Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[résolu] infections à l'horizon!


Messages recommandés

bonjour, eh oui mon ordi est rendue lente, ferme sur l'écran de veille ( ou quand ça lui plait ) etc.. ne veut plus se restaurer ( que j'ai déd'ailleurs désactivée pour faire un combifix.. je vous fais parvenir des rapports de combofixfix et hijackthis ..en espérant de l'aide :P ... :P un très très grand merci en attendant impatiemment votre réponse...

 

ComboFix 08-06-20.4 - guillaine 2008-06-29 14:15:07.3 - NTFSx86 MINIMALMicrosoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.232 [GMT -4:00]Endroit: C:\Documents and Settings\guillaine.HOME-6620B39EBF\Bureau\ComboFix.exeAVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!.(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.C:\WINDOWS\BM335ac9bc.xmlC:\WINDOWS\pskt.iniC:\WINDOWS\system32\acbeg.iniC:\WINDOWS\system32\acbeg.ini2C:\WINDOWS\system32\nqtss.iniC:\WINDOWS\system32\nqtss.ini2C:\WINDOWS\system32\stvwa.iniC:\WINDOWS\system32\stvwa.ini2C:\WINDOWS\system32\ttutv.iniC:\WINDOWS\system32\ttutv.ini2C:\WINDOWS\system32\vycdd.iniC:\WINDOWS\system32\vycdd.ini2.((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))))))).2008-06-29 09:38 . 2008-06-29 10:04 134,290,536 --a------ C:\Program Files\OOo_2.4.1_Win32Intel_install_wJRE_fr.exe2008-06-26 12:51 . 2008-06-26 16:09 51,755 --a------ C:\lucmp3.nr32008-06-22 10:38 . 2008-06-22 10:38 36,544 --ah----- C:\WINDOWS\system32\mlfcache.dat2008-06-22 10:25 . 2006-10-04 22:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys2008-06-22 10:25 . 2006-10-04 22:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys2008-06-20 07:19 . 2008-06-22 10:25 <REP> d-------- C:\Program Files\Picasa22008-06-20 07:17 . 2008-06-20 07:18 4,909,136 --a------ C:\Program Files\picasa2Setup.exe2008-06-15 16:41 . 2008-06-15 16:42 <REP> d-------- C:\Documents and Settings\enfants\Application Data\OpenOffice.org22008-06-13 07:09 . 2008-06-13 07:09 <REP> d-------- C:\WINDOWS\system32\bits2008-06-13 07:05 . 2007-03-29 08:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll2008-06-13 07:05 . 2007-03-29 08:58 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll2008-06-10 23:54 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys2008-06-10 23:54 . 2008-06-14 13:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys2008-06-04 07:32 . 2008-06-04 07:32 1,534,464 --a------ C:\Program Files\siw.exe2008-06-03 19:03 . 2008-06-03 19:03 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech2008-06-01 14:17 . 2008-06-01 14:17 1,491,365 --a------ C:\Program Files\wlm.exe2008-06-01 13:45 . 2008-06-01 13:45 <REP> d-------- C:\Documents and Settings\enfants\Application Data\GlarySoft.(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))).2008-06-29 14:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\OpenOffice.org22008-06-29 14:19 --------- d-----w C:\Program Files\OpenOffice.org 2.4 (fr) Installation Files2008-06-29 13:34 --------- d-----w C:\Program Files\Windows Defender2008-06-29 12:20 --------- d-----w C:\Program Files\OpenOffice.org 2.42008-06-29 12:10 --------- d-----w C:\Program Files\Java2008-06-27 04:04 --------- d-----r C:\Program Files\EClea2_02008-06-27 03:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\LimeWire2008-06-27 03:59 --------- d-----w C:\Documents and Settings\enfants\Application Data\LimeWire2008-06-26 11:48 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-06-24 10:56 --------- d-----w C:\Program Files\MesPolices102008-06-15 21:51 --------- d-----w C:\Documents and Settings\enfants\Application Data\Arcsoft2008-06-15 06:51 --------- d-----w C:\Program Files\Circle Developement2008-06-15 06:51 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\programidle2008-06-15 06:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Frag great bend logo2008-06-14 23:40 2,402,832 ----a-w C:\Program Files\WLinstaller.exe2008-06-14 23:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller2008-06-04 14:06 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ESTsoft2008-06-03 23:04 --------- d-----w C:\Program Files\Fichiers communs\Logishrd2008-06-03 23:03 --------- d-----w C:\Program Files\Logitech2008-06-03 23:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd2008-06-01 00:18 --------- d-----w C:\Program Files\LimeWire2008-05-28 11:09 --------- d-----w C:\Program Files\Lavasoft2008-05-28 11:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft2008-05-28 11:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard2008-05-27 14:47 --------- d-----w C:\Program Files\ESTsoft2008-05-27 14:41 19,153,264 ----a-w C:\Program Files\Lavasoft_Adaware_multi.exe2008-05-24 01:22 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Apple Computer2008-05-22 13:32 2,869,264 ----a-w C:\Program Files\dotNetFx35setup.exe2008-05-21 13:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy2008-05-21 12:12 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Malwarebytes2008-05-21 12:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes2008-05-19 16:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\DisplayTune2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Logitech2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Grisoft2008-05-14 22:44 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ArcSoft2008-05-13 13:24 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Logitech2008-05-12 20:16 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller2008-05-12 20:16 --------- d-----w C:\Program Files\Messenger Plus! Live2008-05-12 20:16 --------- d-----r C:\Program Files\Creative2008-05-12 19:34 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\GlarySoft2008-05-09 21:09 --------- d-----w C:\Program Files\ANI2008-05-09 21:08 --------- d-----w C:\Program Files\D-Link2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll2008-05-05 11:15 --------- d-----r C:\Program Files\Panasonic2008-05-05 11:07 --------- d-----r C:\Program Files\Alwil Software2008-05-05 04:47 --------- d-----w C:\Documents and Settings\Marie\Application Data\Bell2008-05-03 00:38 --------- d-----w C:\Documents and Settings\enfants\Application Data\Bell2008-04-29 19:54 --------- d-----w C:\Program Files\Fichiers communs\Logitech2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys2008-04-29 13:20 27,100,264 -c--a-w C:\Program Files\PowerPointViewer.exe2008-04-28 15:53 --------- d-----w C:\Program Files\Incomplete2008-04-28 15:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Calendrier Xtra2008-04-28 15:53 --------- d-----w C:\Documents and Settings\enfants\Application Data\Chessmaster Challenge2008-04-28 13:43 --------- d-----w C:\Program Files\Windows Installer Clean Up2008-04-28 13:43 --------- d-----w C:\Program Files\MSECache2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll2008-04-20 20:30 1,338,384 -c--a-w C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe2008-04-20 19:51 2,517 -c--a-w C:\Program Files\INSTALL.LOG2008-04-08 06:52 119,479,710 -c--a-w C:\Program Files\OOo_2.4.0_Win32Intel_install_fr.exe2008-04-08 06:27 1,664,591 -c--a-w C:\Program Files\pf-setup.exe2008-04-05 16:33 9,309,624 -c--a-w C:\Program Files\Shockwave_Installer_Full.exe2008-04-04 14:15 46,391,264 -c--a-w C:\Program Files\8-3_xp32_dd_ccc_wdm_enu_59746.exe2008-04-03 23:50 57,144,896 -c--a-w C:\Program Files\setpoint440.exe2008-04-02 17:45 2,751,368 -c--a-w C:\Program Files\ccsetup206.exe2008-03-23 01:01 9,722,720 -c--a-w C:\Program Files\spybotsd152.exe2008-03-21 14:38 8,161,400 -c--a-w C:\Program Files\Windows-KB890830-V1.39.exe2008-03-09 14:21 407,680 -c--a-w C:\Program Files\aswclnr.exe2008-02-25 15:15 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe2008-02-25 15:11 881,192 -c--a-w C:\Program Files\WGAPluginInstall.exe2008-02-24 01:22 1,491,592 -c--a-w C:\Program Files\install_flash_player.exe2008-02-17 17:42 1,729 -c--a-w C:\Program Files\Adobe Reader 8.lnk2008-02-12 16:50 95 -csh--w C:\Program Files\desktop.ini2008-02-12 16:50 15,086 -csh--w C:\Program Files\ShedkoFolderico3_0627.ico2007-12-09 00:04 12,413,440 -c--a-w C:\Program Files\avgas-setup-7.5.1.43.exe2002-06-04 09:06 65,536 -c--a-w C:\WINDOWS\inf\copyinf.exe.((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))..REGEDIT4*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3934F86C-2D84-4EAF-9065-65322C1AFE25}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58FF5B3A-2CF6-4B72-919A-AE590AA7890D}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f23bc38f-8d17-4211-9e42-0412ed74a192}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]C:\Documents and Settings\guillaine.HOME-6620B39EBF\Menu D‚marrer\Programmes\D‚marrage\OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoStrCmpLogical"= 1 (0x1)"NoResolveSearch"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"UIHost"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbxww][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomliii]qomliii.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.MJPG"= pvmjpg21.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnkbackup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]--a------ 2008-05-28 11:05 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]--a--c--- 2007-11-13 15:24 72192 C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]--a--c--- 2001-09-04 04:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]--a--c--- 2004-02-24 22:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]--a--c--- 2007-11-19 10:33 1468928 C:\Program Files\BellCanada\McciTrayApp.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2004-08-05 08:00 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]--a------ 2005-12-14 15:56 2711552 C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]--a--c--- 2004-08-05 08:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]--a--c--- 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]--a------ 2008-05-11 08:43 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]--a--c--- 2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]--a------ 2007-10-25 16:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]--a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]--a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a--c--- 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]C:\Program Files\Windows Defender\MSASCui.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]--a--c--- 2003-12-01 12:38 892928 C:\Program Files\Logitech\iTouch\iTouch.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"WMPNetworkSvc"=3 (0x3)"WLSetupSvc"=3 (0x3)"WinDefend"=2 (0x2)"usnjsvc"=3 (0x3)"SPTISRV"=3 (0x3)"SoundMAX Agent Service (default)"=2 (0x2)"PACSPTISVR"=3 (0x3)"MSCSPTISRV"=3 (0x3)"McciCMService"=2 (0x2)"LVSrvLauncher"=2 (0x2)"LVPrcSrv"=2 (0x2)"LVCOMSer"=2 (0x2)"iPod Service"=3 (0x3)"idsvc"=3 (0x3)"gusvc"=3 (0x3)"DTSRVC"=2 (0x2)"CTDevice_Srv"=2 (0x2)"Creative Service for CDROM Access"=2 (0x2)"AVG Anti-Spyware Guard"=2 (0x2)"avast! Web Scanner"=3 (0x3)"avast! Mail Scanner"=3 (0x3)"avast! Antivirus"=2 (0x2)"ATI Smart"=2 (0x2)"Ati HotKey Poller"=2 (0x2)"aswUpdSv"=2 (0x2)"Apple Mobile Device"=2 (0x2)"ANIWZCSdService"=2 (0x2)"ACDaemon"=2 (0x2)"aawservice"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]"D-Link Wireless G WDA-1320"=C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\iTunes\\iTunes.exe"=S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-08-25 15:00]S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 05:50]S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys []S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 17:51]S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 17:51]S4 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2007-11-14 13:04]S4 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-11-01 11:59].*************************************************************************

*catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-29 14:16:50Windows 5.1.2600 Service Pack 2 NTFSBalayage processus cachés ...Balayage caché autostart entries ...Balayage des fichiers cachés ...**************************************************************************.--------------------- DLLs a chargé sous des processus courants ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\WINDOWS\system32\Ati2evxx.dll.Temps d'accomplissement: 2008-06-29 14:19:36ComboFix-quarantined-files.txt 2008-06-29 18:18:33Pre-Run: 62,989,586,432 octets libresPost-Run: 62,975,143,936 octets libres272 --- E O F --- 2008-06-26 11:25:56

hijackthis

 

Scan saved at 06:18:58, on 2008-06-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: NormalRunning processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\hijackthis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3934F86C-2D84-4EAF-9065-65322C1AFE25} - (no file)

O2 - BHO: (no name) - {58FF5B3A-2CF6-4B72-919A-AE590AA7890D} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: {291a47de-2140-24e9-1124-71d8f83cb32f} - {f23bc38f-8d17-4211-9e42-0412ed74a192} - (no file)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O8 - Extra context menu item: Choisir comme avatar pour &Messenger - C:\Program Files\MSN Pictures Displayer\AddIEPicture.htm

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_12.cab

O18 - Protocol: bw+0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {58F83A18-CE50-4990-9251-CD9748361BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: ddcbxww - C:\WINDOWS\

O20 - Winlogon Notify: qomliii - qomliii.dll (file missing)

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe--

End of file - 17645 bytes

merci encore guillou

Modifié par guillou
Lien vers le commentaire
Partager sur d’autres sites

Salut!

 

Pourquoi ComboFix? Pour rappel, cet outil est dangereux quand on l'utilise sans connaissances précises sur son fonctionnement...Et le manuel d'utilsiation de ComboFix n'est accessible qu'aux helpers formés sur les Espaces Privés de Sécurité.

 

Guillou, ton log est illisible (tout est sur une seule ligne!): peux-tu s'il te plaît aller chercher le rapport ComboFix ici:

 

- Combofix.txt (il est stocké ici: > C:\ComboFix.txt)

 

Puis tu copies son contenu dans ta réponse.

Lien vers le commentaire
Partager sur d’autres sites

Salut!

 

Pourquoi ComboFix? Pour rappel, cet outil est dangereux quand on l'utilise sans connaissances précises sur son fonctionnement...Et le manuel d'utilsiation de ComboFix n'est accessible qu'aux helpers formés sur les Espaces Privés de Sécurité.

 

Guillou, ton log est illisible (tout est sur une seule ligne!): peux-tu s'il te plaît aller chercher le rapport ComboFix ici:

 

- Combofix.txt (il est stocké ici: > C:\ComboFix.txt)

 

Puis tu copies son contenu dans ta réponse.

 

bonjour à toi... et surtout ne me " disputes" pas :P , c'est un ami informaticien que je ne vois plus qui m'avait donné ce puissant nettoyeur ..... je t'envoie mon log correctement et merci de ta patience :P ... et je ferai attention aappel à tes connaissances la prochaine fois avant de faire des grands pas comme celui-là ...:P

ComboFix 08-06-20.4 - guillaine 2008-06-29 14:15:07.3 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.232 [GMT -4:00] Endroit: C:\Documents and Settings\guillaine.HOME-6620B39EBF\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\BM335ac9bc.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\acbeg.ini C:\WINDOWS\system32\acbeg.ini2 C:\WINDOWS\system32\nqtss.ini C:\WINDOWS\system32\nqtss.ini2 C:\WINDOWS\system32\stvwa.ini C:\WINDOWS\system32\stvwa.ini2 C:\WINDOWS\system32\ttutv.ini C:\WINDOWS\system32\ttutv.ini2 C:\WINDOWS\system32\vycdd.ini C:\WINDOWS\system32\vycdd.ini2 . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))))))) . 2008-06-29 09:38 . 2008-06-29 10:04 134,290,536 --a------ C:\Program Files\OOo_2.4.1_Win32Intel_install_wJRE_fr.exe 2008-06-26 12:51 . 2008-06-26 16:09 51,755 --a------ C:\lucmp3.nr3 2008-06-22 10:38 . 2008-06-22 10:38 36,544 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-06-22 10:25 . 2006-10-04 22:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-06-22 10:25 . 2006-10-04 22:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-06-20 07:19 . 2008-06-22 10:25 <REP> d-------- C:\Program Files\Picasa2 2008-06-20 07:17 . 2008-06-20 07:18 4,909,136 --a------ C:\Program Files\picasa2Setup.exe 2008-06-15 16:41 . 2008-06-15 16:42 <REP> d-------- C:\Documents and Settings\enfants\Application Data\OpenOffice.org2 2008-06-13 07:09 . 2008-06-13 07:09 <REP> d-------- C:\WINDOWS\system32\bits 2008-06-13 07:05 . 2007-03-29 08:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll 2008-06-13 07:05 . 2007-03-29 08:58 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll 2008-06-10 23:54 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 23:54 . 2008-06-14 13:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-04 07:32 . 2008-06-04 07:32 1,534,464 --a------ C:\Program Files\siw.exe 2008-06-03 19:03 . 2008-06-03 19:03 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech 2008-06-01 14:17 . 2008-06-01 14:17 1,491,365 --a------ C:\Program Files\wlm.exe 2008-06-01 13:45 . 2008-06-01 13:45 <REP> d-------- C:\Documents and Settings\enfants\Application Data\GlarySoft . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-29 14:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\OpenOffice.org2 2008-06-29 14:19 --------- d-----w C:\Program Files\OpenOffice.org 2.4 (fr) Installation Files 2008-06-29 13:34 --------- d-----w C:\Program Files\Windows Defender 2008-06-29 12:20 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-06-29 12:10 --------- d-----w C:\Program Files\Java 2008-06-27 04:04 --------- d-----r C:\Program Files\EClea2_0 2008-06-27 03:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\LimeWire 2008-06-27 03:59 --------- d-----w C:\Documents and Settings\enfants\Application Data\LimeWire 2008-06-26 11:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-24 10:56 --------- d-----w C:\Program Files\MesPolices10 2008-06-15 21:51 --------- d-----w C:\Documents and Settings\enfants\Application Data\Arcsoft 2008-06-15 06:51 --------- d-----w C:\Program Files\Circle Developement 2008-06-15 06:51 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\programidle 2008-06-15 06:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Frag great bend logo 2008-06-14 23:40 2,402,832 ----a-w C:\Program Files\WLinstaller.exe 2008-06-14 23:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-06-04 14:06 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ESTsoft 2008-06-03 23:04 --------- d-----w C:\Program Files\Fichiers communs\Logishrd 2008-06-03 23:03 --------- d-----w C:\Program Files\Logitech 2008-06-03 23:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd 2008-06-01 00:18 --------- d-----w C:\Program Files\LimeWire 2008-05-28 11:09 --------- d-----w C:\Program Files\Lavasoft 2008-05-28 11:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-05-28 11:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-05-27 14:47 --------- d-----w C:\Program Files\ESTsoft 2008-05-27 14:41 19,153,264 ----a-w C:\Program Files\Lavasoft_Adaware_multi.exe 2008-05-24 01:22 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Apple Computer 2008-05-22 13:32 2,869,264 ----a-w C:\Program Files\dotNetFx35setup.exe 2008-05-21 13:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-05-21 12:12 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Malwarebytes 2008-05-21 12:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-05-19 16:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\DisplayTune 2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Logitech 2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Grisoft 2008-05-14 22:44 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ArcSoft 2008-05-13 13:24 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Logitech 2008-05-12 20:16 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-05-12 20:16 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-05-12 20:16 --------- d-----r C:\Program Files\Creative 2008-05-12 19:34 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\GlarySoft 2008-05-09 21:09 --------- d-----w C:\Program Files\ANI 2008-05-09 21:08 --------- d-----w C:\Program Files\D-Link 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-05 11:15 --------- d-----r C:\Program Files\Panasonic 2008-05-05 11:07 --------- d-----r C:\Program Files\Alwil Software 2008-05-05 04:47 --------- d-----w C:\Documents and Settings\Marie\Application Data\Bell 2008-05-03 00:38 --------- d-----w C:\Documents and Settings\enfants\Application Data\Bell 2008-04-29 19:54 --------- d-----w C:\Program Files\Fichiers communs\Logitech 2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-29 13:20 27,100,264 -c--a-w C:\Program Files\PowerPointViewer.exe 2008-04-28 15:53 --------- d-----w C:\Program Files\Incomplete 2008-04-28 15:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Calendrier Xtra 2008-04-28 15:53 --------- d-----w C:\Documents and Settings\enfants\Application Data\Chessmaster Challenge 2008-04-28 13:43 --------- d-----w C:\Program Files\Windows Installer Clean Up 2008-04-28 13:43 --------- d-----w C:\Program Files\MSECache 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-20 20:30 1,338,384 -c--a-w C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe 2008-04-20 19:51 2,517 -c--a-w C:\Program Files\INSTALL.LOG 2008-04-08 06:52 119,479,710 -c--a-w C:\Program Files\OOo_2.4.0_Win32Intel_install_fr.exe 2008-04-08 06:27 1,664,591 -c--a-w C:\Program Files\pf-setup.exe 2008-04-05 16:33 9,309,624 -c--a-w C:\Program Files\Shockwave_Installer_Full.exe 2008-04-04 14:15 46,391,264 -c--a-w C:\Program Files\8-3_xp32_dd_ccc_wdm_enu_59746.exe 2008-04-03 23:50 57,144,896 -c--a-w C:\Program Files\setpoint440.exe 2008-04-02 17:45 2,751,368 -c--a-w C:\Program Files\ccsetup206.exe 2008-03-23 01:01 9,722,720 -c--a-w C:\Program Files\spybotsd152.exe 2008-03-21 14:38 8,161,400 -c--a-w C:\Program Files\Windows-KB890830-V1.39.exe 2008-03-09 14:21 407,680 -c--a-w C:\Program Files\aswclnr.exe 2008-02-25 15:15 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe 2008-02-25 15:11 881,192 -c--a-w C:\Program Files\WGAPluginInstall.exe 2008-02-24 01:22 1,491,592 -c--a-w C:\Program Files\install_flash_player.exe 2008-02-17 17:42 1,729 -c--a-w C:\Program Files\Adobe Reader 8.lnk 2008-02-12 16:50 95 -csh--w C:\Program Files\desktop.ini 2008-02-12 16:50 15,086 -csh--w C:\Program Files\ShedkoFolderico3_0627.ico 2007-12-09 00:04 12,413,440 -c--a-w C:\Program Files\avgas-setup-7.5.1.43.exe 2002-06-04 09:06 65,536 -c--a-w C:\WINDOWS\inf\copyinf.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3934F86C-2D84-4EAF-9065-65322C1AFE25}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58FF5B3A-2CF6-4B72-919A-AE590AA7890D}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f23bc38f-8d17-4211-9e42-0412ed74a192}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] C:\Documents and Settings\guillaine.HOME-6620B39EBF\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbxww] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomliii] qomliii.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk] backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service] --a------ 2008-05-28 11:05 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] --a--c--- 2007-11-13 15:24 72192 C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a--c--- 2001-09-04 04:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a--c--- 2004-02-24 22:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp] --a--c--- 2007-11-19 10:33 1468928 C:\Program Files\BellCanada\McciTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-05 08:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320] --a------ 2005-12-14 15:56 2711552 C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a--c--- 2004-08-05 08:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-05-11 08:43 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a--c--- 2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2007-10-25 16:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] --a--c--- 2003-12-01 12:38 892928 C:\Program Files\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WLSetupSvc"=3 (0x3) "WinDefend"=2 (0x2) "usnjsvc"=3 (0x3) "SPTISRV"=3 (0x3) "SoundMAX Agent Service (default)"=2 (0x2) "PACSPTISVR"=3 (0x3) "MSCSPTISRV"=3 (0x3) "McciCMService"=2 (0x2) "LVSrvLauncher"=2 (0x2) "LVPrcSrv"=2 (0x2) "LVCOMSer"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "DTSRVC"=2 (0x2) "CTDevice_Srv"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "aswUpdSv"=2 (0x2) "Apple Mobile Device"=2 (0x2) "ANIWZCSdService"=2 (0x2) "ACDaemon"=2 (0x2) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "D-Link Wireless G WDA-1320"=C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-08-25 15:00] S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 05:50] S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [] S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 17:51] S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 17:51] S4 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2007-11-14 13:04] S4 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-11-01 11:59] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-29 14:16:50 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . Temps d'accomplissement: 2008-06-29 14:19:36 ComboFix-quarantined-files.txt 2008-06-29 18:18:33 Pre-Run: 62,989,586,432 octets libres Post-Run: 62,975,143,936 octets libres 272 --- E O F --- 2008-06-26 11:25:56

guillou merci

Lien vers le commentaire
Partager sur d’autres sites

bonjour à toi... et surtout ne me " disputes" pas :P , c'est un ami informaticien que je ne vois plus qui m'avait donné ce puissant nettoyeur ..... je t'envoie mon log correctement et merci de ta patience :P ... et je ferai attention aappel à tes connaissances la prochaine fois avant de faire des grands pas comme celui-là ... :P

 

bon... je viens de réessayer de te le renvoyer correctement en format texte normal ( combofix.txt ) mais je ne le trouve pas ... il sort de la même façon ici , sur mon document à moi, il est pourtant en belles colonnes définies ( il est sur open office ) je fais quoi ?? :P

désolée.....

guillou

Lien vers le commentaire
Partager sur d’autres sites

Guillou, télécharge Notepad++ ici, installe-le et ouvre le rapoprt ComboFix dedans :

http://downloads.sourceforge.net/notepad-p...mp;big_mirror=0

 

Ca doit aller à la ligne de temps en temps. Si ça ne le fait pas, menu "format" "convertir en format windows" si pas grisé, et tu sauvegardes.

 

ComboFix 08-06-20.4 - guillaine 2008-06-29 14:15:07.3 - NTFSx86 MINIMAL

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.232 [GMT -4:00]

Endroit: C:\Documents and Settings\guillaine.HOME-6620B39EBF\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\BM335ac9bc.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\acbeg.ini

C:\WINDOWS\system32\acbeg.ini2

C:\WINDOWS\system32\nqtss.ini

C:\WINDOWS\system32\nqtss.ini2

C:\WINDOWS\system32\stvwa.ini

C:\WINDOWS\system32\stvwa.ini2

C:\WINDOWS\system32\ttutv.ini

C:\WINDOWS\system32\ttutv.ini2

C:\WINDOWS\system32\vycdd.ini

C:\WINDOWS\system32\vycdd.ini2

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-29 09:38 . 2008-06-29 10:04 134,290,536 --a------ C:\Program Files\OOo_2.4.1_Win32Intel_install_wJRE_fr.exe

2008-06-26 12:51 . 2008-06-26 16:09 51,755 --a------ C:\lucmp3.nr3

2008-06-22 10:38 . 2008-06-22 10:38 36,544 --ah----- C:\WINDOWS\system32\mlfcache.dat

2008-06-22 10:25 . 2006-10-04 22:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-06-22 10:25 . 2006-10-04 22:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-06-20 07:19 . 2008-06-22 10:25 <REP> d-------- C:\Program Files\Picasa2

2008-06-20 07:17 . 2008-06-20 07:18 4,909,136 --a------ C:\Program Files\picasa2Setup.exe

2008-06-15 16:41 . 2008-06-15 16:42 <REP> d-------- C:\Documents and Settings\enfants\Application Data\OpenOffice.org2

2008-06-13 07:09 . 2008-06-13 07:09 <REP> d-------- C:\WINDOWS\system32\bits

2008-06-13 07:05 . 2007-03-29 08:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll

2008-06-13 07:05 . 2007-03-29 08:58 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll

2008-06-10 23:54 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 23:54 . 2008-06-14 13:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-04 07:32 . 2008-06-04 07:32 1,534,464 --a------ C:\Program Files\siw.exe

2008-06-03 19:03 . 2008-06-03 19:03 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech

2008-06-01 14:17 . 2008-06-01 14:17 1,491,365 --a------ C:\Program Files\wlm.exe

2008-06-01 13:45 . 2008-06-01 13:45 <REP> d-------- C:\Documents and Settings\enfants\Application Data\GlarySoft

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-29 14:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\OpenOffice.org2

2008-06-29 14:19 --------- d-----w C:\Program Files\OpenOffice.org 2.4 (fr) Installation Files

2008-06-29 13:34 --------- d-----w C:\Program Files\Windows Defender

2008-06-29 12:20 --------- d-----w C:\Program Files\OpenOffice.org 2.4

2008-06-29 12:10 --------- d-----w C:\Program Files\Java

2008-06-27 04:04 --------- d-----r C:\Program Files\EClea2_0

2008-06-27 03:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\LimeWire

2008-06-27 03:59 --------- d-----w C:\Documents and Settings\enfants\Application Data\LimeWire

2008-06-26 11:48 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-24 10:56 --------- d-----w C:\Program Files\MesPolices10

2008-06-15 21:51 --------- d-----w C:\Documents and Settings\enfants\Application Data\Arcsoft

2008-06-15 06:51 --------- d-----w C:\Program Files\Circle Developement

2008-06-15 06:51 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\programidle

2008-06-15 06:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Frag great bend logo

2008-06-14 23:40 2,402,832 ----a-w C:\Program Files\WLinstaller.exe

2008-06-14 23:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller

2008-06-04 14:06 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ESTsoft

2008-06-03 23:04 --------- d-----w C:\Program Files\Fichiers communs\Logishrd

2008-06-03 23:03 --------- d-----w C:\Program Files\Logitech

2008-06-03 23:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd

2008-06-01 00:18 --------- d-----w C:\Program Files\LimeWire

2008-05-28 11:09 --------- d-----w C:\Program Files\Lavasoft

2008-05-28 11:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-05-28 11:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-05-27 14:47 --------- d-----w C:\Program Files\ESTsoft

2008-05-27 14:41 19,153,264 ----a-w C:\Program Files\Lavasoft_Adaware_multi.exe

2008-05-24 01:22 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Apple Computer

2008-05-22 13:32 2,869,264 ----a-w C:\Program Files\dotNetFx35setup.exe

2008-05-21 13:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2008-05-21 12:12 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Malwarebytes

2008-05-21 12:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-05-19 16:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\DisplayTune

2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Logitech

2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Grisoft

2008-05-14 22:44 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ArcSoft

2008-05-13 13:24 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Logitech

2008-05-12 20:16 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-05-12 20:16 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-05-12 20:16 --------- d-----r C:\Program Files\Creative

2008-05-12 19:34 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\GlarySoft

2008-05-09 21:09 --------- d-----w C:\Program Files\ANI

2008-05-09 21:08 --------- d-----w C:\Program Files\D-Link

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-05 11:15 --------- d-----r C:\Program Files\Panasonic

2008-05-05 11:07 --------- d-----r C:\Program Files\Alwil Software

2008-05-05 04:47 --------- d-----w C:\Documents and Settings\Marie\Application Data\Bell

2008-05-03 00:38 --------- d-----w C:\Documents and Settings\enfants\Application Data\Bell

2008-04-29 19:54 --------- d-----w C:\Program Files\Fichiers communs\Logitech

2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-29 13:20 27,100,264 -c--a-w C:\Program Files\PowerPointViewer.exe

2008-04-28 15:53 --------- d-----w C:\Program Files\Incomplete

2008-04-28 15:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Calendrier Xtra

2008-04-28 15:53 --------- d-----w C:\Documents and Settings\enfants\Application Data\Chessmaster Challenge

2008-04-28 13:43 --------- d-----w C:\Program Files\Windows Installer Clean Up

2008-04-28 13:43 --------- d-----w C:\Program Files\MSECache

2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-20 20:30 1,338,384 -c--a-w C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe

2008-04-20 19:51 2,517 -c--a-w C:\Program Files\INSTALL.LOG

2008-04-08 06:52 119,479,710 -c--a-w C:\Program Files\OOo_2.4.0_Win32Intel_install_fr.exe

2008-04-08 06:27 1,664,591 -c--a-w C:\Program Files\pf-setup.exe

2008-04-05 16:33 9,309,624 -c--a-w C:\Program Files\Shockwave_Installer_Full.exe

2008-04-04 14:15 46,391,264 -c--a-w C:\Program Files\8-3_xp32_dd_ccc_wdm_enu_59746.exe

2008-04-03 23:50 57,144,896 -c--a-w C:\Program Files\setpoint440.exe

2008-04-02 17:45 2,751,368 -c--a-w C:\Program Files\ccsetup206.exe

2008-03-23 01:01 9,722,720 -c--a-w C:\Program Files\spybotsd152.exe

2008-03-21 14:38 8,161,400 -c--a-w C:\Program Files\Windows-KB890830-V1.39.exe

2008-03-09 14:21 407,680 -c--a-w C:\Program Files\aswclnr.exe

2008-02-25 15:15 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe

2008-02-25 15:11 881,192 -c--a-w C:\Program Files\WGAPluginInstall.exe

2008-02-24 01:22 1,491,592 -c--a-w C:\Program Files\install_flash_player.exe

2008-02-17 17:42 1,729 -c--a-w C:\Program Files\Adobe Reader 8.lnk

2008-02-12 16:50 95 -csh--w C:\Program Files\desktop.ini

2008-02-12 16:50 15,086 -csh--w C:\Program Files\ShedkoFolderico3_0627.ico

2007-12-09 00:04 12,413,440 -c--a-w C:\Program Files\avgas-setup-7.5.1.43.exe

2002-06-04 09:06 65,536 -c--a-w C:\WINDOWS\inf\copyinf.exe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3934F86C-2D84-4EAF-9065-65322C1AFE25}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58FF5B3A-2CF6-4B72-919A-AE590AA7890D}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f23bc38f-8d17-4211-9e42-0412ed74a192}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

 

C:\Documents and Settings\guillaine.HOME-6620B39EBF\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbxww]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomliii]

qomliii.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= pvmjpg21.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]

backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

--a------ 2008-05-28 11:05 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

--a--c--- 2007-11-13 15:24 72192 C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

--a--c--- 2001-09-04 04:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a--c--- 2004-02-24 22:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]

--a--c--- 2007-11-19 10:33 1468928 C:\Program Files\BellCanada\McciTrayApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-05 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]

--a------ 2005-12-14 15:56 2711552 C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

--a--c--- 2004-08-05 08:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a--c--- 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

--a------ 2008-05-11 08:43 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

--a--c--- 2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

--a------ 2007-10-25 16:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

--a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

--a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a--c--- 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

C:\Program Files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

--a--c--- 2003-12-01 12:38 892928 C:\Program Files\Logitech\iTouch\iTouch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WLSetupSvc"=3 (0x3)

"WinDefend"=2 (0x2)

"usnjsvc"=3 (0x3)

"SPTISRV"=3 (0x3)

"SoundMAX Agent Service (default)"=2 (0x2)

"PACSPTISVR"=3 (0x3)

"MSCSPTISRV"=3 (0x3)

"McciCMService"=2 (0x2)

"LVSrvLauncher"=2 (0x2)

"LVPrcSrv"=2 (0x2)

"LVCOMSer"=2 (0x2)

"iPod Service"=3 (0x3)

"idsvc"=3 (0x3)

"gusvc"=3 (0x3)

"DTSRVC"=2 (0x2)

"CTDevice_Srv"=2 (0x2)

"Creative Service for CDROM Access"=2 (0x2)

"AVG Anti-Spyware Guard"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"aswUpdSv"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"ANIWZCSdService"=2 (0x2)

"ACDaemon"=2 (0x2)

"aawservice"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"D-Link Wireless G WDA-1320"=C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

 

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-08-25 15:00]

S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 05:50]

S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys []

S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 17:51]

S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 17:51]

S4 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2007-11-14 13:04]

S4 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-11-01 11:59]

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-29 14:16:50

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

 

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\Ati2evxx.dll

.

Temps d'accomplissement: 2008-06-29 14:19:36

ComboFix-quarantined-files.txt 2008-06-29 18:18:33

 

Pre-Run: 62,989,586,432 octets libres

Post-Run: 62,975,143,936 octets libres

 

272 --- E O F --- 2008-06-26 11:25:56

ComboFix 08-06-20.4 - guillaine 2008-06-29 14:15:07.3 - NTFSx86 MINIMAL

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.232 [GMT -4:00]

Endroit: C:\Documents and Settings\guillaine.HOME-6620B39EBF\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\BM335ac9bc.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\acbeg.ini

C:\WINDOWS\system32\acbeg.ini2

C:\WINDOWS\system32\nqtss.ini

C:\WINDOWS\system32\nqtss.ini2

C:\WINDOWS\system32\stvwa.ini

C:\WINDOWS\system32\stvwa.ini2

C:\WINDOWS\system32\ttutv.ini

C:\WINDOWS\system32\ttutv.ini2

C:\WINDOWS\system32\vycdd.ini

C:\WINDOWS\system32\vycdd.ini2

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-29 09:38 . 2008-06-29 10:04 134,290,536 --a------ C:\Program Files\OOo_2.4.1_Win32Intel_install_wJRE_fr.exe

2008-06-26 12:51 . 2008-06-26 16:09 51,755 --a------ C:\lucmp3.nr3

2008-06-22 10:38 . 2008-06-22 10:38 36,544 --ah----- C:\WINDOWS\system32\mlfcache.dat

2008-06-22 10:25 . 2006-10-04 22:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-06-22 10:25 . 2006-10-04 22:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-06-20 07:19 . 2008-06-22 10:25 <REP> d-------- C:\Program Files\Picasa2

2008-06-20 07:17 . 2008-06-20 07:18 4,909,136 --a------ C:\Program Files\picasa2Setup.exe

2008-06-15 16:41 . 2008-06-15 16:42 <REP> d-------- C:\Documents and Settings\enfants\Application Data\OpenOffice.org2

2008-06-13 07:09 . 2008-06-13 07:09 <REP> d-------- C:\WINDOWS\system32\bits

2008-06-13 07:05 . 2007-03-29 08:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll

2008-06-13 07:05 . 2007-03-29 08:58 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll

2008-06-10 23:54 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 23:54 . 2008-06-14 13:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-04 07:32 . 2008-06-04 07:32 1,534,464 --a------ C:\Program Files\siw.exe

2008-06-03 19:03 . 2008-06-03 19:03 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech

2008-06-01 14:17 . 2008-06-01 14:17 1,491,365 --a------ C:\Program Files\wlm.exe

2008-06-01 13:45 . 2008-06-01 13:45 <REP> d-------- C:\Documents and Settings\enfants\Application Data\GlarySoft

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-29 14:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\OpenOffice.org2

2008-06-29 14:19 --------- d-----w C:\Program Files\OpenOffice.org 2.4 (fr) Installation Files

2008-06-29 13:34 --------- d-----w C:\Program Files\Windows Defender

2008-06-29 12:20 --------- d-----w C:\Program Files\OpenOffice.org 2.4

2008-06-29 12:10 --------- d-----w C:\Program Files\Java

2008-06-27 04:04 --------- d-----r C:\Program Files\EClea2_0

2008-06-27 03:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\LimeWire

2008-06-27 03:59 --------- d-----w C:\Documents and Settings\enfants\Application Data\LimeWire

2008-06-26 11:48 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-24 10:56 --------- d-----w C:\Program Files\MesPolices10

2008-06-15 21:51 --------- d-----w C:\Documents and Settings\enfants\Application Data\Arcsoft

2008-06-15 06:51 --------- d-----w C:\Program Files\Circle Developement

2008-06-15 06:51 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\programidle

2008-06-15 06:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Frag great bend logo

2008-06-14 23:40 2,402,832 ----a-w C:\Program Files\WLinstaller.exe

2008-06-14 23:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller

2008-06-04 14:06 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ESTsoft

2008-06-03 23:04 --------- d-----w C:\Program Files\Fichiers communs\Logishrd

2008-06-03 23:03 --------- d-----w C:\Program Files\Logitech

2008-06-03 23:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd

2008-06-01 00:18 --------- d-----w C:\Program Files\LimeWire

2008-05-28 11:09 --------- d-----w C:\Program Files\Lavasoft

2008-05-28 11:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-05-28 11:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-05-27 14:47 --------- d-----w C:\Program Files\ESTsoft

2008-05-27 14:41 19,153,264 ----a-w C:\Program Files\Lavasoft_Adaware_multi.exe

2008-05-24 01:22 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Apple Computer

2008-05-22 13:32 2,869,264 ----a-w C:\Program Files\dotNetFx35setup.exe

2008-05-21 13:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2008-05-21 12:12 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Malwarebytes

2008-05-21 12:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-05-19 16:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\DisplayTune

2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Logitech

2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Grisoft

2008-05-14 22:44 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ArcSoft

2008-05-13 13:24 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Logitech

2008-05-12 20:16 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-05-12 20:16 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-05-12 20:16 --------- d-----r C:\Program Files\Creative

2008-05-12 19:34 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\GlarySoft

2008-05-09 21:09 --------- d-----w C:\Program Files\ANI

2008-05-09 21:08 --------- d-----w C:\Program Files\D-Link

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-05 11:15 --------- d-----r C:\Program Files\Panasonic

2008-05-05 11:07 --------- d-----r C:\Program Files\Alwil Software

2008-05-05 04:47 --------- d-----w C:\Documents and Settings\Marie\Application Data\Bell

2008-05-03 00:38 --------- d-----w C:\Documents and Settings\enfants\Application Data\Bell

2008-04-29 19:54 --------- d-----w C:\Program Files\Fichiers communs\Logitech

2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-29 13:20 27,100,264 -c--a-w C:\Program Files\PowerPointViewer.exe

2008-04-28 15:53 --------- d-----w C:\Program Files\Incomplete

2008-04-28 15:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Calendrier Xtra

2008-04-28 15:53 --------- d-----w C:\Documents and Settings\enfants\Application Data\Chessmaster Challenge

2008-04-28 13:43 --------- d-----w C:\Program Files\Windows Installer Clean Up

2008-04-28 13:43 --------- d-----w C:\Program Files\MSECache

2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-20 20:30 1,338,384 -c--a-w C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe

2008-04-20 19:51 2,517 -c--a-w C:\Program Files\INSTALL.LOG

2008-04-08 06:52 119,479,710 -c--a-w C:\Program Files\OOo_2.4.0_Win32Intel_install_fr.exe

2008-04-08 06:27 1,664,591 -c--a-w C:\Program Files\pf-setup.exe

2008-04-05 16:33 9,309,624 -c--a-w C:\Program Files\Shockwave_Installer_Full.exe

2008-04-04 14:15 46,391,264 -c--a-w C:\Program Files\8-3_xp32_dd_ccc_wdm_enu_59746.exe

2008-04-03 23:50 57,144,896 -c--a-w C:\Program Files\setpoint440.exe

2008-04-02 17:45 2,751,368 -c--a-w C:\Program Files\ccsetup206.exe

2008-03-23 01:01 9,722,720 -c--a-w C:\Program Files\spybotsd152.exe

2008-03-21 14:38 8,161,400 -c--a-w C:\Program Files\Windows-KB890830-V1.39.exe

2008-03-09 14:21 407,680 -c--a-w C:\Program Files\aswclnr.exe

2008-02-25 15:15 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe

2008-02-25 15:11 881,192 -c--a-w C:\Program Files\WGAPluginInstall.exe

2008-02-24 01:22 1,491,592 -c--a-w C:\Program Files\install_flash_player.exe

2008-02-17 17:42 1,729 -c--a-w C:\Program Files\Adobe Reader 8.lnk

2008-02-12 16:50 95 -csh--w C:\Program Files\desktop.ini

2008-02-12 16:50 15,086 -csh--w C:\Program Files\ShedkoFolderico3_0627.ico

2007-12-09 00:04 12,413,440 -c--a-w C:\Program Files\avgas-setup-7.5.1.43.exe

2002-06-04 09:06 65,536 -c--a-w C:\WINDOWS\inf\copyinf.exe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3934F86C-2D84-4EAF-9065-65322C1AFE25}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58FF5B3A-2CF6-4B72-919A-AE590AA7890D}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f23bc38f-8d17-4211-9e42-0412ed74a192}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

 

C:\Documents and Settings\guillaine.HOME-6620B39EBF\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbxww]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomliii]

qomliii.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= pvmjpg21.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]

backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

--a------ 2008-05-28 11:05 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

--a--c--- 2007-11-13 15:24 72192 C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

--a--c--- 2001-09-04 04:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a--c--- 2004-02-24 22:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]

--a--c--- 2007-11-19 10:33 1468928 C:\Program Files\BellCanada\McciTrayApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-05 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]

--a------ 2005-12-14 15:56 2711552 C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

--a--c--- 2004-08-05 08:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a--c--- 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

--a------ 2008-05-11 08:43 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

--a--c--- 2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

--a------ 2007-10-25 16:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

--a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

--a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a--c--- 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

C:\Program Files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

--a--c--- 2003-12-01 12:38 892928 C:\Program Files\Logitech\iTouch\iTouch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WLSetupSvc"=3 (0x3)

"WinDefend"=2 (0x2)

"usnjsvc"=3 (0x3)

"SPTISRV"=3 (0x3)

"SoundMAX Agent Service (default)"=2 (0x2)

"PACSPTISVR"=3 (0x3)

"MSCSPTISRV"=3 (0x3)

"McciCMService"=2 (0x2)

"LVSrvLauncher"=2 (0x2)

"LVPrcSrv"=2 (0x2)

"LVCOMSer"=2 (0x2)

"iPod Service"=3 (0x3)

"idsvc"=3 (0x3)

"gusvc"=3 (0x3)

"DTSRVC"=2 (0x2)

"CTDevice_Srv"=2 (0x2)

"Creative Service for CDROM Access"=2 (0x2)

"AVG Anti-Spyware Guard"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"aswUpdSv"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"ANIWZCSdService"=2 (0x2)

"ACDaemon"=2 (0x2)

"aawservice"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"D-Link Wireless G WDA-1320"=C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

 

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-08-25 15:00]

S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 05:50]

S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys []

S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 17:51]

S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 17:51]

S4 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2007-11-14 13:04]

S4 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-11-01 11:59]

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-29 14:16:50

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

 

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\Ati2evxx.dll

.

Temps d'accomplissement: 2008-06-29 14:19:36

ComboFix-quarantined-files.txt 2008-06-29 18:18:33

 

Pre-Run: 62,989,586,432 octets libres

Post-Run: 62,975,143,936 octets libres

 

272 --- E O F --- 2008-06-26 11:25:56

ComboFix 08-06-20.4 - guillaine 2008-06-29 14:15:07.3 - NTFSx86 MINIMAL

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.232 [GMT -4:00]

Endroit: C:\Documents and Settings\guillaine.HOME-6620B39EBF\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\BM335ac9bc.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\acbeg.ini

C:\WINDOWS\system32\acbeg.ini2

C:\WINDOWS\system32\nqtss.ini

C:\WINDOWS\system32\nqtss.ini2

C:\WINDOWS\system32\stvwa.ini

C:\WINDOWS\system32\stvwa.ini2

C:\WINDOWS\system32\ttutv.ini

C:\WINDOWS\system32\ttutv.ini2

C:\WINDOWS\system32\vycdd.ini

C:\WINDOWS\system32\vycdd.ini2

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-29 09:38 . 2008-06-29 10:04 134,290,536 --a------ C:\Program Files\OOo_2.4.1_Win32Intel_install_wJRE_fr.exe

2008-06-26 12:51 . 2008-06-26 16:09 51,755 --a------ C:\lucmp3.nr3

2008-06-22 10:38 . 2008-06-22 10:38 36,544 --ah----- C:\WINDOWS\system32\mlfcache.dat

2008-06-22 10:25 . 2006-10-04 22:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-06-22 10:25 . 2006-10-04 22:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-06-20 07:19 . 2008-06-22 10:25 <REP> d-------- C:\Program Files\Picasa2

2008-06-20 07:17 . 2008-06-20 07:18 4,909,136 --a------ C:\Program Files\picasa2Setup.exe

2008-06-15 16:41 . 2008-06-15 16:42 <REP> d-------- C:\Documents and Settings\enfants\Application Data\OpenOffice.org2

2008-06-13 07:09 . 2008-06-13 07:09 <REP> d-------- C:\WINDOWS\system32\bits

2008-06-13 07:05 . 2007-03-29 08:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll

2008-06-13 07:05 . 2007-03-29 08:58 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll

2008-06-10 23:54 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 23:54 . 2008-06-14 13:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-04 07:32 . 2008-06-04 07:32 1,534,464 --a------ C:\Program Files\siw.exe

2008-06-03 19:03 . 2008-06-03 19:03 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech

2008-06-01 14:17 . 2008-06-01 14:17 1,491,365 --a------ C:\Program Files\wlm.exe

2008-06-01 13:45 . 2008-06-01 13:45 <REP> d-------- C:\Documents and Settings\enfants\Application Data\GlarySoft

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-29 14:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\OpenOffice.org2

2008-06-29 14:19 --------- d-----w C:\Program Files\OpenOffice.org 2.4 (fr) Installation Files

2008-06-29 13:34 --------- d-----w C:\Program Files\Windows Defender

2008-06-29 12:20 --------- d-----w C:\Program Files\OpenOffice.org 2.4

2008-06-29 12:10 --------- d-----w C:\Program Files\Java

2008-06-27 04:04 --------- d-----r C:\Program Files\EClea2_0

2008-06-27 03:59 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\LimeWire

2008-06-27 03:59 --------- d-----w C:\Documents and Settings\enfants\Application Data\LimeWire

2008-06-26 11:48 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-24 10:56 --------- d-----w C:\Program Files\MesPolices10

2008-06-15 21:51 --------- d-----w C:\Documents and Settings\enfants\Application Data\Arcsoft

2008-06-15 06:51 --------- d-----w C:\Program Files\Circle Developement

2008-06-15 06:51 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\programidle

2008-06-15 06:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Frag great bend logo

2008-06-14 23:40 2,402,832 ----a-w C:\Program Files\WLinstaller.exe

2008-06-14 23:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller

2008-06-04 14:06 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ESTsoft

2008-06-03 23:04 --------- d-----w C:\Program Files\Fichiers communs\Logishrd

2008-06-03 23:03 --------- d-----w C:\Program Files\Logitech

2008-06-03 23:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd

2008-06-01 00:18 --------- d-----w C:\Program Files\LimeWire

2008-05-28 11:09 --------- d-----w C:\Program Files\Lavasoft

2008-05-28 11:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-05-28 11:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-05-27 14:47 --------- d-----w C:\Program Files\ESTsoft

2008-05-27 14:41 19,153,264 ----a-w C:\Program Files\Lavasoft_Adaware_multi.exe

2008-05-24 01:22 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Apple Computer

2008-05-22 13:32 2,869,264 ----a-w C:\Program Files\dotNetFx35setup.exe

2008-05-21 13:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2008-05-21 12:12 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Malwarebytes

2008-05-21 12:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-05-19 16:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\DisplayTune

2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Logitech

2008-05-15 23:35 --------- d-----w C:\Documents and Settings\enfants\Application Data\Grisoft

2008-05-14 22:44 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\ArcSoft

2008-05-13 13:24 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Logitech

2008-05-12 20:16 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-05-12 20:16 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-05-12 20:16 --------- d-----r C:\Program Files\Creative

2008-05-12 19:34 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\GlarySoft

2008-05-09 21:09 --------- d-----w C:\Program Files\ANI

2008-05-09 21:08 --------- d-----w C:\Program Files\D-Link

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-05 11:15 --------- d-----r C:\Program Files\Panasonic

2008-05-05 11:07 --------- d-----r C:\Program Files\Alwil Software

2008-05-05 04:47 --------- d-----w C:\Documents and Settings\Marie\Application Data\Bell

2008-05-03 00:38 --------- d-----w C:\Documents and Settings\enfants\Application Data\Bell

2008-04-29 19:54 --------- d-----w C:\Program Files\Fichiers communs\Logitech

2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-29 13:20 27,100,264 -c--a-w C:\Program Files\PowerPointViewer.exe

2008-04-28 15:53 --------- d-----w C:\Program Files\Incomplete

2008-04-28 15:53 --------- d-----w C:\Documents and Settings\guillaine.HOME-6620B39EBF\Application Data\Calendrier Xtra

2008-04-28 15:53 --------- d-----w C:\Documents and Settings\enfants\Application Data\Chessmaster Challenge

2008-04-28 13:43 --------- d-----w C:\Program Files\Windows Installer Clean Up

2008-04-28 13:43 --------- d-----w C:\Program Files\MSECache

2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-20 20:30 1,338,384 -c--a-w C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe

2008-04-20 19:51 2,517 -c--a-w C:\Program Files\INSTALL.LOG

2008-04-08 06:52 119,479,710 -c--a-w C:\Program Files\OOo_2.4.0_Win32Intel_install_fr.exe

2008-04-08 06:27 1,664,591 -c--a-w C:\Program Files\pf-setup.exe

2008-04-05 16:33 9,309,624 -c--a-w C:\Program Files\Shockwave_Installer_Full.exe

2008-04-04 14:15 46,391,264 -c--a-w C:\Program Files\8-3_xp32_dd_ccc_wdm_enu_59746.exe

2008-04-03 23:50 57,144,896 -c--a-w C:\Program Files\setpoint440.exe

2008-04-02 17:45 2,751,368 -c--a-w C:\Program Files\ccsetup206.exe

2008-03-23 01:01 9,722,720 -c--a-w C:\Program Files\spybotsd152.exe

2008-03-21 14:38 8,161,400 -c--a-w C:\Program Files\Windows-KB890830-V1.39.exe

2008-03-09 14:21 407,680 -c--a-w C:\Program Files\aswclnr.exe

2008-02-25 15:15 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe

2008-02-25 15:11 881,192 -c--a-w C:\Program Files\WGAPluginInstall.exe

2008-02-24 01:22 1,491,592 -c--a-w C:\Program Files\install_flash_player.exe

2008-02-17 17:42 1,729 -c--a-w C:\Program Files\Adobe Reader 8.lnk

2008-02-12 16:50 95 -csh--w C:\Program Files\desktop.ini

2008-02-12 16:50 15,086 -csh--w C:\Program Files\ShedkoFolderico3_0627.ico

2007-12-09 00:04 12,413,440 -c--a-w C:\Program Files\avgas-setup-7.5.1.43.exe

2002-06-04 09:06 65,536 -c--a-w C:\WINDOWS\inf\copyinf.exe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3934F86C-2D84-4EAF-9065-65322C1AFE25}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58FF5B3A-2CF6-4B72-919A-AE590AA7890D}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f23bc38f-8d17-4211-9e42-0412ed74a192}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

 

C:\Documents and Settings\guillaine.HOME-6620B39EBF\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbxww]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomliii]

qomliii.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= pvmjpg21.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]

backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

--a------ 2008-05-28 11:05 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

--a--c--- 2007-11-13 15:24 72192 C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

--a--c--- 2001-09-04 04:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a--c--- 2004-02-24 22:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]

--a--c--- 2007-11-19 10:33 1468928 C:\Program Files\BellCanada\McciTrayApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-05 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]

--a------ 2005-12-14 15:56 2711552 C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

--a--c--- 2004-08-05 08:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a--c--- 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

--a------ 2008-05-11 08:43 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

--a--c--- 2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

--a------ 2007-10-25 16:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

--a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

--a--c--- 2004-08-05 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a--c--- 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

C:\Program Files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

--a--c--- 2003-12-01 12:38 892928 C:\Program Files\Logitech\iTouch\iTouch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WLSetupSvc"=3 (0x3)

"WinDefend"=2 (0x2)

"usnjsvc"=3 (0x3)

"SPTISRV"=3 (0x3)

"SoundMAX Agent Service (default)"=2 (0x2)

"PACSPTISVR"=3 (0x3)

"MSCSPTISRV"=3 (0x3)

"McciCMService"=2 (0x2)

"LVSrvLauncher"=2 (0x2)

"LVPrcSrv"=2 (0x2)

"LVCOMSer"=2 (0x2)

"iPod Service"=3 (0x3)

"idsvc"=3 (0x3)

"gusvc"=3 (0x3)

"DTSRVC"=2 (0x2)

"CTDevice_Srv"=2 (0x2)

"Creative Service for CDROM Access"=2 (0x2)

"AVG Anti-Spyware Guard"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"aswUpdSv"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"ANIWZCSdService"=2 (0x2)

"ACDaemon"=2 (0x2)

"aawservice"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"D-Link Wireless G WDA-1320"=C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

 

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-08-25 15:00]

S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 05:50]

S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys []

S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 17:51]

S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 17:51]

S4 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2007-11-14 13:04]

S4 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-11-01 11:59]

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-29 14:16:50

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

 

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\Ati2evxx.dll

.

Temps d'accomplissement: 2008-06-29 14:19:36

ComboFix-quarantined-files.txt 2008-06-29 18:18:33

 

Pre-Run: 62,989,586,432 octets libres

Post-Run: 62,975,143,936 octets libres

 

272 --- E O F --- 2008-06-26 11:25:56

Lien vers le commentaire
Partager sur d’autres sites

Guillou, télécharge Notepad++ ici, installe-le et ouvre le rapoprt ComboFix dedans :

http://downloads.sourceforge.net/notepad-p...mp;big_mirror=0

 

Ca doit aller à la ligne de temps en temps. Si ça ne le fait pas, menu "format" "convertir en format windows" si pas grisé, et tu sauvegardes.

 

hey !!!!! ça marcé !! un gros merci ! vous êtes vraiment génials !!!!! et rapides !!!! wow !!!! vous savez , yé que 5h 44 du matin pour moi, tout le monde dors lolll ! :P merci encore !

 

guillou

Lien vers le commentaire
Partager sur d’autres sites

Je te laisse voir avec oGu pour la suite. :P

 

petite question en passant falkra de "travailler" :P ak oGu (s'il le veut bien :P ) suis nouvelle ici , puis-je avoir des des alertes directes d'ici pour les réponses ou c'est justes avec les emails ?

merci à l'avance

guillou

Lien vers le commentaire
Partager sur d’autres sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

 Share

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...