probleme avec un spyware

[alpina d10]

bonjour

toujours cette qui m 'empoisonne le pc il me ralentis le pc et m'envoye toujour ce message

system error:

your computer was infected by unknow trojan it's dangerous for your system et.... et si je clic sur ok il me connecte sur le site file -secure.com download et par la suite il m'envoit un dossierdu nom de setup.exe application 2.87mo de 89.149.227.195

enfin bref comment faire

[alpina d10]

bonjour

je viens de faire une annalyse avec spy seeper le resultat le fait peu

il trouve:

adware:180search assitant/zango

adware:virtumonde

spy cookie:adviva cookie

spy cookie: atlas dmt cookie

spy coockie bluestreak cookie

spy cookie : xiti cookie

trojan horse: trojan-dnschanger

trojan horse : trojan -downloader-zlob

il reste encore tout a ca apres les operations effectuèes ci dessus le truc qui m 'enbete c 'est que ce petit logiciel est payant

pouvez vous m 'aidez

le probleme perciste encore ralentis de plus en plus mon pc est le fige presque a chaque fois .sans compter le nombre allucinant ou cette pub vient sur mon ecran .il me faut au moins cliquer dix fois dessus pour qu' elle disparraisse

merci encore

[pear]

Bonjour.

 

Désolé pour le retard.

 

Ce qui importe n'est pas seulement ce qu'il trouve mais " où il le trouve".

Postez les rapports complets pour que l'on puisse en juger svp.

 

C'est ce que l'on demande après utilisation de chaque outil.

Modifié le 4 mars 2008 par pear

[alpina d10]

bonjour

aucun soucis je le fait de suite merci

[alpina d10]

bonjour voila le rapport pour vundo fix:

 

 

VundoFix V6.7.10

 

Checking Java version...

 

Sun Java not detected

Scan started at 22:25:53 03/03/2008

 

Listing files found while scanning....

 

No infected files were found.

 

 

Beginning removal...

 

Beginning removal...

 

VundoFix V6.7.10

 

Checking Java version...

 

Sun Java not detected

Scan started at 00:39:30 04/03/2008

 

Listing files found while scanning....

 

 

VundoFix V6.7.10

 

Checking Java version...

 

Sun Java not detected

Scan started at 16:34:32 04/03/2008

 

Listing files found while scanning....

 

No infected files were found.

 

 

Beginning removal...

 

 

 

quand a l'analyse de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:36:33, on 04/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Lexmark 5400 Series\lxctmon.exe

C:\Program Files\Lexmark 5400 Series\ezprint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\netdde.exe

C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\clipsrv.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\lxctcoms.exe

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\vssvc.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\F-Secure\Common\FSMB32.EXE

C:\Program Files\F-Secure\Common\FCH32.EXE

C:\Program Files\F-Secure\Common\FAMEH32.EXE

C:\Program Files\F-Secure\Common\FNRB32.EXE

C:\Program Files\F-Secure\Common\FIH32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\uset\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Windows Media Player - {61FEBF12-793B-4D8A-8513-D1814FE2A395} - C:\WINDOWS\wmpdxm.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"

O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\RunOnce: [spybotDeletingA5153] command /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC9210] cmd /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old"

O4 - HKLM\..\RunOnce: [spybotDeletingA8560] command /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC5152] cmd /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB564] command /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD8888] cmd /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old"

O4 - HKCU\..\RunOnce: [spybotDeletingB2065] command /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD3865] cmd /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old"

O4 - HKCU\..\RunOnce: [spySweeperUninstallSurvey] http://products.webroot.com/disp0201.php?p...;omn=1&rsc=

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://olivierolivierconroux.spaces.msn.co...ad/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155119580000

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: bw+0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 20232 bytes

j'espere que cela vas vous aidez

encore merci

 

 

bonjour voila le rapport pour vundo fix:

 

 

VundoFix V6.7.10

 

Checking Java version...

 

Sun Java not detected

Scan started at 22:25:53 03/03/2008

 

Listing files found while scanning....

 

No infected files were found.

 

 

Beginning removal...

 

Beginning removal...

 

VundoFix V6.7.10

 

Checking Java version...

 

Sun Java not detected

Scan started at 00:39:30 04/03/2008

 

Listing files found while scanning....

 

 

VundoFix V6.7.10

 

Checking Java version...

 

Sun Java not detected

Scan started at 16:34:32 04/03/2008

 

Listing files found while scanning....

 

No infected files were found.

 

 

Beginning removal...

 

 

 

quand a l'analyse de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:36:33, on 04/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Lexmark 5400 Series\lxctmon.exe

C:\Program Files\Lexmark 5400 Series\ezprint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\netdde.exe

C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\clipsrv.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\lxctcoms.exe

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\vssvc.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\F-Secure\Common\FSMB32.EXE

C:\Program Files\F-Secure\Common\FCH32.EXE

C:\Program Files\F-Secure\Common\FAMEH32.EXE

C:\Program Files\F-Secure\Common\FNRB32.EXE

C:\Program Files\F-Secure\Common\FIH32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\uset\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Windows Media Player - {61FEBF12-793B-4D8A-8513-D1814FE2A395} - C:\WINDOWS\wmpdxm.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"

O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\RunOnce: [spybotDeletingA5153] command /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC9210] cmd /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old"

O4 - HKLM\..\RunOnce: [spybotDeletingA8560] command /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC5152] cmd /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB564] command /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD8888] cmd /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old"

O4 - HKCU\..\RunOnce: [spybotDeletingB2065] command /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD3865] cmd /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old"

O4 - HKCU\..\RunOnce: [spySweeperUninstallSurvey] http://products.webroot.com/disp0201.php?p...;omn=1&rsc=

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://olivierolivierconroux.spaces.msn.co...ad/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155119580000

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: bw+0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 20232 bytes

j'espere que cela vas vous aidez

encore merci

[alpina d10]

bonjour je viens de refaire une manipulation avec cleannavi la voici:

 

Clean Navipromo version 3.4.9 commencé le 04/03/2008 à 17:54:55,59

 

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 03.03.2008 à 18h00 par IL-MAFIOSO

 

 

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 7.0.5730.11

Système de fichiers : NTFS

 

Mode suppression automatique

avec prise en charge résultats Catchme et GNS

 

 

 

*** fsbl1.txt non trouvé ***

(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

 

 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

 

* Suppression dans C:\WINDOWS\System32 *

 

 

* Suppression dans "C:\Documents and Settings\uset\locals~1\applic~1" *

 

 

 

*** Suppression dossiers dans C:\WINDOWS ***

 

 

*** Suppression dossiers dans C:\Program Files ***

 

 

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

 

 

*** Suppression dossiers dans "C:\Documents and Settings\uset\applic~1" ***

 

 

*** Suppression dossiers dans "C:\Documents and Settings\uset\locals~1\applic~1" ***

 

 

*** Suppression dossiers dans "C:\Documents and Settings\uset\menudm~1\progra~1" ***

 

 

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

 

 

 

*** Suppression fichiers ***

 

 

*** Suppression fichiers temporaires ***

 

Nettoyage contenu C:\WINDOWS\Temp effectué !

Nettoyage contenu C:\Documents and Settings\uset\locals~1\Temp effectué !

 

*** Traitement Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

 

2)Recherche, création sauvegardes et suppression Heuristique :

 

 

* Dans C:\WINDOWS\system32 *

 

 

* Dans "C:\Documents and Settings\uset\locals~1\applic~1" *

 

 

*** Sauvegarde du Registre vers dossier Backupnavi ***

 

sauvegarde du Registre réalisée avec succès !

 

*** Nettoyage Registre ***

 

Nettoyage Registre Ok

 

 

*** Certificats ***

 

Certificat Egroup absent !

 

*** Nettoyage terminé le 04/03/2008 à 17:59:03,75 ***

[pear]

Bonsoir,

 

Par ajout suppression de programmes Désinstallez Logitech.

Cela n'empêchera vos matériels de fonctionner.

 

Redémarrez.

 

Votre Hijackthis est obsolète:

* Téléchargez Hijackthis de TrendMicro.

http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

 

* Décompressez le dans un dossier à la racine du disque dur

renommer ce dossier par exemple Karcher

Sous Vista,,il faut faire clic-droit >> "Exécuter en tant qu'Administrateur" sur Hijackthis.exe sinon HJT tourne mais ne fixe rien.

* Lancer le fichier Hijackthis.exe

* Cliquer sur Do a system scan and save a log file

* Copier-coller le rapport dans un nouveau message ici

 

 

Télécharger combofix.exe de sUBs

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Tutoriel:http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

 

*Double cliquer sur combofix.exe pour le lancer.

Si pour une raison quelconque, Vista par exemple, combofix ne se lançait pas, Démarrez en mode sans échec, choisissez le compte Administrateur, lancez Combofix

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

* Taper sur la touche 1 pour démarrer le scan.

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

* Lorsque le scan sera terminé, cela pourrait prendre un certain temps,un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.[/color]

Modifié le 4 mars 2008 par pear

[alpina d10]

bonsoir pear

voici le premier rapport du nouveau hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:42:37, on 04/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\netdde.exe

C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\clipsrv.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\lxctcoms.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\vssvc.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\F-Secure\Common\FSMB32.EXE

C:\Program Files\F-Secure\Common\FCH32.EXE

C:\Program Files\F-Secure\Common\FAMEH32.EXE

C:\Program Files\F-Secure\Common\FNRB32.EXE

C:\Program Files\F-Secure\Common\FIH32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

C:\Program Files\Lexmark 5400 Series\lxctmon.exe

C:\Program Files\Lexmark 5400 Series\ezprint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Windows Media Player - {61FEBF12-793B-4D8A-8513-D1814FE2A395} - C:\WINDOWS\wmpdxm.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"

O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://olivierolivierconroux.spaces.msn.co...ad/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155119580000

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 7322 bytes

 

 

 

 

 

et voila le deuxieme rapport de comfix

 

 

ComboFix 08-03-04.2 - uset 2008-03-04 19:18:52.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.630 [GMT 1:00]

Endroit: C:\Documents and Settings\uset\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\uset\Application Data\inst.exe

C:\Program Files\Helper

C:\WINDOWS\system32\bdeeg.ini

C:\WINDOWS\system32\bdeeg.ini2

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_IPRIP

-------\Iprip

 

 

((((((((((((((((((((((((((((( Fichiers créés 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))))))))

.

 

2008-03-04 20:06 . 2008-03-04 20:06 256 --a------ C:\WINDOWS\_delis32.ini

2008-03-04 18:40 . 2008-03-04 18:40 <REP> d-------- C:\Program Files\Trend Micro

2008-03-04 16:17 . 2008-03-04 16:18 157 --a------ C:\WINDOWS\wininit.ini

2008-03-04 09:50 . 2008-03-04 17:59 <REP> d-------- C:\Program Files\Navilog1

2008-03-04 01:03 . 2008-03-04 18:39 <REP> d-------- C:\Lop SD

2008-03-03 22:31 . 2008-03-04 10:38 <REP> d-------- C:\Program Files\Panda Security

2008-03-03 22:25 . 2008-03-03 22:25 <REP> d-------- C:\VundoFix Backups

2008-03-03 21:24 . 2008-03-03 22:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-03 21:24 . 2008-03-03 22:19 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-03 10:19 . 2008-03-03 12:10 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise

2008-03-03 09:37 . 2008-03-03 09:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-03-03 09:36 . 2008-03-03 09:36 <REP> d-------- C:\WINDOWS\SxsCaPendDel

2008-03-03 02:40 . 2008-03-03 09:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-03 00:43 . 2008-03-03 09:51 <REP> d-------- C:\Documents and Settings\uset\Application Data\SUPERAntiSpyware.com

2008-03-02 22:34 . 2008-03-02 22:34 1,024 --a------ C:\WINDOWS\system32\drivers\kgpfr.cfg

2008-03-02 21:23 . 2008-03-02 21:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard

2008-03-02 21:21 . 2008-03-02 21:21 <REP> d-------- C:\Program Files\Fichiers communs\iS3

2008-03-02 21:21 . 2008-03-02 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!

2008-03-02 19:02 . 2008-03-02 20:34 <REP> d-------- C:\Program Files\Conduit

2008-03-02 18:57 . 2008-03-02 17:05 253,952 --a------ C:\WINDOWS\dkxrstqwkx.dll

2008-03-02 18:57 . 2008-03-02 18:57 220,160 --a------ C:\WINDOWS\wmpdxm.dll

2008-03-02 18:57 . 2008-03-02 17:05 200,704 --a------ C:\WINDOWS\apdqnxp.dll

2008-03-02 18:57 . 2008-03-02 17:05 81,920 --a------ C:\WINDOWS\fqspogw.exe

2008-03-02 18:57 . 2008-03-02 18:57 47 --a------ C:\amp.bat

2008-03-02 18:56 . 2008-03-02 18:57 300,400 --a------ C:\KL.0XE

2008-03-02 18:56 . 2008-03-02 18:57 58,368 --a------ C:\MHYVFA.0XE

2008-03-02 18:56 . 2008-03-02 18:57 52,236 --a------ C:\XOIPVS.0XE

2008-03-02 18:56 . 2008-03-02 18:56 6,144 --a------ C:\mmesckoj.exe

2008-03-02 18:56 . 2008-03-02 18:56 3,584 --a------ C:\XLTH.0XE

2008-03-02 18:14 . 2008-03-02 18:26 632 --a------ C:\WINDOWS\CoD.INI

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-04 19:06 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs

2008-03-04 18:25 --------- d-----w C:\Program Files\Lx_cats

2008-03-04 18:10 --------- d-----w C:\Program Files\Fichiers communs\Logitech

2008-03-04 17:38 --------- d-----w C:\Program Files\Logitech

2008-03-04 13:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-03-03 11:10 --------- d-----w C:\Program Files\Hijackthis Version Française

2008-03-03 08:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-03 08:37 --------- d-----w C:\Program Files\Ubisoft

2008-03-02 22:08 --------- d-----w C:\Program Files\eMule

2008-03-02 17:14 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition

2008-03-02 17:13 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-03-02 12:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-28 20:34 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-02-28 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-02-28 18:52 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-08 08:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-01-22 09:07 --------- d-----w C:\Program Files\Lavalys

2008-01-16 09:35 --------- d-----w C:\Program Files\Lexmark 5400 Series

2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-08-20 19:44 47,360 ----a-w C:\Documents and Settings\uset\Application Data\pcouffin.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61FEBF12-793B-4D8A-8513-D1814FE2A395}]

2008-03-02 18:57 220160 --a------ C:\WINDOWS\wmpdxm.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CFSServ.exe"="CFSServ.exe" []

"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 10:11 291760]

"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 10:12 304048]

"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 10:11 82864]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 13:27 106496]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Monitor.lnk

backup=C:\WINDOWS\pss\Bluetooth Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk

backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2005-04-12 14:23 88358 C:\WINDOWS\agrsmmsg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

--a------ 2003-10-30 15:46 192512 C:\Program Files\Apoint2K\Apoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-03-22 20:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]

--a------ 2005-04-28 19:08 675840 C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cselect]

--a------ 2005-04-12 16:33 110592 C:\WINDOWS\system32\cselect.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-05 11:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

--a------ 2005-01-14 00:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]

--a------ 2005-09-19 08:30 106571 C:\Program Files\F-Secure\Common\FSM32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]

C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]

--a------ 2004-12-24 09:07 28672 C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

--a------ 2004-06-03 09:50 204800 C:\Program Files\Microsoft IntelliPoint\point32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

C:\Program Files\Logitech\Video\CameraAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]

C:\WINDOWS\system32\ElkCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

C:\Program Files\Logitech\Video\ManifestEngine.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]

C:\Program Files\Logitech\Video\InstallHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

--a------ 2005-04-12 14:24 184320 C:\Program Files\ltmoh\Ltmoh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

C:\WINDOWS\system32\LVCOMSX.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner]

c:\program files\mailskinner\mailskinner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mapi third]

C:\DOCUME~1\uset\APPLIC~1\GRAMPL~1\heart soap.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\meowplatformflawsize]

C:\Documents and Settings\All Users\Application Data\internet slow meow platform\DASHWMA.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

--a------ 2004-11-17 09:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

--a------ 2005-05-17 08:24 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]

--a------ 2005-02-26 06:59 65536 C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2006-07-30 17:08 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]

--a------ 2005-04-20 14:56 28672 C:\WINDOWS\system32\TCtrlIOHook.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]

--a------ 2005-04-11 15:08 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility]

--a------ 2005-03-08 14:27 24576 C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]

--a------ 2004-11-30 12:06 53248 C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]

--a------ 2005-01-21 09:28 266240 C:\WINDOWS\system32\TPSMain.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]

--a------ 2005-04-05 15:25 73728 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]

C:\PROGRA~1\Wanadoo\Shell.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]

C:\PROGRA~1\Wanadoo\GestMaj.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]

C:\PROGRA~1\Wanadoo\Watch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]

--a------ 2004-07-14 15:07 24576 C:\WINDOWS\system32\ZoomingHook.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"C:\\WINDOWS\\system32\\mcoinstall.exe"=

"C:\\WINDOWS\\system32\\lxctcoms.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"3587:TCP"= 3587:TCP:Groupement homologue Windows

"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 14:05]

R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-03-09 08:14]

R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-10-19 18:11]

R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 16:52]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-09-23 08:23]

R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 11:32]

R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2005-09-19 08:30]

S1 StickyMesger;StickyMesger;C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []

S3 gtermddo;gtermddo;C:\DOCUME~1\uset\LOCALS~1\Temp\gtermddo.sys []

S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00]

S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00]

S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00]

S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00]

S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-03-24 15:36]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2eaee8fe-b2f5-11dc-960b-000fb09d0ed8}]

\Shell\AutoRun\command - G:\AutoTransfer.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-03-03 23:03:00 C:\WINDOWS\Tasks\{3B8240F8-D494-46CD-B756-71204DDF8855}_YOUR-B9C60BC90B_uset.job"

- C:\WINDOWS\system32\mobsync.exeI /Schedule=

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-04 19:25:08

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qwetab]

"ImagePath"="\??\C:\WINDOWS\inf\qwetab.inf"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\netdde.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\WINDOWS\system32\msdtc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\clipsrv.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe

C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\lxctcoms.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\vssvc.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\F-Secure\Common\FSMB32.EXE

C:\Program Files\F-Secure\Common\FCH32.EXE

C:\Program Files\F-Secure\Common\FAMEH32.EXE

C:\Program Files\F-Secure\Common\FNRB32.EXE

C:\Program Files\F-Secure\Common\FIH32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-03-04 19:27:41 - machine was rebooted [uset]

ComboFix-quarantined-files.txt 2008-03-04 18:27:36

.

2008-02-13 16:39:59 --- E O F ---

 

 

 

 

j 'espere que tout sa pourras faire l'affaire cette fois ci

[pear]

Bonsoir,

 

Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Lancez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

File::

C:\WINDOWS\_delis32.ini

C:\WINDOWS\dkxrstqwkx.dll

C:\WINDOWS\apdqnxp.dll

C:\WINDOWS\fqspogw.exe

C:\amp.bat

C:\KL.0XE

C:\MHYVFA.0XE

C:\XOIPVS.0XE

C:\mmesckoj.exe

C:\XLTH.0XE

 

drivers::

C:\WINDOWS\system32\drivers\lvuvc.hs

 

Folder::

c:\program files\mailskinner\mailskinner.exe

 

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner]

 

 

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, prière de ne pas le réutiliser dans d'autres cas !

 

Enregistrez-le en lui donnant le nom CFScript.txt

 

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

 

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

[alpina d10]

bonsoir voici donc le contenu

 

ComboFix 08-03-04.2 - uset 2008-03-04 20:59:06.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.621 [GMT 1:00]

Endroit: C:\Documents and Settings\uset\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\uset\Bureau\cfscript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\amp.bat

C:\KL.0XE

C:\MHYVFA.0XE

C:\mmesckoj.exe

C:\WINDOWS\_delis32.ini

C:\WINDOWS\apdqnxp.dll

C:\WINDOWS\dkxrstqwkx.dll

C:\WINDOWS\fqspogw.exe

C:\XLTH.0XE

C:\XOIPVS.0XE

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\amp.bat

C:\KL.0XE

C:\MHYVFA.0XE

C:\mmesckoj.exe

C:\WINDOWS\_delis32.ini

C:\WINDOWS\apdqnxp.dll

C:\WINDOWS\dkxrstqwkx.dll

C:\WINDOWS\fqspogw.exe

C:\XLTH.0XE

C:\XOIPVS.0XE

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))))))))

.

 

2008-03-04 18:40 . 2008-03-04 18:40 <REP> d-------- C:\Program Files\Trend Micro

2008-03-04 16:17 . 2008-03-04 16:18 157 --a------ C:\WINDOWS\wininit.ini

2008-03-04 09:50 . 2008-03-04 17:59 <REP> d-------- C:\Program Files\Navilog1

2008-03-04 01:03 . 2008-03-04 18:39 <REP> d-------- C:\Lop SD

2008-03-03 22:31 . 2008-03-04 10:38 <REP> d-------- C:\Program Files\Panda Security

2008-03-03 22:25 . 2008-03-03 22:25 <REP> d-------- C:\VundoFix Backups

2008-03-03 21:24 . 2008-03-03 22:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-03 21:24 . 2008-03-03 22:19 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-03 10:19 . 2008-03-03 12:10 <REP> d-------- C:\Program Files\Hijackthis Version Française

2008-03-03 09:37 . 2008-03-03 09:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-03-03 09:36 . 2008-03-03 09:36 <REP> d-------- C:\WINDOWS\SxsCaPendDel

2008-03-03 02:40 . 2008-03-03 09:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-03 00:43 . 2008-03-03 09:51 <REP> d-------- C:\Documents and Settings\uset\Application Data\SUPERAntiSpyware.com

2008-03-02 22:34 . 2008-03-02 22:34 1,024 --a------ C:\WINDOWS\system32\drivers\kgpfr.cfg

2008-03-02 21:23 . 2008-03-02 21:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard

2008-03-02 21:21 . 2008-03-02 21:21 <REP> d-------- C:\Program Files\Fichiers communs\iS3

2008-03-02 21:21 . 2008-03-02 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!

2008-03-02 19:02 . 2008-03-02 20:34 <REP> d-------- C:\Program Files\Conduit

2008-03-02 18:57 . 2008-03-02 18:57 220,160 --a------ C:\WINDOWS\wmpdxm.dll

2008-03-02 18:14 . 2008-03-02 18:26 632 --a------ C:\WINDOWS\CoD.INI

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-04 19:06 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs

2008-03-04 18:25 --------- d-----w C:\Program Files\Lx_cats

2008-03-04 18:10 --------- d-----w C:\Program Files\Fichiers communs\Logitech

2008-03-04 17:38 --------- d-----w C:\Program Files\Logitech

2008-03-04 13:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-03-03 08:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-03 08:37 --------- d-----w C:\Program Files\Ubisoft

2008-03-02 22:08 --------- d-----w C:\Program Files\eMule

2008-03-02 17:14 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition

2008-03-02 12:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-28 20:34 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-02-28 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-02-28 18:52 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-08 08:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-01-22 09:07 --------- d-----w C:\Program Files\Lavalys

2008-01-16 09:35 --------- d-----w C:\Program Files\Lexmark 5400 Series

2007-08-20 19:44 47,360 ----a-w C:\Documents and Settings\uset\Application Data\pcouffin.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61FEBF12-793B-4D8A-8513-D1814FE2A395}]

2008-03-02 18:57 220160 --a------ C:\WINDOWS\wmpdxm.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CFSServ.exe"="CFSServ.exe" []

"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 10:11 291760]

"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 10:12 304048]

"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 10:11 82864]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 13:27 106496]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Monitor.lnk

backup=C:\WINDOWS\pss\Bluetooth Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk

backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2005-04-12 14:23 88358 C:\WINDOWS\agrsmmsg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

--a------ 2003-10-30 15:46 192512 C:\Program Files\Apoint2K\Apoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-03-22 20:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]

--a------ 2005-04-28 19:08 675840 C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cselect]

--a------ 2005-04-12 16:33 110592 C:\WINDOWS\system32\cselect.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-05 11:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

--a------ 2005-01-14 00:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]

--a------ 2005-09-19 08:30 106571 C:\Program Files\F-Secure\Common\FSM32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]

C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]

--a------ 2004-12-24 09:07 28672 C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

--a------ 2004-06-03 09:50 204800 C:\Program Files\Microsoft IntelliPoint\point32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

C:\Program Files\Logitech\Video\CameraAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]

C:\WINDOWS\system32\ElkCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

C:\Program Files\Logitech\Video\ManifestEngine.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]

C:\Program Files\Logitech\Video\InstallHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

--a------ 2005-04-12 14:24 184320 C:\Program Files\ltmoh\Ltmoh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

C:\WINDOWS\system32\LVCOMSX.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mapi third]

C:\DOCUME~1\uset\APPLIC~1\GRAMPL~1\heart soap.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\meowplatformflawsize]

C:\Documents and Settings\All Users\Application Data\internet slow meow platform\DASHWMA.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

--a------ 2004-11-17 09:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

--a------ 2005-05-17 08:24 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]

--a------ 2005-02-26 06:59 65536 C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2006-07-30 17:08 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]

--a------ 2005-04-20 14:56 28672 C:\WINDOWS\system32\TCtrlIOHook.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]

--a------ 2005-04-11 15:08 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility]

--a------ 2005-03-08 14:27 24576 C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]

--a------ 2004-11-30 12:06 53248 C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]

--a------ 2005-01-21 09:28 266240 C:\WINDOWS\system32\TPSMain.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]

--a------ 2005-04-05 15:25 73728 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]

C:\PROGRA~1\Wanadoo\Shell.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]

C:\PROGRA~1\Wanadoo\GestMaj.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]

C:\PROGRA~1\Wanadoo\Watch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]

--a------ 2004-07-14 15:07 24576 C:\WINDOWS\system32\ZoomingHook.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"C:\\WINDOWS\\system32\\mcoinstall.exe"=

"C:\\WINDOWS\\system32\\lxctcoms.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"3587:TCP"= 3587:TCP:Groupement homologue Windows

"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 14:05]

R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-03-09 08:14]

R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-10-19 18:11]

R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 16:52]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-09-23 08:23]

R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 11:32]

R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2005-09-19 08:30]

S1 StickyMesger;StickyMesger;C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []

S3 gtermddo;gtermddo;C:\DOCUME~1\uset\LOCALS~1\Temp\gtermddo.sys []

S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00]

S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00]

S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00]

S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00]

S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-03-24 15:36]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2eaee8fe-b2f5-11dc-960b-000fb09d0ed8}]

\Shell\AutoRun\command - G:\AutoTransfer.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-03-03 23:03:00 C:\WINDOWS\Tasks\{3B8240F8-D494-46CD-B756-71204DDF8855}_YOUR-B9C60BC90B_uset.job"

- C:\WINDOWS\system32\mobsync.exeI /Schedule=

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-04 21:00:30

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qwetab]

"ImagePath"="\??\C:\WINDOWS\inf\qwetab.inf"

.

Temps d'accomplissement: 2008-03-04 21:01:16

ComboFix-quarantined-files.txt 2008-03-04 20:01:00

ComboFix2.txt 2008-03-04 18:27:42

.

2008-02-13 16:39:59 --- E O F ---

 

 

la c'est vraiment