KillBox.exe: trouvé !
C:\Users\marlene\Downloads\ComboFix.exe: trouvé !
C:\Users\marlene\Downloads\OTMoveIt3.exe: trouvé !
C:\Windows\NIRCMD.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
C:\Users\marlene\Desktop\HijackThis.lnk: supprimé !
C:\Users\marlene\Downloads\KillBox.exe: supprimé !
C:\Users\marlene\Downloads\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Combofix.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Users\marlene\Downloads\OTMoveIt3.exe: supprimé !
C:\Windows\NIRCMD.exe: supprimé !
C:\Combofix: ERREUR DE SUPPRESSION !!
C:\!Killbox: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: supprimé !


ben le principal problème c'est que j'ai des rapports de plantage de mozilla chaque fois que je quitte internet
0
Réponse 37 / 65
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 déc. 2008 à 16:49
ok vire manuellement combofix, navilog et hijakchits

a plus
0
Réponse 38 / 65
sab.dac Messages postés 69 Date d'inscription samedi 6 décembre 2008 Statut Membre Dernière intervention 5 juillet 2012 21
15 déc. 2008 à 17:10
ok mais quand je vais dans programmes et fonctionnalités pour les supprimer ils n'y sont pas.

Je les trouve comment?
0
Réponse 39 / 65
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 déc. 2008 à 17:12
pour virer combofix va dans poste de travail puis

C:\Combofix


les autres c'est bon
0
Réponse 40 / 65
sab.dac Messages postés 69 Date d'inscription samedi 6 décembre 2008 Statut Membre Dernière intervention 5 juillet 2012 21
15 déc. 2008 à 17:15
il ne veut pas être supprimé.Ca me dit qu'il est ouvert dans un autre programme
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses