185 utilisateurs connectés
win32:rootkit-gen (RtK)
MissCoconut
le 30 octobre 2009 à 16h58
Bonjour!
Je fais appel à vous car je suis infectée par win32:rootkit-gen (RtK)
Je sais que je dois downlaoder ComboFix et suivre le tutoriel.
Mais j'ai besoin d'aide pour regarder mes rapports.
Quelqu'un pourrait m'aider?
Merci d'avance,
MissCoconut
Je fais appel à vous car je suis infectée par win32:rootkit-gen (RtK)
Je sais que je dois downlaoder ComboFix et suivre le tutoriel.
Mais j'ai besoin d'aide pour regarder mes rapports.
Quelqu'un pourrait m'aider?
Merci d'avance,
MissCoconut
répondre
rubised
le 30 octobre 2009 à 18h29
télécharge Genproc sur ton bureau suis bien le tuto et poste moi son rapport stp
Genproc ici
http://bibou0007.com/outils-specifiques-f78/tutorial-genproc-t967.htm
MissCoconut
le 30 octobre 2009 à 18h40
Un gros merci pour ton aide!!! 
J'ai déjà téléchargé ComboFix
http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Est-ce qu'on peut fonctionner avec celui-ci?
J'ai déjà téléchargé ComboFix
http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Est-ce qu'on peut fonctionner avec celui-ci?
MissCoconut
le 30 octobre 2009 à 22h42
En fait j'ai un rapport de ComboFix..
Est-ce que je peux le poster pour que quelqu'un m'aide svp?
J'ai vraiment tout tenté pour que ce Rootkit disparaisse mais je ne sais plus quoi faire pour m'en débarasser
Merci beaucoup,
MissCoconut
Est-ce que je peux le poster pour que quelqu'un m'aide svp?
J'ai vraiment tout tenté pour que ce Rootkit disparaisse mais je ne sais plus quoi faire pour m'en débarasser
Merci beaucoup,
MissCoconut
rubised
le 30 octobre 2009 à 22h49
oui tu peut mais poste moi aussi Genproc stp
MissCoconut
le 30 octobre 2009 à 23h12
Oh! Merci merci merci!!!!
ComboFix 09-10-28.08 - Edith Filion 2009-10-30 15:51.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.511.270 [GMT -4:00]
Lancé depuis: c:\documents and settings\Edith Filion\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\EDITHF~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Edith Filion\Local Settings\Temp\IadHide5.dll
c:\program files\INSTALL.LOG
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-28 au 2009-10-30 ))))))))))))))))))))))))))))))))))))
.
2009-10-29 23:49 . 2009-10-29 23:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-29 23:30 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 23:29 . 2009-10-29 23:29 -------- d-----w- c:\program files\Windows Defender
2009-10-29 22:56 . 2009-10-29 22:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-29 22:50 . 2009-10-29 22:50 -------- d-sh--w- c:\documents and settings\Edith Filion\IECompatCache
2009-10-29 22:49 . 2009-10-29 22:49 -------- d-sh--w- c:\documents and settings\Edith Filion\PrivacIE
2009-10-29 22:42 . 2009-10-29 22:42 -------- d-sh--w- c:\documents and settings\Edith Filion\IETldCache
2009-10-29 22:33 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-29 22:32 . 2009-10-30 13:47 -------- d-----w- c:\windows\ie8updates
2009-10-29 22:30 . 2009-08-29 07:56 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-29 22:30 . 2009-08-29 07:56 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-29 22:25 . 2009-10-29 22:30 -------- dc-h--w- c:\windows\ie8
2009-10-29 16:52 . 2009-10-29 16:52 -------- d-----w- c:\documents and settings\Edith Filion\Application Data\Malwarebytes
2009-10-29 16:52 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 16:52 . 2009-10-29 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-29 16:52 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 16:52 . 2009-10-29 16:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 21:09 . 2009-09-30 21:09 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-30 21:09 . 2009-09-30 21:09 -------- d-----w- c:\program files\MSBuild
2009-09-30 21:09 . 2009-09-30 21:09 -------- d-----w- c:\program files\Reference Assemblies
2009-09-30 21:08 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-30 21:08 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-30 21:08 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-30 21:08 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-30 21:08 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-30 21:08 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-30 21:08 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-30 21:08 . 2009-09-30 21:08 -------- d-----w- C:\19597db892af85d83d6e
2009-09-30 21:01 . 2009-09-30 21:01 -------- d-----w- c:\program files\MSXML 6.0
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 20:11 . 2008-11-14 22:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 19:30 . 2006-11-25 19:41 -------- d-----w- c:\documents and settings\Edith Filion\Application Data\Lavasoft
2009-10-30 00:08 . 2007-03-06 17:51 -------- d-----w- c:\documents and settings\Edith Filion\Application Data\OpenOffice.org2
2009-10-30 00:08 . 2008-09-23 17:10 -------- d--h--w- c:\program files\Ksejoewiggf
2009-10-16 21:41 . 2002-08-30 12:00 81974 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-16 21:41 . 2002-08-30 12:00 503988 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-01 18:18 . 2008-11-29 03:40 -------- d-----w- c:\documents and settings\Edith Filion\Application Data\Canon
2009-10-01 05:41 . 2006-04-04 22:53 85296 ----a-w- c:\documents and settings\Edith Filion\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-29 21:31 . 2009-09-28 22:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-28 22:30 . 2009-09-28 22:18 -------- d-----w- c:\program files\Microsoft
2009-09-28 22:30 . 2009-09-28 22:30 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-28 22:29 . 2009-09-28 22:17 -------- d-----w- c:\program files\Windows Live
2009-09-28 22:22 . 2007-09-13 22:55 -------- d-----w- c:\program files\Windows Live Toolbar
2009-09-28 22:22 . 2009-09-28 22:22 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-28 22:20 . 2009-09-28 22:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-28 22:18 . 2009-09-28 22:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-28 22:10 . 2009-09-28 22:10 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-11 14:34 . 2002-08-30 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:46 . 2002-08-30 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 22:44 . 2009-09-01 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-01 22:44 . 2009-09-01 22:43 -------- d-----w- c:\program files\iTunes
2009-09-01 22:43 . 2009-09-01 22:43 -------- d-----w- c:\program files\iPod
2009-09-01 22:43 . 2009-09-01 22:37 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-09-01 22:42 . 2009-09-01 22:42 -------- d-----w- c:\program files\Bonjour
2009-09-01 22:41 . 2006-02-19 00:52 -------- d-----w- c:\program files\QuickTime
2009-09-01 22:41 . 2006-02-19 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-01 22:38 . 2009-09-01 22:38 -------- d-----w- c:\program files\Apple Software Update
2009-09-01 22:37 . 2009-09-01 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-29 07:56 . 2005-06-18 05:26 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:15 . 2002-08-30 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-24 22:07 . 2006-12-15 21:35 825 ----a-w- c:\windows\eReg.dat
2009-08-06 23:24 . 2005-11-06 00:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2005-05-26 09:19 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-11-06 00:02 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-11-06 00:02 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-11-05 20:15 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2002-08-30 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-11-06 00:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2006-12-14 02:12 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-11-05 20:15 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 02:48 . 2009-09-28 22:29 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-05 09:06 . 2002-08-30 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:05 . 2002-08-29 11:42 2059776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 17:05 . 2002-08-30 12:00 2182400 ----a-w- c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 18:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-14 32768]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"WeatherEye"="c:\program files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-01-16 4519832]
"retup"="c:\program files\Ksejoewiggf\wweqv.exe" [2006-02-04 2184113]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-11 7286784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-11 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-25 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Motive SmartBridge"="c:\progra~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-10-22 393216]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-24 57344]
"retup"="c:\program files\ksejoewiggf\wweqv.exe" [2006-02-04 2184113]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-10-11 1519616]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\David B‚langer\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
c:\documents and settings\Edith Filion\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Assistant Internet.lnk - c:\program files\NetAssistant\bin\matcli.exe [2007-1-15 217088]
Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2006-8-13 73728]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-8-14 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-14 688128]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-3-15 122880]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\Age3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\davidbelanger\\half-life 2\\hl2.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-09-28 54752]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contenu du dossier 'Tâches planifiées'
2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-10-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 01:45]
2009-10-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-10-30 c:\windows\Tasks\User_Feed_Synchronization-{4B3F9B44-807F-45D4-960F-E2702F964F25}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-StandardInstall - (no file)
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 16:10
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\system32\msvunrerp.dll 147456 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ •€|ù•9~ *]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3072)
c:\progra~1\NETASS~1\SMARTB~1\SBHook.dll
c:\docume~1\EDITHF~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\msvunrerp.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
c:\program files\OpenOffice.org 2.1\program\soffice.exe
c:\program files\OpenOffice.org 2.1\program\soffice.BIN
c:\program files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2009-10-30 16:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-30 20:19
Avant-CF: 23 003 938 816 octets libres
Après-CF: 25 507 344 384 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
- - End Of File - - 995870366A2A5AC0DAA52D4E8A15D5F9
ComboFix 09-10-28.08 - Edith Filion 2009-10-30 15:51.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.511.270 [GMT -4:00]
Lancé depuis: c:\documents and settings\Edith Filion\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\EDITHF~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Edith Filion\Local Settings\Temp\IadHide5.dll
c:\program files\INSTALL.LOG
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-28 au 2009-10-30 ))))))))))))))))))))))))))))))))))))
.
2009-10-29 23:49 . 2009-10-29 23:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-29 23:30 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 23:29 . 2009-10-29 23:29 -------- d-----w- c:\program files\Windows Defender
2009-10-29 22:56 . 2009-10-29 22:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-29 22:50 . 2009-10-29 22:50 -------- d-sh--w- c:\documents and settings\Edith Filion\IECompatCache
2009-10-29 22:49 . 2009-10-29 22:49 -------- d-sh--w- c:\documents and settings\Edith Filion\PrivacIE
2009-10-29 22:42 . 2009-10-29 22:42 -------- d-sh--w- c:\documents and settings\Edith Filion\IETldCache
2009-10-29 22:33 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-29 22:32 . 2009-10-30 13:47 -------- d-----w- c:\windows\ie8updates
2009-10-29 22:30 . 2009-08-29 07:56 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-29 22:30 . 2009-08-29 07:56 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-29 22:25 . 2009-10-29 22:30 -------- dc-h--w- c:\windows\ie8
2009-10-29 16:52 . 2009-10-29 16:52 -------- d-----w- c:\documents and settings\Edith Filion\Application Data\Malwarebytes
2009-10-29 16:52 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 16:52 . 2009-10-29 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-29 16:52 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 16:52 . 2009-10-29 16:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 21:09 . 2009-09-30 21:09 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-30 21:09 . 2009-09-30 21:09 -------- d-----w- c:\program files\MSBuild
2009-09-30 21:09 . 2009-09-30 21:09 -------- d-----w- c:\program files\Reference Assemblies
2009-09-30 21:08 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-30 21:08 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-30 21:08 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-30 21:08 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-30 21:08 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-30 21:08 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-30 21:08 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-30 21:08 . 2009-09-30 21:08 -------- d-----w- C:\19597db892af85d83d6e
2009-09-30 21:01 . 2009-09-30 21:01 -------- d-----w- c:\program files\MSXML 6.0
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 20:11 . 2008-11-14 22:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 19:30 . 2006-11-25 19:41 -------- d-----w- c:\documents and settings\Edith Filion\Application Data\Lavasoft
2009-10-30 00:08 . 2007-03-06 17:51 -------- d-----w- c:\documents and settings\Edith Filion\Application Data\OpenOffice.org2
2009-10-30 00:08 . 2008-09-23 17:10 -------- d--h--w- c:\program files\Ksejoewiggf
2009-10-16 21:41 . 2002-08-30 12:00 81974 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-16 21:41 . 2002-08-30 12:00 503988 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-01 18:18 . 2008-11-29 03:40 -------- d-----w- c:\documents and settings\Edith Filion\Application Data\Canon
2009-10-01 05:41 . 2006-04-04 22:53 85296 ----a-w- c:\documents and settings\Edith Filion\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-29 21:31 . 2009-09-28 22:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-28 22:30 . 2009-09-28 22:18 -------- d-----w- c:\program files\Microsoft
2009-09-28 22:30 . 2009-09-28 22:30 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-28 22:29 . 2009-09-28 22:17 -------- d-----w- c:\program files\Windows Live
2009-09-28 22:22 . 2007-09-13 22:55 -------- d-----w- c:\program files\Windows Live Toolbar
2009-09-28 22:22 . 2009-09-28 22:22 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-28 22:20 . 2009-09-28 22:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-28 22:18 . 2009-09-28 22:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-28 22:10 . 2009-09-28 22:10 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-11 14:34 . 2002-08-30 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:46 . 2002-08-30 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 22:44 . 2009-09-01 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-01 22:44 . 2009-09-01 22:43 -------- d-----w- c:\program files\iTunes
2009-09-01 22:43 . 2009-09-01 22:43 -------- d-----w- c:\program files\iPod
2009-09-01 22:43 . 2009-09-01 22:37 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-09-01 22:42 . 2009-09-01 22:42 -------- d-----w- c:\program files\Bonjour
2009-09-01 22:41 . 2006-02-19 00:52 -------- d-----w- c:\program files\QuickTime
2009-09-01 22:41 . 2006-02-19 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-01 22:38 . 2009-09-01 22:38 -------- d-----w- c:\program files\Apple Software Update
2009-09-01 22:37 . 2009-09-01 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-29 07:56 . 2005-06-18 05:26 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:15 . 2002-08-30 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-24 22:07 . 2006-12-15 21:35 825 ----a-w- c:\windows\eReg.dat
2009-08-06 23:24 . 2005-11-06 00:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2005-05-26 09:19 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-11-06 00:02 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-11-06 00:02 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-11-05 20:15 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2002-08-30 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-11-06 00:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2006-12-14 02:12 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-11-05 20:15 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 02:48 . 2009-09-28 22:29 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-05 09:06 . 2002-08-30 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:05 . 2002-08-29 11:42 2059776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 17:05 . 2002-08-30 12:00 2182400 ----a-w- c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 18:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-14 32768]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"WeatherEye"="c:\program files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-01-16 4519832]
"retup"="c:\program files\Ksejoewiggf\wweqv.exe" [2006-02-04 2184113]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-11 7286784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-11 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-25 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Motive SmartBridge"="c:\progra~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-10-22 393216]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-24 57344]
"retup"="c:\program files\ksejoewiggf\wweqv.exe" [2006-02-04 2184113]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-10-11 1519616]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\David B‚langer\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
c:\documents and settings\Edith Filion\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Assistant Internet.lnk - c:\program files\NetAssistant\bin\matcli.exe [2007-1-15 217088]
Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2006-8-13 73728]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-8-14 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-14 688128]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-3-15 122880]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\Age3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\davidbelanger\\half-life 2\\hl2.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-09-28 54752]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contenu du dossier 'Tâches planifiées'
2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-10-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 01:45]
2009-10-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-10-30 c:\windows\Tasks\User_Feed_Synchronization-{4B3F9B44-807F-45D4-960F-E2702F964F25}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-StandardInstall - (no file)
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 16:10
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\system32\msvunrerp.dll 147456 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ •€|ù•9~ *]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3072)
c:\progra~1\NETASS~1\SMARTB~1\SBHook.dll
c:\docume~1\EDITHF~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\msvunrerp.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
c:\program files\OpenOffice.org 2.1\program\soffice.exe
c:\program files\OpenOffice.org 2.1\program\soffice.BIN
c:\program files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2009-10-30 16:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-30 20:19
Avant-CF: 23 003 938 816 octets libres
Après-CF: 25 507 344 384 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
- - End Of File - - 995870366A2A5AC0DAA52D4E8A15D5F9
MissCoconut
le 30 octobre 2009 à 23h13
Je vais télécharger Genproc et faire mon rapport!
Merci encore!
Merci encore!
MissCoconut
le 31 octobre 2009 à 02h14
Voilà ce que ça donne:
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
-Mais je ne trouve pas le rapport dans C:\Program Files\EsetOnlineScanner???
Le scanneur m'a clairement énoncé qu'il avait supprimer les fichiers menaçants... et les RootKit sont toujours là! Qu'est-ce que je dois faire maintenant?
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
-Mais je ne trouve pas le rapport dans C:\Program Files\EsetOnlineScanner???
Le scanneur m'a clairement énoncé qu'il avait supprimer les fichiers menaçants... et les RootKit sont toujours là! Qu'est-ce que je dois faire maintenant?
rubised
le 31 octobre 2009 à 14h29
tu a bien cliqué sur le lien de Nod32 donné sur le rapport de genproc poste moi ce rapport de Genproc stp
puis
fais moi une analyse en ligne avec BitDefender suis bien le tuto désactive tes protections résidentes et lance l'analyse en ligne puis poste moi aussi son rapport stp et réactive tes protections résidentes
car je penses aussi que ton infection est peut être dans le système de retauration
Télécharge et installe MalwareBytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Branche toutes tes sources de données sans les lancer (clefs usb,disque sexterne etc ..)
Fermer tout et renommer le nouveau fichier (mbam-setup.exe) en mb.exe pour faciliter son travail par rapport à certains malwares...
- Mets le à jour en cliquant sur onglet mise à jour « Impératif »
redémarre ton PC en mode sans échec « Impératif »
tapote sur la touche F8 avant apparition du logo Microsoft, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec.
tu fais Double clique sur le raccourci de MalwareBytes qui est sur le bureau.
Clique sur onglet recherche et dans la nouvelle fenêtre coche « Examen complet »
et clique sur Rechercher
- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
- Si MalwareBytes n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
- Si MalwareBytes a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste moi ensuite ce rapport.
Si MalwareByte a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Tutoriel pour MalwareBytes ici :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php
puis
fais moi une analyse en ligne avec BitDefender suis bien le tuto désactive tes protections résidentes et lance l'analyse en ligne puis poste moi aussi son rapport stp et réactive tes protections résidentes
car je penses aussi que ton infection est peut être dans le système de retauration
Télécharge et installe MalwareBytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Branche toutes tes sources de données sans les lancer (clefs usb,disque sexterne etc ..)
Fermer tout et renommer le nouveau fichier (mbam-setup.exe) en mb.exe pour faciliter son travail par rapport à certains malwares...
- Mets le à jour en cliquant sur onglet mise à jour « Impératif »
redémarre ton PC en mode sans échec « Impératif »
tapote sur la touche F8 avant apparition du logo Microsoft, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec.
tu fais Double clique sur le raccourci de MalwareBytes qui est sur le bureau.
Clique sur onglet recherche et dans la nouvelle fenêtre coche « Examen complet »
et clique sur Rechercher
- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
- Si MalwareBytes n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
- Si MalwareBytes a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste moi ensuite ce rapport.
Si MalwareByte a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Tutoriel pour MalwareBytes ici :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php
-->Message édité par rubised le 31/10/2009 14:50:34<--
MissCoconut
le 01 novembre 2009 à 18h34
Ok.
Alors voilà le rapport de genproc:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:04, on 2009-10-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\program files\ksejoewiggf\wweqv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\ksejoewiggf\wweqv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Edith Filion\Bureau\GenProc\outil\Edith Filion_GenProc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [retup] c:\program files\ksejoewiggf\wweqv.exe w
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKCU\..\Run: [retup] C:\Program Files\Ksejoewiggf\wweqv.exe w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s(...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb(...)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader(...)
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/teleport/MaxisSimCity4LotTeleX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bw+0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 24820 bytes
Je vais suivre tes instructions pour la suite.
Un gros merci pour ton aide rubised!
Alors voilà le rapport de genproc:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:04, on 2009-10-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\program files\ksejoewiggf\wweqv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\ksejoewiggf\wweqv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Edith Filion\Bureau\GenProc\outil\Edith Filion_GenProc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [retup] c:\program files\ksejoewiggf\wweqv.exe w
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKCU\..\Run: [retup] C:\Program Files\Ksejoewiggf\wweqv.exe w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s(...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb(...)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader(...)
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/teleport/MaxisSimCity4LotTeleX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bw+0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3F7C7BAE-FC26-4F4A-A986-FAD6E04BA194} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 24820 bytes
Je vais suivre tes instructions pour la suite.
Un gros merci pour ton aide rubised!
MissCoconut
le 01 novembre 2009 à 18h59
Voici le rapport de bitedefender:
BitDefender Online Scanner - Rapport virus en temps rel
Gnr : Sun, Nov 01, 2009 - 12:56:22
--------------------------------------------------------------------------------
Info d'analyse
Fichiers scanns
1971
Infects Fichiers
0
Virus Dtects
Aucun virus trouvé.
BitDefender Online Scanner - Rapport virus en temps rel
Gnr : Sun, Nov 01, 2009 - 12:56:22
--------------------------------------------------------------------------------
Info d'analyse
Fichiers scanns
1971
Infects Fichiers
0
Virus Dtects
Aucun virus trouvé.
MissCoconut
le 01 novembre 2009 à 19h00
Voici le rapport de bitedefender:
BitDefender Online Scanner - Rapport virus en temps rel
Gnr : Sun, Nov 01, 2009 - 12:56:22
--------------------------------------------------------------------------------
Info d'analyse
Fichiers scanns
1971
Infects Fichiers
0
Virus Dtects
Aucun virus trouvé.
BitDefender Online Scanner - Rapport virus en temps rel
Gnr : Sun, Nov 01, 2009 - 12:56:22
--------------------------------------------------------------------------------
Info d'analyse
Fichiers scanns
1971
Infects Fichiers
0
Virus Dtects
Aucun virus trouvé.
rubised
le 01 novembre 2009 à 23h34
ce n'est pas un rapport complet de bitdefender que tu me mets
et lance moi malwarebytes en suivant bien tout ce que te marque plus haut pour malwarebytes et poste moi son rapport stp
et lance moi malwarebytes en suivant bien tout ce que te marque plus haut pour malwarebytes et poste moi son rapport stp
PRODUITS
- Portables |
- PC |
- Moniteurs |
- Photo / Vidéo |
- T.V. |
- Audio |
- GPS |
- Stockage |
- Téléphonie |
- autres catégories
TÉLÉCHARGER - LOGICIELS
- Windows & logiciels |
- Bureautique |
- Développement |
- Internet |
- Jeux |
- Loisirs |
- Multimédia |
- Personnaliser son pc |
- Sécurité |
- Utilitaires |
- Logiciels Linux |
- logiciels Mac
JEUX VIDÉOS
- jeux PC |
- Xbox |
- Playstation |
- Wii |
- PSP |
- DS |
- Action |
- Aventure |
- MMORPG |
- Sports |
- Simulation |
- Enfant |
- Soluces et astuces
LOISIRS
01NET PRO
- Réseaux et Internet |
- Programmation et développement |
- Logiciels d'entreprise |
- Systèmes d'exploitation en entreprise |
- Sécurité en entreprise |
- Entreprenariat |
- Emploi |
- Services PRO |
- Matériel PRO
AVIS ET COMMENTAIRES
- Les actualités de 01net. |
- Avis sur les jeux vidéos |
- Avis sur les produits |
- Avis sur les logiciels |
A PROPOS DE 01NET
publicité
Messages des modérateurs
A lire aussi
PRODUITS
- Generic host process Win32 et conséquences
- Generic Host Process for Win32 Services
- Probleme de son Win32
TÉLÉCHARGER - LOGICIELS
- je ne retrouve pas Rootkit-Buster que j'ai installer(resolu)
- Win32:Rootkit-gen [Rtk]
- comment supprimer Win32:Rootkit-gen [Rtk]???
- Problème délicat [win32 rootkit-gen rtk] (Résolu)
- Win32:Rootkit-Gen [Rtk] - Help !!!
JEUX VIDÉOS
- application win32 non valide
- win32
- win32
- Consoles next gen et zones ...
- Consoles next gen et zones ...
LOISIRS
01NET PRO
AVIS ET COMMENTAIRES
- LCC Win32
- Safe'n'Sec + Rootkit Detector + Antispyware
- SanityCheck (ex- RootKit Hook Analyzer)
- Batman : Arkham Asylum, et si la vraie console next-gen était un PC ?
A PROPOS DE 01NET
 |
 |
> ChanceRoom
Découvrez la nouvelle Poker Room montante.
|
 |
||
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter
|
Charte de confiance
|
Voir notice légale
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
Tous droits réservés © 1999 - 2009 Groupe 01 - 01net.