Rapport Hijackthis [Résolu]

Bonjour,

Bien infecté  

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

Salut Angeldark

Merci pour ta réponse, j'ai suivie à la lettre tes recommandation et tu trouveras ci-dessous la copie du rapport MalwareByte...

Kenavo

Taz



Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1319
Windows 5.1.2600 Service Pack 3

25/10/2008 19:03:09
mbam-log-2008-10-25 (19-03-09).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 133562
Temps écoulé: 2 hour(s), 16 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 14
Fichier(s) infecté(s): 48

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{28caeff3-0f18-4036-b504-51d73bd81abc} (Adware.MediaAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{825cf5bd-8862-4430-b771-0c15c5ca8def} (Adware.MediaAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{28caeff3-0f18-4036-b504-51d73bd81abc} (Adware.MediaAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28caeff3-0f18-4036-b504-51d73bd81abc} (Adware.MediaAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\untopr5 (Adware.WebRebates) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSN (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Printer (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Web__Rebates (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Web__Rebates\toprd (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\images (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\topra (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprh (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprs (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\categories (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emmanuel & Elodie\Application Data\Web__Rebates (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emmanuel & Elodie\Application Data\Web__Rebates\toprd (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emmanuel & Elodie\Application Data\Web__Rebates\toprt (Adware.WebRebates) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Web__Rebates\toprd\v468a12681c49.dat (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Web__Rebates\toprd\y468a12857871.dat (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Web__Rebates\toprd\z46a5b41766e5.dat (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\README.txt (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\images\topr_blnk.gif (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\images\topr_c_envelope.gif (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\images\topr_c_footer.gif (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\images\topr_c_hdr_autotrack_remove.gif (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\images\topr_c_hdr_settings.gif (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\images\topr_c_hdr_settings_toprebates.gif (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\images\topr_c_pop_circles.gif (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\images\topr_c_pop_circles_bg2.gif (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\images\topr_c_warning.gif (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\topra\to1155.dat (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\topra\topr5.dat (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprh\toprC5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprh\toprP5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprh\toprR5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprh\toprRPMF5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprh\toprRPMP5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprh\toprRPMS5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprh\toprUPMF5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprh\toprUPMP5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprh\toprUPMS5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprh\toprXPMP5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprh\toprXPMS5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprs\toprl.dat (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprs\toprp.dat (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Program Files\Web__Rebates\toprs\toprs.dat (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\adult.tbr (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\default.tbr (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\search.mnu (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\categories\drugs.mnu (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\categories\fav.mnu (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\casino-ico.bmp (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\casino.bmp (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\dating-ico.bmp (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\dating.bmp (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\drugs-ico.bmp (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\drugs.bmp (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\fav-ico.bmp (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\fav.bmp (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\virus.bmp (Adware.EliteToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emmanuel & Elodie\Application Data\Web__Rebates\toprd\e47fd1e223b62.dat (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emmanuel & Elodie\Application Data\Web__Rebates\toprd\m46a5b479655.dat (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emmanuel & Elodie\Application Data\Web__Rebates\toprt\toprC5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emmanuel & Elodie\Application Data\Web__Rebates\toprt\toprRPMF5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emmanuel & Elodie\Application Data\Web__Rebates\toprt\toprUPMF5.htm (Adware.WebRebates) -> Quarantined and deleted successfully.

Reposte un rapport Hijackthis.

Salut

Ci-dessous le rapport Hijackthis que je viens de lancer

Kenavo et Merci  

Taz



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:03:18, on 26/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emmanuel & Elodie\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer Provided by Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [OEM Tools 32] tres32.exe
O4 - HKLM\..\Run: [Microsoft media services] winmplayer.exe
O4 - HKLM\..\Run: [wvsvc] wvsvc.exe
O4 - HKLM\..\Run: [Windows Registry Scan] timeupdate.exe
O4 - HKLM\..\Run: [gujmkdqarzrn] C:\WINDOWS\System32\xubbzk.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [Windows SYSTEM32] Realplayer.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\Run: [Microsoft Service Manager] scvhost.exe
O4 - HKLM\..\Run: [netservices] recall.exe
O4 - HKLM\..\Run: [F62BE501] C:\WINDOWS\System32\kggfcikjca.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\Run: [Realplayer One] realplay.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\wincxz32.exe
O4 - HKLM\..\Run: [2Xldw8.exe] C:\documents and settings\elodie a mas\local settings\temp\2Xldw8.exe
O4 - HKLM\..\Run: [2Xldw8] C:\documents and settings\elodie a mas\local settings\temp\2Xldw8.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [toprm] "C:\Program Files\Web__Rebates\webrebatesv.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\RunServices: [OEM Tools 32] tres32.exe
O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKLM\..\RunServices: [Windows Registry Scan] timeupdate.exe
O4 - HKLM\..\RunServices: [Windows SYSTEM32] Realplayer.exe
O4 - HKLM\..\RunServices: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Service Manager] scvhost.exe
O4 - HKLM\..\RunServices: [netservices] recall.exe
O4 - HKLM\..\RunServices: [8575BD17] C:\WINDOWS\System32\kggfcikjca.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunServices: [Realplayer One] realplay.exe
O4 - HKCU\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\Run: [netservices] recall.exe
O4 - HKCU\..\Run: [Win Updator Services] ctfnom.exe
O4 - HKCU\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\Run: [OEM Tools 32] tres32.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunServices: [MSN] msnmesengers.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Win32 System Spool] spoolsvc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [netservices] recall.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2 Driver] wind32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Win32 System Spool] spoolsvc.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Win32 System Spool] spoolsvc.exe (User 'Default user')
O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.wella.de/consumer/salon_products/kp/farbbera...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\NJEEVES.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Win32 System Spool - Unknown owner - C:\WINDOWS\System32\spoolsvc.exe (file missing)

--
End of file - 14440 bytes

Re,

Tu as combien d'antivirus ?

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

Salut

J'ai lancé le prog...
Par contre je n'ai pas installé la console de récupération car mon PC n'était pas connecté au Net

Merci @+

Taz


ComboFix 08-10-27.01 - Emmanuel & Elodie 2008-10-28 0:01:01.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.123 [GMT 1:00]
* Un nouveau point de restauration a été créé
* Resident AV is active


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
Error: Cfolders.dat

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDIS_TCP_LAYER_TRANSPORT_DEVICE
-------\Legacy_WIN32_SYSTEM_SPOOL
-------\Legacy_WIN32_USB2_DRIVER
-------\Service_Win32 System Spool


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-27 au 2008-10-27 ))))))))))))))))))))))))))))))))))))
.

2008-10-26 01:16 . 2008-10-26 01:17 <REP> d-------- C:\Documents and Settings\Emmanuel & Elodie\Application Data\vlc
2008-10-26 01:16 . 2008-10-27 03:04 <REP> d-------- C:\Documents and Settings\Emmanuel & Elodie\Application Data\dvdcss
2008-10-26 01:14 . 2008-10-26 01:14 <REP> d-------- C:\Program Files\VideoLAN
2008-10-25 15:37 . 2008-10-25 15:37 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 15:37 . 2008-10-25 15:37 <REP> d-------- C:\Documents and Settings\Emmanuel & Elodie\Application Data\Malwarebytes
2008-10-25 15:37 . 2008-10-25 15:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 15:37 . 2008-10-22 15:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-25 15:37 . 2008-10-22 15:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-25 04:34 . 2008-10-25 04:34 <REP> d-------- C:\Program Files\7-Zip
2008-10-25 02:05 . 2008-10-25 02:13 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-25 02:04 . 2008-10-25 02:04 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-25 01:30 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-25 01:29 . 2008-08-14 14:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-25 01:29 . 2008-08-14 14:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-25 01:29 . 2008-09-15 16:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-25 01:28 . 2008-08-14 14:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-25 01:28 . 2008-08-14 14:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-25 01:28 . 2008-10-15 17:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-24 23:38 . 2008-10-24 23:38 <REP> d-------- C:\WINDOWS\system32\fr
2008-10-24 23:38 . 2008-10-24 23:38 <REP> d-------- C:\WINDOWS\l2schemas
2008-10-24 19:07 . 2008-04-14 03:33 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-10-24 19:06 . 2008-04-14 03:33 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-10-24 19:06 . 2008-04-14 03:33 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-24 19:06 . 2008-04-14 03:33 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-10-24 19:06 . 2008-04-14 03:33 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-10-24 19:06 . 2008-04-14 03:33 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-10-24 19:05 . 2008-04-14 03:33 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-24 19:05 . 2008-04-14 03:33 293,376 --------- C:\WINDOWS\system32\qagentrt.dll
2008-10-24 19:05 . 2008-04-14 03:33 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-10-24 19:05 . 2008-04-14 03:33 151,040 --------- C:\WINDOWS\system32\qagent.dll
2008-10-24 19:05 . 2008-04-14 03:33 144,896 --------- C:\WINDOWS\system32\onex.dll
2008-10-24 19:05 . 2008-04-14 03:33 76,800 --------- C:\WINDOWS\system32\qutil.dll
2008-10-24 19:05 . 2008-04-14 03:33 62,464 --------- C:\WINDOWS\system32\qcliprov.dll
2008-10-24 19:05 . 2008-04-14 03:33 61,952 --------- C:\WINDOWS\system32\rasqec.dll
2008-10-24 19:05 . 2008-04-14 03:34 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-10-24 19:05 . 2008-04-13 19:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-10-24 19:03 . 2008-04-14 03:33 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-10-24 19:03 . 2008-04-14 03:33 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-10-24 19:03 . 2008-04-14 03:31 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-10-24 19:03 . 2008-04-14 03:31 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-10-24 19:03 . 2008-04-14 03:31 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-10-24 19:03 . 2008-04-14 03:31 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-10-24 19:03 . 2008-04-14 03:10 2,524 --------- C:\WINDOWS\system32\pid.inf
2008-10-24 19:01 . 2008-04-14 03:33 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-10-24 19:01 . 2008-04-14 03:33 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-10-24 19:01 . 2008-04-14 03:33 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-10-24 17:00 . 2007-07-19 01:39 490,776 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2008-10-24 17:00 . 2007-07-19 01:43 490,008 -ra------ C:\WINDOWS\system32\LVUI2.dll
2008-10-24 17:00 . 2007-07-19 01:44 465,432 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2008-10-24 17:00 . 2007-07-19 01:40 416,280 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2008-10-24 17:00 . 2007-07-19 01:40 195,096 -ra------ C:\WINDOWS\system32\lvci1110.dll
2008-10-24 17:00 . 2007-07-19 00:54 58,163 -ra------ C:\WINDOWS\system32\lvcoinst.ini
2008-10-24 17:00 . 2007-07-19 01:44 41,752 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-10-24 17:00 . 2007-07-19 00:55 19,344 -ra------ C:\WINDOWS\system32\Repository.reg
2008-10-24 16:54 . 2008-10-25 02:15 <REP> d-------- C:\Program Files\Logitech
2008-10-24 16:54 . 2008-10-24 17:00 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-10-24 16:54 . 2008-10-24 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-24 16:53 . 2008-10-24 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-10-21 19:33 . 2008-10-24 16:23 <REP> d-------- C:\Program Files\ATT
2008-10-21 17:39 . 2008-10-21 17:39 <REP> d-------- C:\Program Files\Yahoo!
2008-10-21 17:39 . 2004-04-13 18:20 929,792 -ra------ C:\WINDOWS\system32\PRISME5.dll
2008-10-21 17:37 . 2008-10-21 23:27 <REP> d-------- C:\Program Files\2Wire
2008-10-19 18:52 . 2004-08-19 23:09 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-10-19 18:52 . 2008-04-13 19:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-19 18:52 . 2001-08-23 16:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 22:37 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-27 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 22:33 --------- d-----w C:\Documents and Settings\Emmanuel & Elodie\Application Data\Skype
2008-10-27 22:32 --------- d-----w C:\Program Files\eMule
2008-10-27 17:12 --------- d-----w C:\Documents and Settings\Emmanuel & Elodie\Application Data\skypePM
2008-10-26 10:52 44,912 ----a-w C:\Documents and Settings\Emmanuel & Elodie\Application Data\wklnhst.dat
2008-10-26 01:49 --------- d-----w C:\Documents and Settings\Emmanuel & Elodie\Application Data\Winamp
2008-10-25 01:08 --------- d-----w C:\Program Files\Free Audio Pack
2008-10-25 01:08 --------- d-----w C:\Documents and Settings\Emmanuel & Elodie\Application Data\Audacity
2008-10-25 01:07 --------- d-----w C:\Program Files\Dvd-to-avi
2008-10-25 01:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-24 23:15 --------- d-----w C:\Program Files\LIVEUPDATE
2008-10-24 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-11 19:37 --------- d-----w C:\Program Files\RamCal
2008-09-11 19:18 --------- d-----w C:\Program Files\Skype
2008-09-11 19:18 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-09-11 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-03 10:29 127,176 ----a-w C:\Documents and Settings\Emmanuel & Elodie\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-11-25 1232946]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2003-10-31 1074176]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
"TopSearch"="C:\Program Files\TopSearch\TopSearch.exe" [2005-12-19 307200]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

C:\Documents and Settings\Emmanuel & Elodie\Menu D‚marrer\Programmes\D‚marrage\
2WireSetup.lnk - C:\Program Files\2Wire\WebWorks.exe [2008-10-21 626688]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4473:TCP"= 4473:TCP:e
"7344:UDP"= 7344:UDP:f

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2008-09-19 303104]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [ ]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [ ]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [ ]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [ ]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2003-07-24 17149]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-09-19 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-09-19 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
S3 pohci13F;pohci13F;C:\DOCUME~1\EMMANU~2\LOCALS~1\Temp\pohci13F.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a097835-1176-11d9-8454-00030d0ab8fa}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72cb5810-5a44-11dd-87f7-0011508fabbc}]
\Shell\AutoRun\command - F:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db2fd1d2-773f-11dd-882e-d3b109e51dc5}]
\Shell\AutoRun\command - WDSetup.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-WOOKIT - C:\PROGRA~1\Wanadoo\GestMaj.exe
HKCU-Run-Win32 System Spool - spoolsvc.exe
HKCU-Run-Win32 USB2 Driver - wind32.exe
HKCU-Run-netservices - recall.exe
HKCU-Run-Win Updator Services - ctfnom.exe
HKCU-Run-wvsvc - wvsvc.exe
HKCU-Run-OEM Tools 32 - tres32.exe
HKCU-RunServices-MSN - msnmesengers.exe
HKLM-Run-gujmkdqarzrn - C:\WINDOWS\System32\xubbzk.exe
HKLM-Run-conscorr - C:\WINDOWS\conscorr.exe
HKLM-Run-DSLSTATEXE - C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
HKLM-Run-DSLAGENTEXE - C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
HKLM-Run-F62BE501 - C:\WINDOWS\System32\kggfcikjca.exe
HKLM-Run-Sys29 - C:\windows\system32\wincxz32.exe
HKLM-Run-2Xldw8.exe - C:\documents and settings\elodie a mas\local settings\temp\2Xldw8.exe
HKLM-Run-2Xldw8 - C:\documents and settings\elodie a mas\local settings\temp\2Xldw8.exe
HKLM-Run-MPFTray - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
HKLM-Run-toprm - C:\Program Files\Web__Rebates\webrebatesv.exe
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
HKLM-Run-TkBellExe - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
HKLM-Run-PRISMSVR.EXE - C:\WINDOWS\system32\PRISMSVR.EXE
HKLM-Run-OEM Tools 32 - tres32.exe
HKLM-Run-Microsoft media services - winmplayer.exe
HKLM-Run-wvsvc - wvsvc.exe
HKLM-Run-Windows Registry Scan - timeupdate.exe
HKLM-Run-Win32 System Spool - spoolsvc.exe
HKLM-Run-netservices - recall.exe
HKLM-Run-Win32 USB2 Driver - wind32.exe
HKLM-Run-Realplayer One - realplay.exe
HKLM-Run-MISAggregator - (no file)
HKLM-Run-pdfSaver3 - (no file)
HKLM-RunServices-8575BD17 - C:\WINDOWS\System32\kggfcikjca.exe
HKLM-RunServices-OEM Tools 32 - tres32.exe
HKLM-RunServices-Microsoft media services - winmplayer.exe
HKLM-RunServices-wvsvc - wvsvc.exe
HKLM-RunServices-Windows Registry Scan - timeupdate.exe
HKLM-RunServices-Win32 System Spool - spoolsvc.exe
HKLM-RunServices-Microsoft Service Manager - scvhost.exe
HKLM-RunServices-netservices - recall.exe
HKLM-RunServices-Win32 USB2 Driver - wind32.exe
HKLM-RunServices-Realplayer One - realplay.exe
HKU-Default-Run-OEM Tools 32 - tres32.exe
HKU-Default-Run-wvsvc - wvsvc.exe
HKU-Default-Run-Win32 System Spool - spoolsvc.exe
HKU-Default-Run-netservices - recall.exe
HKU-Default-Run-Win32 USB2 Driver - wind32.exe
HKU-Default-RunOnce-Win32 System Spool - spoolsvc.exe
HKU-Default-RunOnce-netservices - recall.exe
HKU-Default-RunOnce-Win32 USB2 Driver - wind32.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Emmanuel & Elodie\Application Data\Mozilla\Firefox\Profiles\bx8ix450.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr fficial
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 00:08:57
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-10-28 0:21:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-27 23:21:20

Avant-CF: 10,419,757,056 octets libres
Après-CF: 10,379,530,240 octets libres

272 --- E O F --- 2008-10-25 18:38:03

Reposte un rapport Hijackthis.

Salut

Rapport Hijackthis


Tcho

Taz



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:30, on 28/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emmanuel & Elodie\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.wella.de/consumer/salon_products/kp/farbbera...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\NJEEVES.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 9714 bytes

Tu as combien d'antivirus ?

Bonjour

En ce qui concerne les antivirus...
J'ai Avast, qui ne se lance plus au démarrage depuis que j'ai utilisé ComboFix. Sinon il y a McAfee...
Les 2 programmes tournent ensemble et n'ont jamais été en conflit.

J'ai désinstallé Spyboot Search and Destroy. Oui désolé j'aurais du le préciser peut-être...

Kenavo

Taz

Vire les deux et mets AntiVir  

ok merci

Je m'occupe de ça des que je rentre du taf, et je lance un scan...
Est-ce qu'il te faut un quelconque rapport??

Merci

Taz

Tu peux faire un scan complet oui.

Bonjour

J'ai lancé le scan AntiVir, il m'a trouvé quelques "fichiers indésirables".
Ci-dessous le compte-rendu.

Mon PC rame beaucoup moins et maintenant le démarrage se fait tout de même beaucoup plus rapidement.

Merci

Kenavo

Taz



Avira AntiVir Personal
Report file date: mercredi 29 octobre 2008 01:25

Scanning for 996425 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: EMMANUELODIE

Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 00:23:43
ANTIVIR1.VDF : 7.1.0.1 2048 Bytes 27/10/2008 00:23:44
ANTIVIR2.VDF : 7.1.0.2 2048 Bytes 27/10/2008 00:23:44
ANTIVIR3.VDF : 7.1.0.8 60928 Bytes 28/10/2008 00:23:46
Engineversion : 8.2.0.10
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 29/10/2008 00:24:15
AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 11:05:56
AERDL.DLL : 8.1.1.2 438644 Bytes 12/09/2008 07:06:02
AEPACK.DLL : 8.1.2.4 369014 Bytes 14/10/2008 11:05:56
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 29/10/2008 00:24:12
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 29/10/2008 00:24:09
AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 11:05:56
AEGEN.DLL : 8.1.0.42 319861 Bytes 29/10/2008 00:23:58
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.2.9 172407 Bytes 29/10/2008 00:23:54
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 29/10/2008 00:23:47
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 29 octobre 2008 01:25

The scan of running processes will be started
Scan process 'avwsc.exe' - '0' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'WkUFind.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIAIE.EXE' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'McTskshd.exe' - '1' Module(s) have been scanned
Scan process 'Mcdetect.exe' - '1' Module(s) have been scanned
Scan process 'McciCMService.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '87' files ).


Starting the file scan:

Begin scan in 'C:\' <SYSTEM>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4968aea0.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4968aea4.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4HML0NE7\silent_install[1].exe
[DETECTION] Is the TR/Dldr.SilentDB Trojan
[NOTE] The file was moved to '4973bd4f.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4HML0NE7\silent_install[2].exe
[DETECTION] Is the TR/Dldr.SilentDB Trojan
[NOTE] The file was moved to '4973bd55.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4HML0NE7\silent_install[3].exe
[DETECTION] Is the TR/Dldr.SilentDB Trojan
[NOTE] The file was moved to '4973bd58.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\85A7UDEF\silent_install[1].exe
[DETECTION] Is the TR/Dldr.SilentDB Trojan
[NOTE] The file was moved to '4973bd5b.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SJ874HA9\silent_install[1].exe
[DETECTION] Is the TR/Dldr.SilentDB Trojan
[NOTE] The file was moved to '4973bd5d.qua'!


End of the scan: mercredi 29 octobre 2008 02:33
Used time: 1:07:28 Hour(s)

The scan has been done completely.

6849 Scanning directories
376434 Files were scanned
5 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
376425 Files not concerned
1425 Archives were scanned
2 Warnings
7 Notes

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:03, on 29/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emmanuel & Elodie\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.wella.de/consumer/salon_products/kp/farbbera...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\NJEEVES.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8617 bytes

D'autres soucis ?

Bonjour

Le PC s'allume beaucoup plus vite...et rame bcp moins
donc d'un point de vue Virus...plus de soucis

Merci bcp
Je clos le topic

Kenavo

Taz

Bon surf.