Rapport HijackThis

[12cylindres]

Bonsoir a tous

 

J'ai eu plusieurs trojan ces derniers temps.

J'ai pu nettoyer le PC grace au diverses informations récoltées sur votre site.

 

Quelqu'un peut-il m'analyser le rapport ci-joint pour êttre bien sur que j'ai tout supprimer

 

De plus je vais a l'instant télécharger Antivir au lieu de Avast 4 (cela semble plus sur)

 

Merci d'avance

 

1 rapport

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:09:18, on 16.05.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Motive\McciCMService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe

C:\Program Files\QuickHelp2\QuickHelp.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\DOCUME~1\Lucien\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {88ebbe0b-5ff8-4b84-b043-71a216374a5b} - C:\WINDOWS\system32\wvUMfFUL.dll (file missing)

O2 - BHO: (no name) - {8a977512-c63d-4a53-898f-bc87a7001bae} - C:\WINDOWS\system32\qoMeDVli.dll (file missing)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickHelp2_McciTrayApp] C:\Program Files\QuickHelp2\QuickHelp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [10cf613a] rundll32.exe "C:\WINDOWS\system32\glhmaoeh.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [searching] Rechercher à partir de la barre d'adresses

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207254230187

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207254514390

O18 - Protocol: bw+0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {C4B469D2-FA07-4C06-A280-BAD54775D47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll

O20 - Winlogon Notify: wvUMfFUL - wvUMfFUL.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

 

--

End of file - 19712 bytes

[pear]

Bonjour,

 

Vous avez plusieurs infections !

 

Télécharger SmitfraudFix

Dézipper la totalité de l'archive smitfraudfix.zip

 

Utilisation ----- option 1 - Recherche :

Double cliquer sur smitfraudfix.cmd

Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

Poster le rapport sur le forum.

 

process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

 

 

Utilisation -----> option 2 -Nettoyage :

(tapoter F8 au boot pour obtenir le menu de démarrage ).

Double cliquer sur smitfraudfix.cmd

Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

Redémarrer en mode normal et poster le rapport sur le forum.

 

N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1

Attention que l'option 2 de l'outil supprime le fond d'écran !

 

 

Télécharger SDFix (créé par AndyManchesta)

et le sauvegarder sur le Bureau.

 

* Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur le Bureau.

 

Redémarrer en mode sans échec

 

* Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clic sur RunThis.bat pour lancer le script.

* Appuyer sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis demandera d'appuyer sur une touche pour redémarrer.

 

Si Sdfix ne se lance pas:

Démarrer->Exécuter

Copiez/collez ceci:

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

cliquez ok, et validez.

Redémarrez et essayez de nouveau de lancer Sdfix.

 

 

* Le redémarrage sera plus lent qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

* Postez le rapport ici.

 

Vous allez télécharger Combofix.

Auparavant, et pour pour éviter quelque mauvaise manoeuvre avec ce logiciel très puissant,lisez attentivement ce

Tutoriel:

 

 

Télécharger combofix.exe de sUBs

et sauvegardez le sur le bureau

 

Fermez ou désactivez tous les programmes Antivirus, Antispyware, ainsi que tout pare-feu en cours d'exécution car ils pourraient perturber le fonctionnement de ComboFix.

Cela est absolument nécessaire au succès de la procédure.

Bien évidemment, vous les rétablirez ensuite.

 

*Double cliquer sur combofix.exe pour le lancer.

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

1)Certaines infections (Rootkit en Mbr)ne peuvent être traitées qu'en utilisant la Console de Récupération,

Nous allons d'abord installer la Console de Récupération sur le pc .

Cela permettra de réparer le système au cas ou le pc ne redémarrerait plus suite à la désinfection.

Si c'est déjà fait, passez au point 2).

* Après avoir cliqué sur le lien correspondant à votre version de Windows, vous serez dirigé sur une page:

cliquez sur le bouton Télécharger afin de récupérer le package d'installation sur leBureau:

Ne modifiez pas le nom du fichier

Windows XP Service Pack 2 (SP2) > Microsoft Windows XP Professionnel SP2

* Faites un glisser/déposer de ce fichier sur le fichier ComboFix.exe comme sur la capture >

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

* Suivre les indications à l'écran pour lancer ComboFix et lorsqu'on le demande, accepter le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.

* Lorsque ce sera terminé, un message disant que la Console a bien été installée apparait, puis un rapport nommé CF_RC.txt va s'afficher:

postez en le contenu .

 

Si pour une raison quelconque, Vista par exemple, combofix ne se lançait pas,

Démarrez en mode sans échec, choisissez le compte Administrateur, lancez Combofix

2)

* Taper sur la touche 1 pour démarrer le scan.

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

* Lorsque le scan sera terminé,( cela pourrait prendre un certain temps),un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

Il se trouve à c:\combofix.txt

[12cylindres]

Bonjour

 

Merci pour tout ces aides précises

 

Je n'a pas encore effectués le traitement avec Combofix.exe

 

L'ordinateur me semble déja mieux fonctionné.

 

Salutations

 

 

 

 

Voici 3 rapports :

 

1 rapport avant nettoyage

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Netopia 3300 Series USB Network Adapter - Miniport d'ordonnancement de paquets

DNS Server Search Order: 192.168.1.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9e88f516-67b2-471e-8351-cd5e3a1c5a5f}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{9e88f516-67b2-471e-8351-cd5e3a1c5a5f}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{9e88f516-67b2-471e-8351-cd5e3a1c5a5f}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

 

1 rapport SmitfraudFix

 

SmitFraudFix v2.320

 

Rapport fait à 12:52:19.25, 2008-05-18

Executé à partir de C:\Documents and Settings\Lucien\Bureau\nettoyage pc\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9e88f516-67b2-471e-8351-cd5e3a1c5a5f}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{9e88f516-67b2-471e-8351-cd5e3a1c5a5f}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{9e88f516-67b2-471e-8351-cd5e3a1c5a5f}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

 

1 rapport SDFix

 

 

SDFix: Version 1.183

Run by Lucien on 2008-05-18 at 12:57

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Lucien\Bureau\NETTOY~1\SDFix

 

Checking Services :

 

Name :

tcpsr

OVD86

 

Path :

\??\C:\WINDOWS\System32\drivers\tcpsr.sys

System32\Drivers\Ovd86.sys

 

tcpsr - Deleted

OVD86 - Deleted

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting

 

Service OVD86 - Deleted

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\WinData.cab - Deleted

C:\WINDOWS\system32\drivers\OVD86.sys - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-18 13:01:49

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties]

"DeviceType"=dword:00000002

"DeviceCharacteristics"=dword:00000100

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties]

"DeviceType"=dword:00000007

"DeviceCharacteristics"=dword:00000100

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties]

"DeviceType"=dword:00000023

"DeviceCharacteristics"=dword:00000100

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties]

"DeviceType"=dword:00000004

"DeviceCharacteristics"=dword:00000100

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties]

"DeviceType"=dword:00000004

"DeviceCharacteristics"=dword:00000100

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties]

"DeviceType"=dword:00000004

"DeviceCharacteristics"=dword:00000100

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties]

"DeviceType"=dword:00000007

"DeviceCharacteristics"=dword:00000100

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories]

@=""

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"LoadAppInit_DLLs"=dword:00000001

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

OVD86

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Lemoncast\\lemoncast.exe"="C:\\Program Files\\Lemoncast\\lemoncast.exe:*:Enabled:OneClick"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

 

Remaining Files :

 

 

File Backups: - C:\DOCUME~1\Lucien\Bureau\NETTOY~1\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Sat 5 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0b94495512074d69b9e8ab1679d608d4\BIT11C.tmp"

Fri 9 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT76.tmp"

Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c94fdf84dc55e9a818c8222bafc1812\BITFF.tmp"

Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7dfe90ab9679753ce8e3ab64aba594fe\BIT111.tmp"

Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b6d906fd5974a905eb1cc67c000b099\BIT106.tmp"

Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9aa5f686d8c0b8f1fad16b524f06c565\BIT11E.tmp"

Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b955ba47e5d89f57a5ea6a34838f80ab\BIT123.tmp"

Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\BIT108.tmp"

Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d2543d14ced0177a8154816e15636514\BIT118.tmp"

Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da9428daf73da125c596ed070747be59\BIT103.tmp"

Tue 22 Apr 2008 21,504 ...H. --- "C:\Documents and Settings\Lucien\Mes documents\ferrari\Sylvie\~WRL0001.tmp"

Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1e10da77e5e1c72d2afe101dc568fb06\download\BIT1B6.tmp"

 

Finished!

[12cylindres]

Re Bonsoir

 

j'ai effectué le traitement avec combofix. C'est long...... mais voix ce rapport, ainsi qu'a la suite à rapport HijackThis effectué ce soir

salutations.

 

Merci pour votre aide..

 

que dois-encore supprimer.

 

Salutations.

 

:P

 

ComboFix 08-05-15.3 - Lucien 2008-05-18 16:35:47.6 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.616 [GMT 2:00]

Endroit: C:\Documents and Settings\Lucien\Bureau\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Lucien\Application Data\Microsoft\Internet Explorer\Quick Launch\WinIFixer.lnk

C:\Documents and Settings\Lucien\Application Data\WinIFixer.com

C:\WINDOWS\system32\_003517_.tmp.dll

C:\WINDOWS\system32\elmqmufn.ini

C:\WINDOWS\system32\heoamhlg.ini

C:\WINDOWS\system32\ilVDeMoq.ini

C:\WINDOWS\system32\ilVDeMoq.ini2

C:\WINDOWS\system32\jhhqocwo.ini

C:\WINDOWS\system32\LkTAJRqr.ini

C:\WINDOWS\system32\LkTAJRqr.ini2

C:\WINDOWS\system32\natqsbtj.ini

C:\WINDOWS\system32\pVybayxx.ini

C:\WINDOWS\system32\pVybayxx.ini2

C:\WINDOWS\system32\rqRJATkL.dll

C:\WINDOWS\system32\xxyabyVp.dll

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-18 16:20 . 2008-05-18 16:20 <REP> d-------- C:\Program Files\Trend Micro

2008-05-17 02:33 . 2008-05-17 02:33 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd

2008-05-17 02:33 . 2008-05-17 02:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2008-05-16 00:49 . 2008-05-16 00:49 197 --a------ C:\WINDOWS\system32\MRT.INI

2008-05-16 00:19 . 2008-05-16 00:19 <REP> d-------- C:\Program Files\Avira

2008-05-15 23:33 . 2008-05-15 23:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

2008-05-15 23:31 . 2008-05-18 12:52 3,292 --a------ C:\WINDOWS\system32\tmp.reg

2008-05-15 00:42 . 2008-05-15 00:42 <REP> d-------- C:\WINDOWS\ERUNT

2008-05-14 20:33 . 2008-05-14 20:33 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix

2008-05-14 20:09 . 2008-05-15 23:33 8,192 --a------ C:\Documents and Settings\Parents

2008-05-14 20:03 . 2008-05-14 20:03 <REP> d-------- C:\Program Files\ToniArts

2008-05-14 07:35 . 2008-05-14 07:35 <REP> d-------- C:\WINDOWS\system32\fr

2008-05-14 07:35 . 2008-05-14 07:35 <REP> d-------- C:\WINDOWS\l2schemas

2008-05-14 03:10 . 2008-04-14 04:33 69,120 --------- C:\WINDOWS\system32\wlanapi.dll

2008-05-14 03:08 . 2008-04-14 04:33 53,248 --------- C:\WINDOWS\system32\tsgqec.dll

2008-05-14 03:08 . 2008-04-14 04:33 50,688 --------- C:\WINDOWS\system32\tspkg.dll

2008-05-14 03:06 . 2008-04-14 04:33 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll

2008-05-14 03:06 . 2008-04-14 04:34 32,768 --------- C:\WINDOWS\system32\setupn.exe

2008-05-14 03:06 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys

2008-05-14 03:05 . 2008-04-14 04:33 293,376 --------- C:\WINDOWS\system32\qagentrt.dll

2008-05-14 03:05 . 2008-04-14 04:33 151,040 --------- C:\WINDOWS\system32\qagent.dll

2008-05-14 03:05 . 2008-04-14 04:33 76,800 --------- C:\WINDOWS\system32\qutil.dll

2008-05-14 03:05 . 2008-04-14 04:33 62,464 --------- C:\WINDOWS\system32\qcliprov.dll

2008-05-14 03:05 . 2008-04-14 04:33 61,952 --------- C:\WINDOWS\system32\rasqec.dll

2008-05-14 03:04 . 2008-04-14 04:33 144,896 --------- C:\WINDOWS\system32\onex.dll

2008-05-14 03:03 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll

2008-05-14 03:03 . 2008-04-14 04:33 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll

2008-05-14 03:03 . 2008-04-14 04:33 200,704 --------- C:\WINDOWS\system32\napmontr.dll

2008-05-14 03:03 . 2008-04-14 04:34 177,664 --------- C:\WINDOWS\system32\napstat.exe

2008-05-14 03:03 . 2008-04-14 04:04 93,184 --------- C:\WINDOWS\system32\msxml6r.dll

2008-05-14 03:03 . 2008-04-14 04:04 93,184 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll

2008-05-14 03:03 . 2008-04-14 04:33 30,208 --------- C:\WINDOWS\system32\napipsec.dll

2008-05-14 03:02 . 2008-04-14 04:33 155,136 --------- C:\WINDOWS\system32\mssha.dll

2008-05-14 03:02 . 2008-04-14 04:03 81,920 --------- C:\WINDOWS\system32\msshavmsg.dll

2008-05-14 02:59 . 2008-04-14 04:33 397,312 --------- C:\WINDOWS\system32\mmcex.dll

2008-05-14 02:59 . 2008-04-14 04:33 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll

2008-05-14 02:59 . 2008-04-14 04:33 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll

2008-05-14 02:59 . 2008-04-14 04:34 33,792 --------- C:\WINDOWS\system32\mmcperf.exe

2008-05-14 02:57 . 2008-04-14 04:33 61,440 --------- C:\WINDOWS\system32\kmsvc.dll

2008-05-14 02:57 . 2008-04-14 04:33 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll

2008-05-14 02:57 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdpash.dll

2008-05-14 02:57 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll

2008-05-14 02:57 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll

2008-05-14 02:57 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll

2008-05-14 02:56 . 2008-04-14 04:10 2,524 --------- C:\WINDOWS\system32\pid.inf

2008-05-14 02:55 . 2008-04-14 04:33 184,832 --------- C:\WINDOWS\system32\eapp3hst.dll

2008-05-14 02:55 . 2008-04-14 04:33 180,736 --------- C:\WINDOWS\system32\eapphost.dll

2008-05-14 02:55 . 2008-04-14 04:33 126,976 --------- C:\WINDOWS\system32\eappcfg.dll

2008-05-14 02:55 . 2008-04-14 04:33 94,720 --------- C:\WINDOWS\system32\eappgnui.dll

2008-05-14 02:55 . 2008-04-14 04:33 59,392 --------- C:\WINDOWS\system32\eapqec.dll

2008-05-14 02:55 . 2008-04-14 04:33 40,960 --------- C:\WINDOWS\system32\eappprxy.dll

2008-05-14 02:55 . 2008-04-14 04:33 33,792 --------- C:\WINDOWS\system32\eapsvc.dll

2008-05-14 02:55 . 2008-04-14 04:33 30,720 --------- C:\WINDOWS\system32\eapolqec.dll

2008-05-14 02:53 . 2008-04-14 04:33 136,192 --------- C:\WINDOWS\system32\aaclient.dll

2008-05-14 01:53 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-05-14 01:11 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig

2008-05-14 01:11 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat

2008-05-14 00:44 . 2008-04-14 04:33 354,304 --a------ C:\WINDOWS\system32\winhttp.dll

2008-05-14 00:44 . 2008-04-14 04:33 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2008-05-14 00:27 . 2008-05-16 00:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-05-14 00:15 . 2008-05-18 13:27 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG

2008-05-13 23:58 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl

2008-05-13 23:50 . 2008-05-19 19:49 65,536 --a------ C:\WINDOWS\system32\drivers\CnxE2FS.bin

2008-05-13 23:49 . 2005-05-19 19:11 3,720,196 --a------ C:\WINDOWS\system32\drivers\CnxE2Fw.bin

2008-05-13 23:49 . 2005-05-19 19:11 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys

2008-05-13 23:49 . 2005-05-19 19:11 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys

2008-05-13 22:04 . 2008-05-14 23:44 1,072,185,344 --a------ C:\WINDOWS\MEMORY.DMP

2008-05-12 12:45 . 2008-04-14 04:31 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-05-12 12:44 . 2008-05-12 12:44 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-05-12 12:42 . 2008-04-14 04:33 2,061,824 --a------ C:\WINDOWS\system32\mstscax.dll

2008-05-12 12:41 . 2008-04-13 20:39 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys

2008-05-12 12:40 . 2008-04-13 20:46 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys

2008-05-12 12:40 . 2008-04-13 20:45 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys

2008-05-12 12:40 . 2008-04-13 20:46 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys

2008-05-12 12:40 . 2008-04-13 20:46 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys

2008-05-12 12:40 . 2008-04-13 20:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-05-12 12:39 . 2008-04-14 04:34 92,160 --a------ C:\WINDOWS\system32\kswdmcap.ax

2008-05-12 12:39 . 2008-04-14 04:34 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax

2008-05-12 12:39 . 2008-04-14 04:33 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2008-05-12 12:39 . 2008-04-14 04:34 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax

2008-05-12 12:37 . 2008-04-13 20:45 60,032 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys

2008-05-12 12:37 . 2008-04-14 03:57 58,752 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-05-12 12:34 . 2008-04-14 04:34 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax

2008-05-12 12:34 . 2008-04-14 04:33 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

2008-05-12 12:26 . 2008-04-14 04:34 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys

2008-05-11 23:18 . 2008-05-14 00:30 160,256 --a------ C:\WINDOWS\system32\blackster.scr

2008-05-11 23:16 . 2008-05-11 23:16 1 --a------ C:\WINDOWS\system32\kr_done1de

2008-05-06 18:43 . 2008-05-06 18:43 <REP> d-------- C:\Documents and Settings\Lucien\Application Data\Nokia

2008-05-03 20:34 . 2008-05-03 21:34 50 --a------ C:\WINDOWS\yesmessenger.ini

2008-05-02 19:59 . 2008-05-02 19:59 <REP> d-------- C:\Program Files\Microsoft Silverlight

2008-05-01 20:12 . 2008-05-01 20:12 <REP> d-------- C:\Documents and Settings\Lucien\dvbern-tax

2008-05-01 19:27 . 2008-05-01 20:02 <REP> d-------- C:\Documents and Settings\Lucien\VaudTax2007

2008-05-01 19:24 . 2008-05-01 19:24 <REP> d--h----- C:\Program Files\Zero G Registry

2008-05-01 19:24 . 2008-05-01 19:24 <REP> d-------- C:\Program Files\VaudTax2007

2008-05-01 19:22 . 2008-05-01 19:22 <REP> d--h----- C:\Documents and Settings\Lucien\InstallAnywhere

2008-05-01 14:04 . 2008-05-01 14:04 <REP> d-------- C:\Program Files\Midway Games

2008-05-01 12:41 . 2008-05-01 12:46 <REP> d-------- C:\Documents and Settings\Lucien\Application Data\Odyssee_Sib

2008-05-01 12:39 . 2006-10-20 13:27 528,384 -ra------ C:\WINDOWS\lanceur1.exe

2008-05-01 00:50 . 2008-05-01 00:51 249,856 --------- C:\WINDOWS\Setup1.exe

2008-05-01 00:50 . 2008-05-01 00:51 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-04-29 21:33 . 2008-04-29 21:33 <REP> d-------- C:\Documents and Settings\Lucien\Application Data\Nokia Multimedia Player

2008-04-28 21:40 . 2008-04-30 00:24 <REP> d--hs---- C:\Documents and Settings\Lucien\Phone Browser

2008-04-28 21:39 . 2008-04-28 21:39 <REP> d-------- C:\Documents and Settings\Lucien\Application Data\PC Suite

2008-04-28 16:06 . 2008-04-28 16:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-04-28 16:05 . 2008-04-28 16:05 <REP> d-------- C:\Program Files\PC Connectivity Solution

2008-04-28 16:05 . 2008-04-28 16:05 <REP> d-------- C:\Program Files\Nokia

2008-04-28 16:05 . 2008-04-28 16:05 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite

2008-04-28 16:05 . 2008-04-28 16:05 <REP> d-------- C:\Program Files\Fichiers communs\Nokia

2008-04-28 16:05 . 2008-04-28 16:05 <REP> d-------- C:\Program Files\DIFX

2008-04-28 16:05 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-04-28 16:05 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-04-28 16:05 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-04-28 16:05 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-04-28 16:05 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-04-28 16:05 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-04-28 16:04 . 2008-04-28 16:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations

2008-04-24 19:47 . 2008-05-14 21:10 <REP> d-------- C:\Program Files\Windows Live Toolbar

2008-04-24 19:46 . 2008-04-24 19:46 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-04-24 19:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-04-22 21:49 . 2008-05-06 18:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

2008-04-20 18:28 . 2008-04-20 18:28 <REP> d-------- C:\WINDOWS\Sun

2008-04-20 18:25 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-04-20 18:24 . 2008-04-20 18:25 <REP> d-------- C:\Program Files\Java

2008-04-20 18:24 . 2008-04-20 18:24 <REP> d-------- C:\Program Files\Fichiers communs\Java

2008-04-20 11:53 . 2008-04-27 09:51 <REP> d-------- C:\WINDOWS\system32\Adobe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-17 00:33 --------- d-----w C:\Program Files\Logitech

2008-05-17 00:33 --------- d-----w C:\Program Files\Fichiers communs\Logitech

2008-05-14 18:03 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-13 21:50 --------- d-----w C:\Program Files\Netopia

2008-05-06 16:47 --------- d-----w C:\Program Files\Windows Live

2008-04-24 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-04-14 20:52 --------- d-----w C:\Program Files\Fichiers communs\Motive

2008-04-14 20:49 --------- d-----w C:\Documents and Settings\Lucien\Application Data\Talkback

2008-04-14 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive

2008-04-14 20:45 --------- d-----w C:\Program Files\QuickHelp2

2008-04-14 20:45 --------- d-----w C:\Documents and Settings\Lucien\Application Data\Motive

2008-04-14 02:33 50,688 ----a-w C:\WINDOWS\twain_32.dll

2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys

2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 02:03 40,576 ------w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys

2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys

2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys

2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys

2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys

2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys

2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys

2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys

2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys

2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys

2008-04-13 18:46 15,232 ----a-w C:\WINDOWS\system32\drivers\streamip.sys

2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys

2008-04-13 18:46 11,136 ----a-w C:\WINDOWS\system32\drivers\slip.sys

2008-04-13 18:46 10,880 ----a-w C:\WINDOWS\system32\drivers\ndisip.sys

2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys

2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys

2008-04-13 18:43 14,208 ----a-w C:\WINDOWS\system32\drivers\wacompen.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88ebbe0b-5ff8-4b84-b043-71a216374a5b}]

C:\WINDOWS\system32\wvUMfFUL.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a977512-c63d-4a53-898f-bc87a7001bae}]

C:\WINDOWS\system32\qoMeDVli.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-05-17 02:35 36864]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"QuickHelp2_McciTrayApp"="C:\Program Files\QuickHelp2\QuickHelp.exe" [2007-11-02 17:40 1474048]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]

"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 14:19 282624 C:\WINDOWS\stsystra.exe]

"10cf613a"="C:\WINDOWS\system32\glhmaoeh.dll" [ ]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]

"LVCOMSX"="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:33 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{88EBBE0B-5FF8-4B84-B043-71A216374A5B}"= C:\WINDOWS\system32\wvUMfFUL.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUMfFUL]

wvUMfFUL.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ovd86.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

 

R2 McciCMService;McciCMService;"C:\Program Files\Fichiers communs\Motive\McciCMService.exe" [2007-09-10 10:19]

S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-07-10 18:37]

S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []

S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-07-10 18:37]

S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-19 19:49:22

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-19 19:52:15 - machine was rebooted [Lucien]

ComboFix-quarantined-files.txt 2008-05-19 17:52:12

 

Pre-Run: 167,931,944,960 octets libres

Post-Run: 167,841,517,568 octets libres

 

346 --- E O F --- 2008-05-15 22:49:09

 

 

1 rapport hijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:05:23, on 19.05.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Motive\McciCMService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\QuickHelp2\QuickHelp.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {88ebbe0b-5ff8-4b84-b043-71a216374a5b} - C:\WINDOWS\system32\wvUMfFUL.dll (file missing)

O2 - BHO: (no name) - {8a977512-c63d-4a53-898f-bc87a7001bae} - C:\WINDOWS\system32\qoMeDVli.dll (file missing)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickHelp2_McciTrayApp] C:\Program Files\QuickHelp2\QuickHelp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [10cf613a] rundll32.exe "C:\WINDOWS\system32\glhmaoeh.dll",b

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [searching] Rechercher à partir de la barre d'adresses

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207254230187

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207254514390

O18 - Protocol: bw+0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {47FD53B1-DF3B-41CD-A5C6-A55219D5BBB0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: wvUMfFUL - wvUMfFUL.dll (file missing)

O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

 

--

End of file - 20157 bytes

[pear]

Bonjour,

 

color=#0000FF]Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

KillAll::

 

File::

C:\WINDOWS\system32\wvUMfFUL.dll

C:\WINDOWS\system32\qoMeDVli.dll

C:\WINDOWS\system32\glhmaoeh.dll

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe

 

Folder::

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008"

 

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ovd86.sys]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUMfFUL]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88ebbe0b-5ff8-4b84-b043-71a216374a5b}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a977512-c63d-4a53-898f-bc87a7001bae}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MalWarrior"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"10cf613a"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{88EBBE0B-5FF8-4B84-B043-71A216374A5B}"=-

* Attention, ce code a été rédigé spécialement pour cet utilisateur, prière de ne pas le réutiliser dans d'autres cas !

 

Enregistrez-le en lui donnant le nom CFScript.txt

 

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

 

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt[/color]

[12cylindres]

Bonsoir,

 

Voici le rapport du Scan.... Si je ne me suis pas trompé

 

Merci et salutations.

 

La machine semble ne plus faire de problème. Avant cela un message m'indiquant une dll manquante apparaissait au chargement de XP

 

 

Merci et bonne soirée

 

 

 

ComboFix 08-05-19.4 - Lucien 2008-05-20 18:32:36.7 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.708 [GMT 2:00]

Endroit: C:\Documents and Settings\Lucien\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Lucien\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

FILE ::

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe

C:\WINDOWS\system32\glhmaoeh.dll

C:\WINDOWS\system32\qoMeDVli.dll

C:\WINDOWS\system32\wvUMfFUL.dll

.

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-20 18:23 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-05-20 18:23 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-05-20 18:23 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-05-20 18:23 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-05-20 18:23 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-05-20 18:23 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-05-20 18:23 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-05-20 18:23 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-05-20 18:22 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-05-19 21:44 . 2008-05-19 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd

2008-05-18 16:20 . 2008-05-18 16:20 <REP> d-------- C:\Program Files\Trend Micro

2008-05-17 02:33 . 2008-05-19 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd

2008-05-17 02:33 . 2008-05-17 02:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2008-05-16 00:49 . 2008-05-16 00:49 197 --a------ C:\WINDOWS\system32\MRT.INI

2008-05-16 00:19 . 2008-05-16 00:19 <REP> d-------- C:\Program Files\Avira

2008-05-15 23:33 . 2008-05-15 23:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

2008-05-15 23:31 . 2008-05-18 12:52 3,292 --a------ C:\WINDOWS\system32\tmp.reg

2008-05-15 00:42 . 2008-05-15 00:42 <REP> d-------- C:\WINDOWS\ERUNT

2008-05-14 20:33 . 2008-05-14 20:33 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix

2008-05-14 20:09 . 2008-05-15 23:33 8,192 --a------ C:\Documents and Settings\Parents

2008-05-14 20:03 . 2008-05-14 20:03 <REP> d-------- C:\Program Files\ToniArts

2008-05-14 07:35 . 2008-05-14 07:35 <REP> d-------- C:\WINDOWS\system32\fr

2008-05-14 07:35 . 2008-05-14 07:35 <REP> d-------- C:\WINDOWS\l2schemas

2008-05-14 03:10 . 2008-04-14 04:33 69,120 --------- C:\WINDOWS\system32\wlanapi.dll

2008-05-14 03:08 . 2008-04-14 04:33 53,248 --------- C:\WINDOWS\system32\tsgqec.dll

2008-05-14 03:08 . 2008-04-14 04:33 50,688 --------- C:\WINDOWS\system32\tspkg.dll

2008-05-14 03:06 . 2008-04-14 04:33 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll

2008-05-14 03:06 . 2008-04-14 04:34 32,768 --------- C:\WINDOWS\system32\setupn.exe

2008-05-14 03:06 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys

2008-05-14 03:05 . 2008-04-14 04:33 293,376 --------- C:\WINDOWS\system32\qagentrt.dll

2008-05-14 03:05 . 2008-04-14 04:33 151,040 --------- C:\WINDOWS\system32\qagent.dll

2008-05-14 03:05 . 2008-04-14 04:33 76,800 --------- C:\WINDOWS\system32\qutil.dll

2008-05-14 03:05 . 2008-04-14 04:33 62,464 --------- C:\WINDOWS\system32\qcliprov.dll

2008-05-14 03:05 . 2008-04-14 04:33 61,952 --------- C:\WINDOWS\system32\rasqec.dll

2008-05-14 03:04 . 2008-04-14 04:33 144,896 --------- C:\WINDOWS\system32\onex.dll

2008-05-14 03:03 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll

2008-05-14 03:03 . 2008-04-14 04:33 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll

2008-05-14 03:03 . 2008-04-14 04:33 200,704 --------- C:\WINDOWS\system32\napmontr.dll

2008-05-14 03:03 . 2008-04-14 04:34 177,664 --------- C:\WINDOWS\system32\napstat.exe

2008-05-14 03:03 . 2008-04-14 04:04 93,184 --------- C:\WINDOWS\system32\msxml6r.dll

2008-05-14 03:03 . 2008-04-14 04:04 93,184 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll

2008-05-14 03:03 . 2008-04-14 04:33 30,208 --------- C:\WINDOWS\system32\napipsec.dll

2008-05-14 03:02 . 2008-04-14 04:33 155,136 --------- C:\WINDOWS\system32\mssha.dll

2008-05-14 03:02 . 2008-04-14 04:03 81,920 --------- C:\WINDOWS\system32\msshavmsg.dll

2008-05-14 02:59 . 2008-04-14 04:33 397,312 --------- C:\WINDOWS\system32\mmcex.dll

2008-05-14 02:59 . 2008-04-14 04:33 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll

2008-05-14 02:59 . 2008-04-14 04:33 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll

2008-05-14 02:59 . 2008-04-14 04:34 33,792 --------- C:\WINDOWS\system32\mmcperf.exe

2008-05-14 02:57 . 2008-04-14 04:33 61,440 --------- C:\WINDOWS\system32\kmsvc.dll

2008-05-14 02:57 . 2008-04-14 04:33 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll

2008-05-14 02:57 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdpash.dll

2008-05-14 02:57 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll

2008-05-14 02:57 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll

2008-05-14 02:57 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll

2008-05-14 02:56 . 2008-04-14 04:10 2,524 --------- C:\WINDOWS\system32\pid.inf

2008-05-14 02:55 . 2008-04-14 04:33 184,832 --------- C:\WINDOWS\system32\eapp3hst.dll

2008-05-14 02:55 . 2008-04-14 04:33 180,736 --------- C:\WINDOWS\system32\eapphost.dll

2008-05-14 02:55 . 2008-04-14 04:33 126,976 --------- C:\WINDOWS\system32\eappcfg.dll

2008-05-14 02:55 . 2008-04-14 04:33 94,720 --------- C:\WINDOWS\system32\eappgnui.dll

2008-05-14 02:55 . 2008-04-14 04:33 59,392 --------- C:\WINDOWS\system32\eapqec.dll

2008-05-14 02:55 . 2008-04-14 04:33 40,960 --------- C:\WINDOWS\system32\eappprxy.dll

2008-05-14 02:55 . 2008-04-14 04:33 33,792 --------- C:\WINDOWS\system32\eapsvc.dll

2008-05-14 02:55 . 2008-04-14 04:33 30,720 --------- C:\WINDOWS\system32\eapolqec.dll

2008-05-14 02:53 . 2008-04-14 04:33 136,192 --------- C:\WINDOWS\system32\aaclient.dll

2008-05-14 01:53 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-05-14 01:11 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig

2008-05-14 01:11 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat

2008-05-14 00:44 . 2008-04-14 04:33 354,304 --a------ C:\WINDOWS\system32\winhttp.dll

2008-05-14 00:44 . 2008-04-14 04:33 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2008-05-14 00:27 . 2008-05-16 00:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-05-14 00:15 . 2008-05-20 18:32 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG

2008-05-13 23:58 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl

2008-05-13 23:50 . 2008-05-20 18:27 65,536 --a------ C:\WINDOWS\system32\drivers\CnxE2FS.bin

2008-05-13 23:49 . 2005-05-19 19:11 3,720,196 --a------ C:\WINDOWS\system32\drivers\CnxE2Fw.bin

2008-05-13 23:49 . 2005-05-19 19:11 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys

2008-05-13 23:49 . 2005-05-19 19:11 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys

2008-05-12 12:45 . 2008-04-14 04:31 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-05-12 12:44 . 2008-05-12 12:44 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-05-12 12:42 . 2008-04-14 04:33 2,061,824 --a------ C:\WINDOWS\system32\mstscax.dll

2008-05-12 12:41 . 2008-04-13 20:39 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys

2008-05-12 12:40 . 2008-04-13 20:46 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys

2008-05-12 12:40 . 2008-04-13 20:45 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys

2008-05-12 12:40 . 2008-04-13 20:46 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys

2008-05-12 12:40 . 2008-04-13 20:46 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys

2008-05-12 12:40 . 2008-04-13 20:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-05-12 12:39 . 2008-04-14 04:34 92,160 --a------ C:\WINDOWS\system32\kswdmcap.ax

2008-05-12 12:39 . 2008-04-14 04:34 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax

2008-05-12 12:39 . 2008-04-14 04:34 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax

2008-05-12 12:39 . 2008-04-14 04:33 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2008-05-12 12:39 . 2008-04-14 04:33 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2008-05-12 12:39 . 2008-04-14 04:34 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax

2008-05-12 12:39 . 2008-04-14 04:34 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax

2008-05-12 12:37 . 2008-04-13 20:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-05-12 12:37 . 2008-04-13 20:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-05-12 12:37 . 2008-04-14 03:57 58,752 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-05-12 12:34 . 2008-04-14 04:34 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax

2008-05-12 12:34 . 2008-04-14 04:33 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

2008-05-12 12:26 . 2008-04-14 04:34 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys

2008-05-12 12:24 . 2008-05-19 21:45 1,036,876 --a------ C:\WINDOWS\setupapi.log.0.old

2008-05-11 23:18 . 2008-05-14 00:30 160,256 --a------ C:\WINDOWS\system32\blackster.scr

2008-05-11 23:16 . 2008-05-11 23:16 1 --a------ C:\WINDOWS\system32\kr_done1de

2008-05-06 18:43 . 2008-05-06 18:43 <REP> d-------- C:\Documents and Settings\Lucien\Application Data\Nokia

2008-05-03 20:34 . 2008-05-03 21:34 50 --a------ C:\WINDOWS\yesmessenger.ini

2008-05-02 19:59 . 2008-05-02 19:59 <REP> d-------- C:\Program Files\Microsoft Silverlight

2008-05-01 20:12 . 2008-05-01 20:12 <REP> d-------- C:\Documents and Settings\Lucien\dvbern-tax

2008-05-01 19:27 . 2008-05-20 07:03 <REP> d-------- C:\Documents and Settings\Lucien\VaudTax2007

2008-05-01 19:24 . 2008-05-01 19:24 <REP> d--h----- C:\Program Files\Zero G Registry

2008-05-01 19:24 . 2008-05-20 07:05 <REP> d-------- C:\Program Files\VaudTax2007

2008-05-01 19:22 . 2008-05-01 19:22 <REP> d--h----- C:\Documents and Settings\Lucien\InstallAnywhere

2008-05-01 14:04 . 2008-05-01 14:04 <REP> d-------- C:\Program Files\Midway Games

2008-05-01 12:41 . 2008-05-01 12:46 <REP> d-------- C:\Documents and Settings\Lucien\Application Data\Odyssee_Sib

2008-05-01 12:39 . 2006-10-20 13:27 528,384 -ra------ C:\WINDOWS\lanceur1.exe

2008-05-01 00:50 . 2008-05-01 00:51 249,856 --------- C:\WINDOWS\Setup1.exe

2008-05-01 00:50 . 2008-05-01 00:51 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-04-29 21:33 . 2008-04-29 21:33 <REP> d-------- C:\Documents and Settings\Lucien\Application Data\Nokia Multimedia Player

2008-04-28 21:40 . 2008-04-30 00:24 <REP> d--hs---- C:\Documents and Settings\Lucien\Phone Browser

2008-04-28 21:39 . 2008-04-28 21:39 <REP> d-------- C:\Documents and Settings\Lucien\Application Data\PC Suite

2008-04-28 16:06 . 2008-04-28 16:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-04-28 16:05 . 2008-04-28 16:05 <REP> d-------- C:\Program Files\PC Connectivity Solution

2008-04-28 16:05 . 2008-04-28 16:05 <REP> d-------- C:\Program Files\Nokia

2008-04-28 16:05 . 2008-04-28 16:05 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite

2008-04-28 16:05 . 2008-04-28 16:05 <REP> d-------- C:\Program Files\Fichiers communs\Nokia

2008-04-28 16:05 . 2008-04-28 16:05 <REP> d-------- C:\Program Files\DIFX

2008-04-28 16:05 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-04-28 16:05 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-19 19:44 --------- d-----w C:\Program Files\Logitech

2008-05-19 19:44 --------- d-----w C:\Program Files\Fichiers communs\Logitech

2008-05-14 18:03 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-13 21:50 --------- d-----w C:\Program Files\Netopia

2008-05-06 16:47 --------- d-----w C:\Program Files\Windows Live

2008-04-24 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-04-14 20:52 --------- d-----w C:\Program Files\Fichiers communs\Motive

2008-04-14 20:49 --------- d-----w C:\Documents and Settings\Lucien\Application Data\Talkback

2008-04-14 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive

2008-04-14 20:45 --------- d-----w C:\Program Files\QuickHelp2

2008-04-14 20:45 --------- d-----w C:\Documents and Settings\Lucien\Application Data\Motive

2008-04-14 02:33 50,688 ----a-w C:\WINDOWS\twain_32.dll

2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys

2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 02:03 40,576 ------w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys

2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys

2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys

2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys

2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys

2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys

2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys

2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys

2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys

2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys

2008-04-13 18:46 15,232 ----a-w C:\WINDOWS\system32\drivers\streamip.sys

2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys

2008-04-13 18:46 11,136 ----a-w C:\WINDOWS\system32\drivers\slip.sys

2008-04-13 18:46 10,880 ----a-w C:\WINDOWS\system32\drivers\ndisip.sys

2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys

2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys

2008-04-13 18:43 14,208 ----a-w C:\WINDOWS\system32\drivers\wacompen.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-05-17 02:35 36864]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"QuickHelp2_McciTrayApp"="C:\Program Files\QuickHelp2\QuickHelp.exe" [2007-11-02 17:40 1474048]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]

"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 14:19 282624 C:\WINDOWS\stsystra.exe]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:33 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

 

R2 McciCMService;McciCMService;"C:\Program Files\Fichiers communs\Motive\McciCMService.exe" [2007-09-10 10:19]

S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-07-10 18:37]

S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []

S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-07-10 18:37]

S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-20 18:35:36

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Logishrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Fichiers communs\Logishrd\LVCOMSER\LVComSer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-20 18:38:09 - machine was rebooted [Lucien]

ComboFix-quarantined-files.txt 2008-05-20 16:38:06

ComboFix2.txt 2008-05-19 17:52:16

 

Pre-Run: 168,431,673,344 octets libres

Post-Run: 168,490,844,160 octets libres

 

325 --- E O F --- 2008-05-20 16:24:25

[pear]

Bonsoir,

 

Imprimez ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

Télécharger Malwarebytes' Anti-Malware (MBAM)

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes.

Double-cliquer sur l'icône Download_mbam-setup.exe sur le bureau pour démarrer l'installation.

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet).

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

vérifiez que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue.

La fenêtre principale de MBAM s'affiche :

Dans l'onglet analyse, vérifier que "Exécuter une analyse approfondie" est coché et cliquer sur le bouton Rechercher pour démarrer l'analyse.

L' analyse prendra un certain temps, soyez patient !

Un message s'affichera, en indiquant la fin .

Cliquer sur OK pour continuer.

Si des malwares ont été détectés, leur liste s'affiche.

En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

Fermer le bloc-note.

Fermer MBAM en cliquant sur Quitter.

Poster le rapport .et un nouvel hijackthis, svp.