Pb infection Bagle - Impossible réinstaller antivirus - RESOLU
Forum Sécurité - Virus : Pb infection Bagle - Impossible réinstaller antivirus - RESOLU
Suite à une infection par Bagle avec AVG Free edition sur PC win XP Familiale, il m'est impossible de réinstaller un antivirus sur mon disque C. J'ai mis mon disque en esclave dans un boitier externe sur mon 2e ordi, et l'ai analysé avec Nod32 version évaluation : de nombreux fichiers n'ont pu être ouverts, et 21 infections ont été traitées. Voici la liste des infections :
E:\Documents and Settings\Christophe Besnard\Local Settings\Temporary Internet Files\Content.IE5\2KV26QYY\b64_31[1].jpg - Win32/Bagle.MI worm - cleaned by deleting - quarantined [1]
E:\Documents and Settings\Christophe Besnard\Local Settings\Temporary Internet Files\Content.IE5\8LMNCPIB\b64_31[1].jpg - Win32/Bagle.MW worm - cleaned by deleting - quarantined [1]
E:\Documents and Settings\Christophe Besnard\Local Settings\Temporary Internet Files\Content.IE5\AS4AIHGK\b64_1[1].jpg - Win32/Bagle.LY worm - cleaned by deleting - quarantined [1]
E:\Documents and Settings\Christophe Besnard\Local Settings\Temporary Internet Files\Content.IE5\AXIJNRJV\b64_31[1].jpg - Win32/Bagle.MW worm - cleaned by deleting - quarantined [1]
E:\Documents and Settings\Christophe Besnard\Local Settings\Temporary Internet Files\Content.IE5\GL6VOLIB\b64_1[1].jpg - Win32/Delf.NFD trojan - cleaned by deleting - quarantined [1]
E:\Documents and Settings\Christophe Besnard\Local Settings\Temporary Internet Files\Content.IE5\O92FOHYN\b64_1[1].jpg - Win32/Bagle.LY worm - cleaned by deleting - quarantined [1]
E:\Documents and Settings\Christophe Besnard\Local Settings\Temporary Internet Files\Content.IE5\O92FOHYN\b64_31[1].jpg - Win32/Bagle.MW worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\mdelk.exe - Win32/Bagle.MW worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\wintems.exe - Win32/Bagle.MW worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\drivers\hldrrr.exe - Win32/Bagle.MU worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\drivers\srosa.sys - Win32/Bagle.MU worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\drivers\down\119078.exe - Win32/Bagle.LY worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\drivers\down\130046.exe - Win32/Bagle.MW worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\drivers\down\14476218.exe - Win32/Bagle.LY worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\drivers\down\14480250.exe - Win32/Bagle.MW worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\drivers\down\15094937.exe - Win32/Bagle.MW worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\drivers\down\57718421.exe - Win32/Bagle.MW worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\drivers\down\577593.exe - Win32/Bagle.LY worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\drivers\down\590687.exe - Win32/Bagle.MW worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\drivers\down\72220843.exe - Win32/Bagle.LY worm - cleaned by deleting - quarantined [1]
E:\WINDOWS\system32\drivers\down\72226609.exe - Win32/Bagle.MI worm - cleaned by deleting - quarantined [1]
Number of scanned objects: 270439
Number of threats found: 21
Time of completion: 01:44:20 Total scanning time: 12203 sec (03:23:23)
Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.
En réinstallant mon disque C en master sur ordi 1, il est toujours impossible de réinstaller un antivirus, le processus avorte lors de l'installation des services de démarrage. De plus, j'ai retrouvé (et désactivé) hldrrr et wintems dans la config de démarrage.
J'ai installé NOD32 à partir de ordi 2, sur un disque externe, mais les éléments de démarrage qui se greffent sur la config de démarrage sont restés sur ordi 2, et lorsque j'essaie de lancer NOD32 à partir du disque externe branché sur ordi 1, le message d'erreur suivant s'affiche: error communicating with kernel.
Je vous remercie par avance de votre aide, mon ordi 1 étant pour moi primordial, alors que le 2 n'est là qu'en roue de secours (heureusement qu'il est là, d'ailleurs...!
Message édité par wagram238 le 05-03-2008 à 01:15:22
Salut,
Télécharge ELIBAGLA au bas de cette page. Il est préférable pour certains antivirus de les désactiver avant d’entâmer cette procédure !
Clique sur le Descargar Elibagla afin de télécharger le fichier, enregistre-le sur ton bureau.
Lance le en double cliquant dessus.
Vérifie que dans le menu déroulant Unidad, il y ait bien C:\
L'option Eliminar Ficheros Automaticamente doit également être cochée.
Clique sur Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.
Répondre à XmichouX
Salut, et merci de ton aide.
Voici ci-dessous le rapport elibagla :
Thu Feb 28 18:58:12 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Thu Feb 28 18:59:26 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
GOLF.ZIP -> Bagle
Nº Total de Directorios: 7151
Nº Total de Ficheros: 71910
Nº de Ficheros Analizados: 12490
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Thu Feb 28 19:11:45 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Feb 28 19:12:10 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
GOLF.ZIP -> Bagle
Nº Total de Directorios: 7149
Nº Total de Ficheros: 71935
Nº de Ficheros Analizados: 12490
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Thu Feb 28 19:12:52 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
GOLF.ZIP -> Bagle
Nº Total de Directorios: 7149
Nº Total de Ficheros: 71935
Nº de Ficheros Analizados: 12490
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Re,
Télécharge Combofix (de sUBs) sur ton Bureau.
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
Répondre à XmichouX
Ci-dessous rapport combofix, à noter une alerte de sécurité xp au redémarrage (aucun antivirus installé), ce qui n'avait pas été détecté auparavant.
ComboFix 08-02-25.3 - Christophe Besnard 2008-02-29 0:07:26.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.466 [GMT 1:00]
Endroit: C:\Documents and Settings\Christophe Besnard\Bureau\ComboFix.exe
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))))))))
.
2008-02-28 02:28 . 2008-02-29 00:12 0 --a------ C:\WINDOWS\system32\drivers\logiflt.iad
2008-02-28 02:21 . 2007-10-12 02:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2008-02-28 02:20 . 2008-02-28 02:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-02-27 06:02 . 2008-02-27 06:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-02-22 10:20 . 2008-02-22 10:20 <REP> d-------- C:\Program Files\ESET
2008-02-22 02:01 . 2008-02-22 09:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-21 05:27 . 2008-02-22 09:49 <REP> d-------- C:\Program Files\Alwil Software
2008-02-15 22:19 . 2008-02-19 01:58 1,505 --a------ C:\WINDOWS\Gcr70fr.INI
2008-02-15 22:19 . 2008-02-15 22:19 51 --a------ C:\WINDOWS\gescap.ini
2008-02-15 22:18 . 2008-02-15 22:18 <REP> d----c--- C:\CIEL
2008-02-15 22:18 . 2005-07-08 14:08 274,432 --------- C:\WINDOWS\system32\CRUN500.DLL
2008-02-15 15:52 . 2008-02-15 15:52 <REP> d-------- C:\Program Files\CapAlpha
2008-02-14 17:05 . 2008-02-22 09:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-14 14:59 . 2008-02-27 16:24 268 --ah-c--- C:\sqmdata19.sqm
2008-02-14 14:59 . 2008-02-27 16:24 244 --ah-c--- C:\sqmnoopt19.sqm
2008-02-13 23:19 . 2008-02-13 23:19 <REP> d-------- C:\Program Files\MicroStar
2008-02-13 14:11 . 2008-02-13 18:52 <REP> d-------- C:\Program Files\PDF Editor Objects 2
2008-02-13 14:11 . 2008-02-13 14:12 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-02-12 23:16 . 2008-02-12 23:22 <REP> d-------- C:\Documents and Settings\Christophe Besnard\Application Data\U3
2008-02-10 20:07 . 2008-02-10 20:07 <REP> d-------- C:\Documents and Settings\Christophe Besnard\Application Data\HPAppData
2008-02-10 20:07 . 2008-02-10 20:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-02-10 20:05 . 2008-02-10 20:05 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-02-10 20:05 . 2008-02-10 20:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-02-10 20:02 . 2008-02-21 06:47 158,922 --a------ C:\WINDOWS\hpoins15.dat
2008-02-10 20:02 . 2007-06-06 00:04 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-02-10 19:45 . 2008-02-10 19:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-04 13:03 . 2008-02-04 13:03 <REP> d----c--- C:\spoolerlogs
2008-02-02 21:37 . 2008-02-27 16:23 244 --ah-c--- C:\sqmnoopt18.sqm
2008-02-02 21:37 . 2008-02-27 16:23 232 --ah-c--- C:\sqmdata18.sqm
2008-02-02 20:21 . 2008-02-02 20:21 <REP> d-------- C:\Documents and Settings\admin\Application Data\Grisoft
2008-01-30 23:59 . 2008-02-27 16:16 268 --ah-c--- C:\sqmdata17.sqm
2008-01-30 23:59 . 2008-02-27 16:16 244 --ah-c--- C:\sqmnoopt17.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 23:12 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-02-28 01:28 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2008-02-28 01:19 --------- d-----w C:\Program Files\Logitech
2008-02-21 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-21 02:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-21 02:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-15 21:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 13:40 --------- d-----w C:\Program Files\eMule
2008-02-13 00:14 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-12 20:12 --------- d-----w C:\Documents and Settings\Christophe Besnard\Application Data\HP
2008-02-12 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-02-10 19:07 --------- d-----w C:\Program Files\HP
2008-01-21 15:49 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-01-16 16:19 --------- d-----w C:\Program Files\EVF
2008-01-04 15:51 --------- d-----w C:\Documents and Settings\Christophe Besnard\Application Data\Media Player Classic
2007-12-31 10:38 --------- d-----w C:\Program Files\JetAudio
2007-12-28 00:42 --------- d-----w C:\Program Files\Google
2007-12-12 10:37 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2005-08-18 21:17 21 -csh--w C:\WINDOWS\dpwtddxp.dll
2005-08-18 21:17 14 -csh--w C:\WINDOWS\dpwtpdxp.dll
2005-08-18 21:17 21 -csh--w C:\WINDOWS\system32\dpwtdaxp.dll
2005-08-18 21:17 14 -csh--w C:\WINDOWS\system32\dpwtpaxp.dll
2005-08-18 21:17 12 -csh--w C:\WINDOWS\system32\spwtpaxp.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 12:02 208946]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 20:05 344064]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 14:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-05 13:00 15360]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [ ]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Activer l'ensemble clavier et souris sans fil Labtec.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Activer l'ensemble clavier et souris sans fil Labtec.lnk
backup=C:\WINDOWS\pss\Activer l'ensemble clavier et souris sans fil Labtec.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Background Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Background Monitor.lnk
backup=C:\WINDOWS\pss\EPSON Background Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MioSync.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MioSync.lnk
backup=C:\WINDOWS\pss\MioSync.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ulead Acquire Fast.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ulead Acquire Fast.lnk
backup=C:\WINDOWS\pss\Ulead Acquire Fast.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]
C:\WINDOWS\system32\drivers\hldrrr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2007-12-21 08:21 1443072 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\german.exe]
C:\WINDOWS\system32\wintems.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-03-24 11:41 1294446 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 10:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-14 13:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 00:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-12-01 14:54 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MicroStar\\WLANUtility\\APUtility.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\palmOne\\HOTSYNC.EXE"=
"C:\\Program Files\\MicroStar\\WLANUtility\\WlanUtility.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 12:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 14:29]
R2 NkPtpEnumP2;NkPtpEnumP2;"C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a []
R3 m2571usb;802.11g Wireless-Network Driver;C:\WINDOWS\system32\DRIVERS\m2571usb.sys [2004-08-13 16:38]
R3 VBus;Virtual Bus;C:\WINDOWS\system32\DRIVERS\NkVBus.sys [2006-05-11 12:06]
S0 SMPLSCSI;SMPLSCSI;C:\WINDOWS\system32\drivers\SMPLSCSI.SYS [1998-04-02 09:43]
S2 ONSIO;ONSIO;C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS []
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2003-10-14 12:31]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 17:44]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys []
S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys []
S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys []
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys []
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys []
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 13:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-28 22:51:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Je re demain, n'hésite pas à faire un UP
Répondre à XmichouX
Qu'est-ce que tu appelles un UP ?
Re,
Tu dis up, en fait c'est pour que je voie ton sujet avec les drapeaux 
Fais analyser ces fichier sur ce site >> Virustotal <<
Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\system32\dpwtdaxp.dll
Clique maintenant sur envoyer le fichier.
Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)
Fais la même chose avec ces fichiers : C:\WINDOWS\dpwtpdxp.dll , C:\WINDOWS\Gcr70fr.INI
Répondre à XmichouX
Salut,
Impossible de trouver les fichiers dpwtdaxp.ddll et dpwtpdxp.dll, voici ci-dessous le rapport de Gcr70fr.INI :
Fichier Gcr70fr.INI reçu le 2008.02.29 17:32:51 (CET)
Situation actuelle: terminé
Résultat: 0/32 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 -
Authentium 4.93.8 2008.02.29 -
Avast 4.7.1098.0 2008.02.28 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.02.29 -
CAT-QuickHeal 9.50 2008.02.28 -
ClamAV 0.92.1 2008.02.29 -
DrWeb 4.44.0.09170 2008.02.29 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.02.29 -
FileAdvisor 1 2008.02.29 -
Fortinet 3.14.0.0 2008.02.29 -
F-Prot 4.4.2.54 2008.02.28 -
F-Secure 6.70.13260.0 2008.02.29 -
Ikarus T3.1.1.20 2008.02.29 -
Kaspersky 7.0.0.125 2008.02.29 -
McAfee 5241 2008.02.28 -
Microsoft 1.3301 2008.02.29 -
NOD32v2 2912 2008.02.29 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.02.28 -
Prevx1 V2 2008.02.29 -
Rising 20.33.42.00 2008.02.29 -
Sophos 4.27.0 2008.02.29 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.02.29 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.29 -
Webwasher-Gateway 6.6.2 2008.02.29 -
Information additionnelle
File size: 1505 bytes
MD5: da0afdabdc2a8671fc4a5d48632407b7
SHA1: b6d3ef2007eb797ac2f15259bc01ee8c62a740a4
Après avoir fait ceci, tu les vois ?
- Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
- Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK
Répondre à XmichouX
Salut XmichouX,
Effectivement, il sont maintenant visibles (le fichier dpwtdapx.dll existe 2 fois dans system32), voici les rapports:
1 - Fichier dpwtdaxp.dll reçu le 2008.03.01 09:49:54 (CET)
Situation actuelle: terminé
Résultat: 0/32 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 -
Authentium 4.93.8 2008.03.01 -
Avast 4.7.1098.0 2008.03.01 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.03.01 -
CAT-QuickHeal 9.50 2008.02.29 -
ClamAV 0.92.1 2008.03.01 -
DrWeb 4.44.0.09170 2008.02.29 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.02.29 -
FileAdvisor 1 2008.03.01 -
Fortinet 3.14.0.0 2008.03.01 -
F-Prot 4.4.2.54 2008.02.29 -
F-Secure 6.70.13260.0 2008.03.01 -
Ikarus T3.1.1.20 2008.03.01 -
Kaspersky 7.0.0.125 2008.03.01 -
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.03.01 -
NOD32v2 2913 2008.03.01 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.03.01 -
Prevx1 V2 2008.03.01 -
Rising 20.33.42.00 2008.02.29 -
Sophos 4.27.0 2008.03.01 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.01 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.29 -
Webwasher-Gateway 6.6.2 2008.03.01 -
Information additionnelle
File size: 21 bytes
MD5: 5f749f8cbfb9b40d060048daccde9171
SHA1: 28cde3ba062edf92827ca48ccd471a12b6588519
2 - Fichier dpwtpaxp.dll reçu le 2008.03.01 09:58:50 (CET)
Situation actuelle: terminé
Résultat: 0/32 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 -
Authentium 4.93.8 2008.03.01 -
Avast 4.7.1098.0 2008.03.01 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.03.01 -
CAT-QuickHeal 9.50 2008.02.29 -
ClamAV 0.92.1 2008.03.01 -
DrWeb 4.44.0.09170 2008.02.29 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.02.29 -
FileAdvisor 1 2008.03.01 -
Fortinet 3.14.0.0 2008.03.01 -
F-Prot 4.4.2.54 2008.02.29 -
F-Secure 6.70.13260.0 2008.03.01 -
Ikarus T3.1.1.20 2008.03.01 -
Kaspersky 7.0.0.125 2008.03.01 -
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.03.01 -
NOD32v2 2913 2008.03.01 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.03.01 -
Prevx1 V2 2008.03.01 -
Rising 20.33.42.00 2008.02.29 -
Sophos 4.27.0 2008.03.01 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.01 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.29 -
Webwasher-Gateway 6.6.2 2008.03.01 -
Information additionnelle
File size: 14 bytes
MD5: 8d230bca9a133d2569c2d24ba67100d1
SHA1: f213482c89709cba13db1e3809bd83b78cfb5778
3 - Fichier dpwtpdxp.dll reçu le 2008.03.01 10:08:07 (CET)
Situation actuelle: terminé
Résultat: 0/32 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 -
Authentium 4.93.8 2008.03.01 -
Avast 4.7.1098.0 2008.03.01 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.03.01 -
CAT-QuickHeal 9.50 2008.02.29 -
ClamAV 0.92.1 2008.03.01 -
DrWeb 4.44.0.09170 2008.02.29 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.02.29 -
FileAdvisor 1 2008.03.01 -
Fortinet 3.14.0.0 2008.03.01 -
F-Prot 4.4.2.54 2008.02.29 -
F-Secure 6.70.13260.0 2008.03.01 -
Ikarus T3.1.1.20 2008.03.01 -
Kaspersky 7.0.0.125 2008.03.01 -
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.03.01 -
NOD32v2 2913 2008.03.01 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.03.01 -
Prevx1 V2 2008.03.01 -
Rising 20.33.42.00 2008.02.29 -
Sophos 4.27.0 2008.03.01 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.01 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.29 -
Webwasher-Gateway 6.6.2 2008.03.01 -
Information additionnelle
File size: 14 bytes
MD5: d0a46b83444be002b430e58bb2d27619
SHA1: 7f74b039ec2818bee349a51a73474715b0f85df0
Re,
Copie le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Répondre à XmichouX
Salut,
Voici les rapports combofix et hijackthis :
1 - ComboFix 08-02-25.3 - Christophe Besnard 2008-03-02 17:52:09.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.237 [GMT 1:00]
Endroit: C:\Documents and Settings\Christophe Besnard\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Christophe Besnard\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\wintems.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\lvuvc.hs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\nm
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.
2008-02-29 01:51 . 2008-02-29 01:51 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-29 01:51 . 2008-03-02 08:00 <REP> d-------- C:\Documents and Settings\Christophe Besnard\Application Data\AVG7
2008-02-28 02:28 . 2008-03-01 09:28 0 --a------ C:\WINDOWS\system32\drivers\logiflt.iad
2008-02-28 02:21 . 2007-10-12 02:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2008-02-28 02:20 . 2008-02-28 02:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-02-27 06:02 . 2008-02-27 06:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-02-22 10:20 . 2008-02-22 10:20 <REP> d-------- C:\Program Files\ESET
2008-02-22 02:01 . 2008-02-22 09:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-21 05:27 . 2008-02-22 09:49 <REP> d-------- C:\Program Files\Alwil Software
2008-02-15 22:19 . 2008-02-19 01:58 1,505 --a------ C:\WINDOWS\Gcr70fr.INI
2008-02-15 22:19 . 2008-02-15 22:19 51 --a------ C:\WINDOWS\gescap.ini
2008-02-15 22:18 . 2008-02-15 22:18 <REP> d----c--- C:\CIEL
2008-02-15 22:18 . 2005-07-08 14:08 274,432 --------- C:\WINDOWS\system32\CRUN500.DLL
2008-02-15 15:52 . 2008-02-15 15:52 <REP> d-------- C:\Program Files\CapAlpha
2008-02-14 17:05 . 2008-02-29 01:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-14 14:59 . 2008-02-27 16:24 268 --ah-c--- C:\sqmdata19.sqm
2008-02-14 14:59 . 2008-02-27 16:24 244 --ah-c--- C:\sqmnoopt19.sqm
2008-02-13 23:19 . 2008-02-13 23:19 <REP> d-------- C:\Program Files\MicroStar
2008-02-13 14:11 . 2008-02-13 18:52 <REP> d-------- C:\Program Files\PDF Editor Objects 2
2008-02-13 14:11 . 2008-02-13 14:12 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-02-12 23:16 . 2008-02-12 23:22 <REP> d-------- C:\Documents and Settings\Christophe Besnard\Application Data\U3
2008-02-10 20:07 . 2008-02-10 20:07 <REP> d-------- C:\Documents and Settings\Christophe Besnard\Application Data\HPAppData
2008-02-10 20:07 . 2008-02-10 20:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-02-10 20:05 . 2008-02-10 20:05 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-02-10 20:05 . 2008-02-10 20:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-02-10 20:02 . 2008-02-21 06:47 158,922 --a------ C:\WINDOWS\hpoins15.dat
2008-02-10 20:02 . 2007-06-06 00:04 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-02-10 19:45 . 2008-02-10 19:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-04 13:03 . 2008-02-04 13:03 <REP> d----c--- C:\spoolerlogs
2008-02-02 21:37 . 2008-02-27 16:23 244 --ah-c--- C:\sqmnoopt18.sqm
2008-02-02 21:37 . 2008-02-27 16:23 232 --ah-c--- C:\sqmdata18.sqm
2008-02-02 20:21 . 2008-02-02 20:21 <REP> d-------- C:\Documents and Settings\admin\Application Data\Grisoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 02:05 --------- d-----w C:\Program Files\Windows Live
2008-02-29 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-28 01:28 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2008-02-28 01:19 --------- d-----w C:\Program Files\Logitech
2008-02-21 02:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-21 02:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-15 21:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 13:40 --------- d-----w C:\Program Files\eMule
2008-02-13 00:14 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-12 20:12 --------- d-----w C:\Documents and Settings\Christophe Besnard\Application Data\HP
2008-02-12 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-02-10 19:07 --------- d-----w C:\Program Files\HP
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-21 15:49 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-01-16 16:19 --------- d-----w C:\Program Files\EVF
2008-01-04 15:51 --------- d-----w C:\Documents and Settings\Christophe Besnard\Application Data\Media Player Classic
2007-12-12 10:37 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2005-08-18 21:17 21 -csh--w C:\WINDOWS\dpwtddxp.dll
2005-08-18 21:17 14 -csh--w C:\WINDOWS\dpwtpdxp.dll
2005-08-18 21:17 21 -csh--w C:\WINDOWS\system32\dpwtdaxp.dll
2005-08-18 21:17 14 -csh--w C:\WINDOWS\system32\dpwtpaxp.dll
2005-08-18 21:17 12 -csh--w C:\WINDOWS\system32\spwtpaxp.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 12:02 208946]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 20:05 344064]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 14:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-29 01:50 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-05 13:00 15360]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-29 01:50 219136]
C:\Documents and Settings\Christophe Besnard\Menu D‚marrer\Programmes\D‚marrage\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-13 16:03:10 299008]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-15 12:09:18 196608]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-06-29 20:56:06 450560]
WlanUtility.lnk - C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe [2004-08-27 11:07:00 143360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Activer l'ensemble clavier et souris sans fil Labtec.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Activer l'ensemble clavier et souris sans fil Labtec.lnk
backup=C:\WINDOWS\pss\Activer l'ensemble clavier et souris sans fil Labtec.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Background Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Background Monitor.lnk
backup=C:\WINDOWS\pss\EPSON Background Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MioSync.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MioSync.lnk
backup=C:\WINDOWS\pss\MioSync.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ulead Acquire Fast.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ulead Acquire Fast.lnk
backup=C:\WINDOWS\pss\Ulead Acquire Fast.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2007-12-21 08:21 1443072 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-03-24 11:41 1294446 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 10:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-14 13:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 00:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-12-01 14:54 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MicroStar\\WLANUtility\\APUtility.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\palmOne\\HOTSYNC.EXE"=
"C:\\Program Files\\MicroStar\\WLANUtility\\WlanUtility.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 12:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 14:29]
R2 NkPtpEnumP2;NkPtpEnumP2;"C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a []
R3 m2571usb;802.11g Wireless-Network Driver;C:\WINDOWS\system32\DRIVERS\m2571usb.sys [2004-08-13 16:38]
R3 VBus;Virtual Bus;C:\WINDOWS\system32\DRIVERS\NkVBus.sys [2006-05-11 12:06]
S0 SMPLSCSI;SMPLSCSI;C:\WINDOWS\system32\drivers\SMPLSCSI.SYS [1998-04-02 09:43]
S2 ONSIO;ONSIO;C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS []
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2003-10-14 12:31]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 17:44]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys []
S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys []
S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys []
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys []
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys []
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 13:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-02 16:51:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 17:55:57
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 17:57:14
ComboFix-quarantined-files.txt 2008-03-02 16:56:52
.
2008-02-29 02:09:35 --- E O F ---
2 - Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:54, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://delphinetranchant.spaces.li [...] nPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O18 - Protocol: bw+0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {251DCACD-9FD2-4015-A8C5-4A1964B13CB9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
--
End of file - 20908 bytes
Bien, c'est mieux ??
Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
|
Puis Fix Checked !
******
Désisntalle avg..
Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.
Télécharge et installe Antivir. (tuto)
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
Répondre à XmichouX
Tout a été fait comme indiqué, voici le rapport antivir :
AntiVir PersonalEdition Classic
Report file date: dimanche 2 mars 2008 20:46
Scanning for 1130387 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Christophe Besnard
Computer name: CHRISTOP-4MQMKJ
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:45:11
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 19:45:11
ANTIVIR3.VDF : 7.0.2.216 135168 Bytes 02/03/2008 19:45:11
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 02/03/2008 19:45:12
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 02/03/2008 19:45:13
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 2 mars 2008 20:46
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
Scan process 'WLAN_Service.exe' - '1' Module(s) have been scanned
Scan process 'WlanUtility.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NkPtpEnum.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'eEBSvc.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '40' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\' <Disque local>
Begin scan in 'H:\' <HDD Externe>
H:\80 Go Master\Documents and Settings\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe
[WARNING] The file could not be opened!
End of the scan: dimanche 2 mars 2008 22:15
Used time: 1:28:28 min
The scan has been done completely.
8750 Scanning directories
372549 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
372549 Files not concerned
3818 Archives were scanned
10 Warnings
3 Notes
Je pensais installer nod32 (un peu cher, mais paraît-il très efficace et au fonctionnement light), on m'a également conseillé panda antivirus (bcp moins coûteux, light également).
Qu'en penses-tu?
Nod32 est très bien, mais tu peux garder antivir si tu ne veux pas jeter de l'argent par les fenêtres 
Reposte un HijackThis.
Répondre à XmichouX
nouveau hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:20, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Poker\Poker.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\HIJACKTHIS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://delphinetranchant.spaces.li [...] nPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
--
End of file - 7874 bytes
Re,
Toujours des problèmes ?
Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
Répondre à XmichouX
Salut XmichouX,
Au niveau des pbs, ça s'est sérieusement calmé.
Clean a généré un fichier C:\upload_moi.zip, mais impossible de l'envoyer à malekal, il est considéré comme invalide.
04/03/2008 a 1:13:33,17
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
Re,
Plus de problèmes ?
Répondre à XmichouX
Non, à priori, tout est réglé et fonctionne à nouveau normalement.
Je ne sais pas comment on affiche "résolu", mais tu peux l'indiquer sans pb...
Merci mille fois de ton aide précieuse.
A+
Re,
Tu édites ton premier message et modifies le titre
Télécharge ToolsCleaner2( de A.Rothstein)
Installe le sur ton Bureau
Clique sur [Recherche] pour lancer le scan
Clique sur [Supprimer] pour nettoyer les outils utilisés
Clique sur [Quitter],
Poste ce rapport ~>C:\TCleaner.txt<~
Garde ccleaner, avg et antivir si nous les avons installé..
Désactive-réactive la restauration système
Rapporte ton infection sur Malware Complaints >Tuto<
Ton(tes) infection(s) : Bagle
Puis regarde ces dossiers :
Sécurité/Prévention
Conséquences de la multi-protection
*****
bonne soirée
Répondre à XmichouX
Salut,
Ci-dessous rapport toolscleaner :
-->- Recherche:
C:\Qoobox: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\Combofix: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\HijackThis: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\tar.exe: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\remove.reg: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\pskill.exe: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\LFiles.exe: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\gzip.exe: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\delsiri.cmd: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\delr.cmd: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\del3.cmd: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\del2.cmd: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\clean.cmd: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\cherche.cmd: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\COMBOFIX\ComboFix.exe: trouvé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\HIJACKTHIS\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\tar.exe: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\remove.reg: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\pskill.exe: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\LFiles.exe: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\gzip.exe: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\delsiri.cmd: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\delr.cmd: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\del3.cmd: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\del2.cmd: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\clean.cmd: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\CCLEAN\cherche.cmd: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\COMBOFIX\ComboFix.exe: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\HIJACKTHIS\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\Combofix: supprimé !
C:\Documents and Settings\Christophe Besnard\Bureau\Protection\HijackThis: supprimé !
Ccleaner a été supprimé, dois-je le réinstaller?
Et de quel avg parles-tu? antivirus ou antispyware?
Toolscleaner a laissé antivir, qui reste actif en bas à droite.
A+
Clean a été supprimé pas Ccleaner
J'ai mis un si, donc ne t'en soucie pas si nous n'avons pas utilisé
A+
Répondre à XmichouX
Il y a 2601 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
