Se connecter / S'enregistrer
Votre question

Avast!!! Trop de messages envoyé en faible intervalle

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Février 2008 16:08:54

Bonjour,

J'ai un problème avec mon pc, chaque fois que je me connecte sur internet beaucoup de fenêtre Avast s'affiche avec le teste "trop de message envoyé en faible intervalle!

Je pense que je dois avoir un virus, j'ai fait un scan avec Avast AD-aware. Il nettoye des fichiers mais le problème est toujours présent.

Merci de votre aide, j'ai remarqué sur des autres discussion que vous vouliez le fichier log.

Voici le fichier log avec HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:04:39, on 20.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\QuickHelpAlert.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\QuickHelpAlert.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [scmdvgbtovcj] C:\WINDOWS\system32\scmdvgbtovcj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-796845957-838170752-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Sabrina')
O4 - HKUS\S-1-5-21-796845957-838170752-725345543-1004\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Sabrina')
O4 - HKUS\S-1-5-21-796845957-838170752-725345543-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Sabrina')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://de.bluewin.ch/services/security_checker/fscax.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {9C3EFB8A-DC20-484B-B905-5E337A988C5D} (LNCActiveX Control) - http://www.micro-web.co.kr/LNetCam.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Print Spooler Service (o0a78ieioj) - Unknown owner - C:\WINDOWS\system32\scmdvgbtovcj.exe

--
End of file - 12989 bytes

Autres pages sur : avast messages envoye faible intervalle

20 Février 2008 16:10:59

Salut,

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
20 Février 2008 16:22:04

Voici le rapport merci beaucoup

ComboFix 08-02-20.2 - Rosario 2008-02-20 16:18:26.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.41.1036.18.341 [GMT 1:00]
Endroit: C:\Documents and Settings\Rosario\Local Settings\Temporary Internet Files\Content.IE5\V9QXKQ5F\ComboFix[1].exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AutoRun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
.

2008-02-20 14:37 . 2008-02-20 16:07 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\skypePM
2008-02-20 13:25 . 2008-02-20 13:25 <REP> d-------- C:\Program Files\Trend Micro
2008-02-17 12:38 . 2008-02-17 12:38 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-02-17 12:38 . 2008-02-20 16:07 <REP> d-------- C:\Documents and Settings\Rosario\Application Data\skypePM
2008-02-17 12:38 . 2008-02-17 12:38 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-17 12:33 . 2008-02-17 12:33 <REP> d-------- C:\fsaua.data
2008-02-13 11:59 . 2008-02-13 11:59 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\Grisoft
2008-02-12 20:00 . 2008-02-12 20:00 <REP> d-------- C:\Documents and Settings\Rosario\Application Data\Grisoft
2008-02-12 20:00 . 2008-02-12 20:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 20:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 18:38 . 2008-02-12 18:38 <REP> d-------- C:\Program Files\Lavasoft
2008-02-12 18:38 . 2008-02-12 18:38 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-12 18:38 . 2008-02-12 18:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 20:51 . 2008-02-07 20:53 114,688 --a------ C:\WINDOWS\system32\scmdvgbtovcj.exe
2008-01-29 22:32 . 2008-01-29 22:47 111,292 --a------ C:\WINDOWS\hpqins13.dat
2008-01-29 21:11 . 2008-01-29 21:11 <REP> d-------- C:\Documents and Settings\Rosario\dvbern-tax
2008-01-29 20:50 . 2008-01-29 20:50 <REP> d-------- C:\Documents and Settings\Rosario\GeTax2007
2008-01-29 20:47 . 2008-01-29 20:48 <REP> d--h----- C:\Program Files\Zero G Registry
2008-01-29 20:47 . 2008-01-29 20:50 <REP> d-------- C:\Program Files\GeTaxPP2007
2008-01-29 20:47 . 2008-01-29 20:47 <REP> d--h----- C:\Documents and Settings\Rosario\InstallAnywhere
2008-01-27 18:57 . 2008-01-27 18:57 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\HPAppData
2008-01-27 00:27 . 2008-01-27 00:27 <REP> d-------- C:\Documents and Settings\Rosario\Application Data\HP
2008-01-27 00:20 . 2008-01-27 00:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-01-27 00:19 . 2008-01-27 00:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-27 00:18 . 2007-05-02 09:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-01-27 00:18 . 2007-05-02 10:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-01-27 00:18 . 2007-03-08 05:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-01-27 00:18 . 2007-03-08 05:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-01-27 00:18 . 2007-05-02 10:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-01-27 00:18 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-01-27 00:18 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-01-27 00:15 . 2008-02-08 17:44 <REP> d-------- C:\Documents and Settings\Rosario\Application Data\HPAppData
2008-01-27 00:15 . 2008-01-27 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-01-27 00:13 . 2008-01-27 00:13 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-01-27 00:13 . 2008-01-27 00:13 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-01-27 00:13 . 2008-01-27 00:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-01-27 00:13 . 2008-01-27 00:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-01-27 00:12 . 2008-01-27 00:12 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-01-27 00:11 . 2008-01-27 00:15 <REP> d-------- C:\Program Files\HP
2008-01-27 00:11 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-27 00:11 . 2004-08-04 08:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-27 00:10 . 2008-01-27 00:20 166,753 --a------ C:\WINDOWS\hpoins21.dat
2008-01-27 00:10 . 2007-09-05 19:26 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-01-22 23:24 . 2008-01-22 23:24 <REP> d-------- C:\Program Files\Media Player Classic
2008-01-22 23:24 . 2008-01-22 23:24 <REP> d-------- C:\Documents and Settings\Rosario\Application Data\Media Player Classic
2008-01-22 12:19 . 2008-01-22 12:20 <REP> d-------- C:\Mariage 2008
2008-01-22 09:51 . 2008-01-22 09:51 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\Software
2008-01-22 09:51 . 2008-01-22 09:51 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CLSID
2008-01-22 09:45 . 2008-01-22 09:45 <REP> d-------- C:\Program Files\Micro Application
2008-01-22 09:45 . 2008-01-22 09:45 <REP> d-------- C:\Program Files\Fichiers communs\Micro Application Shared
2008-01-21 18:05 . 2008-01-21 18:05 <REP> d-------- C:\WINDOWS\Sun
2008-01-21 18:05 . 2008-01-21 18:05 <REP> d-------- C:\Program Files\Realtek AC97
2008-01-21 18:05 . 2008-01-21 18:05 <REP> d-------- C:\Program Files\Okoker MP3 Splitter
2008-01-21 18:05 . 2008-01-21 18:05 <REP> d-------- C:\Program Files\Motive
2008-01-21 18:01 . 2008-01-21 18:01 <REP> d-------- C:\Program Files\test
2008-01-21 17:42 . 2008-01-21 18:01 <REP> d-------- C:\Program Files\MSN Apps(2)

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 14:59 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\Skype
2008-02-20 14:52 --------- d-----w C:\Documents and Settings\Rosario\Application Data\Skype
2008-02-20 13:39 --------- d-----w C:\Program Files\eMule
2008-02-20 13:20 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-02-20 13:20 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-02-17 11:41 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-22 08:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 17:13 --------- d-----w C:\Program Files\Java
2008-01-21 17:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-21 17:04 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-21 17:03 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-21 17:03 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-19 11:55 --------- d-----w C:\Program Files\Google
2008-01-18 16:55 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\Thinstall
2008-01-17 22:24 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\Leadertech
2008-01-17 16:28 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\Media Player Classic
2008-01-10 16:41 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-01-06 11:45 --------- d-----w C:\Program Files\Windows Live
2008-01-06 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-10-11 21:45 19,000 ----a-w C:\Documents and Settings\Rosario\Application Data\GDIPFONTCACHEV1.DAT
2007-07-02 20:15 17,920 ----a-w C:\Documents and Settings\Sabrina\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-10 17:54 67128]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-31 07:21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12 90112]
"SoundMan"="SOUNDMAN.EXE" [2006-06-20 22:42 577536 C:\WINDOWS\soundman.exe]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" [2007-01-23 14:44 101136]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Logitech BT Wizard"="LBTWiz.exe" []
"Motive SmartBridge"="C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\QuickHelpAlert.exe" [2005-09-13 08:57 401408]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 10:45 63712]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"scmdvgbtovcj"="C:\WINDOWS\system32\scmdvgbtovcj.exe" [2008-02-07 20:53 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

C:\Documents and Settings\Rosario\Menu D‚marrer\Programmes\D‚marrage\
Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [2007-05-07 13:55:38 625664]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 21:37:20 561213]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-01-30 01:15 65536 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWlgn.DLL

R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2004-08-20 00:10]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-10-25 18:10]
S2 o0a78ieioj;Print Spooler Service;C:\WINDOWS\system32\scmdvgbtovcj.exe [2008-02-07 20:53]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-20 14:59:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 16:20:41
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\WinRAR\rarext.dll
.
Temps d'accomplissement: 2008-02-20 16:21:31
ComboFix-quarantined-files.txt 2008-02-20 15:21:21
.
2008-02-13 22:27:49 --- E O F ---
Contenus similaires
20 Février 2008 16:48:40

Re,

Copie le texte se situant dans le cadre ci-dessous :

Driver::
o0a78ieioj
lvuvc.hs
Lvckapp

File::
C:\WINDOWS\system32\scmdvgbtovcj.exe
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\drivers\logiflt.iad

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"scmdvgbtovcj"=-


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
21 Février 2008 10:54:50

Salut!

Je viens de recevoir un mail que mon fournisseur va bientôt me couper mon accès car j'envoie trop de virus...

Pour ton info j'ai fait ce que tu m'as dis et le pc va mieux. Voici le rapport de Combofix.txt

ComboFix 08-02-21 - Rosario 2008-02-21 9:56:03.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.375 [GMT 1:00]
Endroit: C:\Documents and Settings\Rosario\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rosario\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\system32\drivers\logiflt.iad
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\scmdvgbtovcj.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\logiflt.iad
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\scmdvgbtovcj.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_O0A78IEIOJ
-------\o0a78ieioj


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
.

2008-02-20 14:37 . 2008-02-20 16:07 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\skypePM
2008-02-20 13:25 . 2008-02-20 13:25 <REP> d-------- C:\Program Files\Trend Micro
2008-02-17 12:38 . 2008-02-17 12:38 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-02-17 12:38 . 2008-02-21 09:44 <REP> d-------- C:\Documents and Settings\Rosario\Application Data\skypePM
2008-02-17 12:38 . 2008-02-17 12:38 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-17 12:33 . 2008-02-17 12:33 <REP> d-------- C:\fsaua.data
2008-02-13 11:59 . 2008-02-13 11:59 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\Grisoft
2008-02-12 20:00 . 2008-02-12 20:00 <REP> d-------- C:\Documents and Settings\Rosario\Application Data\Grisoft
2008-02-12 20:00 . 2008-02-12 20:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 20:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 18:38 . 2008-02-12 18:38 <REP> d-------- C:\Program Files\Lavasoft
2008-02-12 18:38 . 2008-02-12 18:38 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-12 18:38 . 2008-02-12 18:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-29 22:32 . 2008-01-29 22:47 111,292 --a------ C:\WINDOWS\hpqins13.dat
2008-01-29 21:11 . 2008-01-29 21:11 <REP> d-------- C:\Documents and Settings\Rosario\dvbern-tax
2008-01-29 20:50 . 2008-01-29 20:50 <REP> d-------- C:\Documents and Settings\Rosario\GeTax2007
2008-01-29 20:47 . 2008-01-29 20:48 <REP> d--h----- C:\Program Files\Zero G Registry
2008-01-29 20:47 . 2008-01-29 20:50 <REP> d-------- C:\Program Files\GeTaxPP2007
2008-01-29 20:47 . 2008-01-29 20:47 <REP> d--h----- C:\Documents and Settings\Rosario\InstallAnywhere
2008-01-27 18:57 . 2008-01-27 18:57 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\HPAppData
2008-01-27 00:27 . 2008-01-27 00:27 <REP> d-------- C:\Documents and Settings\Rosario\Application Data\HP
2008-01-27 00:20 . 2008-01-27 00:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-01-27 00:19 . 2008-01-27 00:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-27 00:18 . 2007-05-02 09:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-01-27 00:18 . 2007-05-02 10:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-01-27 00:18 . 2007-03-08 05:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-01-27 00:18 . 2007-03-08 05:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-01-27 00:18 . 2007-05-02 10:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-01-27 00:18 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-01-27 00:18 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-01-27 00:15 . 2008-02-21 09:49 <REP> d-------- C:\Documents and Settings\Rosario\Application Data\HPAppData
2008-01-27 00:15 . 2008-01-27 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-01-27 00:13 . 2008-01-27 00:13 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-01-27 00:13 . 2008-01-27 00:13 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-01-27 00:13 . 2008-01-27 00:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-01-27 00:13 . 2008-01-27 00:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-01-27 00:12 . 2008-01-27 00:12 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-01-27 00:11 . 2008-01-27 00:15 <REP> d-------- C:\Program Files\HP
2008-01-27 00:11 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-27 00:11 . 2004-08-04 08:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-27 00:10 . 2008-01-27 00:20 166,753 --a------ C:\WINDOWS\hpoins21.dat
2008-01-27 00:10 . 2007-09-05 19:26 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-01-22 23:24 . 2008-01-22 23:24 <REP> d-------- C:\Program Files\Media Player Classic
2008-01-22 23:24 . 2008-01-22 23:24 <REP> d-------- C:\Documents and Settings\Rosario\Application Data\Media Player Classic
2008-01-22 12:19 . 2008-01-22 12:20 <REP> d-------- C:\Mariage 2008
2008-01-22 09:51 . 2008-01-22 09:51 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\Software
2008-01-22 09:51 . 2008-01-22 09:51 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CLSID
2008-01-22 09:45 . 2008-01-22 09:45 <REP> d-------- C:\Program Files\Micro Application
2008-01-22 09:45 . 2008-01-22 09:45 <REP> d-------- C:\Program Files\Fichiers communs\Micro Application Shared
2008-01-21 18:05 . 2008-01-21 18:05 <REP> d-------- C:\WINDOWS\Sun
2008-01-21 18:05 . 2008-01-21 18:05 <REP> d-------- C:\Program Files\Realtek AC97
2008-01-21 18:05 . 2008-01-21 18:05 <REP> d-------- C:\Program Files\Okoker MP3 Splitter
2008-01-21 18:05 . 2008-01-21 18:05 <REP> d-------- C:\Program Files\Motive
2008-01-21 18:01 . 2008-01-21 18:01 <REP> d-------- C:\Program Files\test
2008-01-21 17:42 . 2008-01-21 18:01 <REP> d-------- C:\Program Files\MSN Apps(2)

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 08:54 --------- d-----w C:\Documents and Settings\Rosario\Application Data\Skype
2008-02-20 15:59 --------- d-----w C:\Program Files\eMule
2008-02-20 14:59 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\Skype
2008-02-17 11:41 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-22 08:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 17:13 --------- d-----w C:\Program Files\Java
2008-01-21 17:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-21 17:04 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-21 17:03 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-21 17:03 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-19 11:55 --------- d-----w C:\Program Files\Google
2008-01-18 16:55 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\Thinstall
2008-01-17 22:24 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\Leadertech
2008-01-17 16:28 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\Media Player Classic
2008-01-10 16:41 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-01-06 11:45 --------- d-----w C:\Program Files\Windows Live
2008-01-06 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-11 21:45 19,000 ----a-w C:\Documents and Settings\Rosario\Application Data\GDIPFONTCACHEV1.DAT
2007-07-02 20:15 17,920 ----a-w C:\Documents and Settings\Sabrina\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-10 17:54 67128]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-31 07:21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12 90112]
"SoundMan"="SOUNDMAN.EXE" [2006-06-20 22:42 577536 C:\WINDOWS\soundman.exe]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" [2007-01-23 14:44 101136]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Logitech BT Wizard"="LBTWiz.exe" []
"Motive SmartBridge"="C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\QuickHelpAlert.exe" [2005-09-13 08:57 401408]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"scmdvgbtovcj"="C:\WINDOWS\system32\scmdvgbtovcj.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-01-30 01:15 65536 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWlgn.DLL

R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2004-08-20 00:10]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-10-25 18:10]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-21 08:59:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"


Voici le rapport de HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53, on 2008-02-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\QuickHelpAlert.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\QuickHelpAlert.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [scmdvgbtovcj] C:\WINDOWS\system32\scmdvgbtovcj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://de.bluewin.ch/services/security_checker/fscax.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {9C3EFB8A-DC20-484B-B905-5E337A988C5D} (LNCActiveX Control) - http://www.micro-web.co.kr/LNetCam.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 12273 bytes
21 Février 2008 13:39:18

Re,

Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\RunServices: [scmdvgbtovcj] C:\WINDOWS\system32\scmdvgbtovcj.exe

Puis Fix Checked !

**********

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

********

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.

*********

21 Février 2008 18:43:15

Voici le rapport

Merci beacoup!


AntiVir PersonalEdition Classic
Report file date: 2008-02-21 18:00

Scanning for 1119196 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PRIV-YUW22L6M0X

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 17:00:08
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 17:00:08
ANTIVIR3.VDF : 7.0.2.174 318464 Bytes 2008-02-21 17:00:08
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 2008-02-21 17:00:08
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-21 17:00:08
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-02-21 18:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'hpswp_clipbook.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'QuickHelpAlert.exe' - '1' Module(s) have been scanned
Scan process 'LBTWiz.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'LBTSERV.EXE' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
61 processes with 61 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '37' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_PRIV-YUW22L6M0X.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> qoobox/Quarantine/C/WINDOWS/system32/scmdvgbtovcj.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.114688.3
[INFO] The file was deleted!
C:\Documents and Settings\Sabrina\Mes documents\Mes fichiers reçus\d506zf711i.zip
[0] Archive type: ZIP
--> pic-342.JPeG-salentinadoc@hotmail.com
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.114688.3
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\scmdvgbtovcj.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.114688.3
[INFO] The file was deleted!
C:\System Volume Information\_restore{D64136B6-5531-4792-B7ED-AE74C5F5DA3E}\RP278\A0027217.exe
[DETECTION] Is the Trojan horse TR/Agent.RIR.135
[INFO] The file was deleted!
C:\System Volume Information\_restore{D64136B6-5531-4792-B7ED-AE74C5F5DA3E}\RP288\A0034514.exe
[DETECTION] Is the Trojan horse TR/Agent.RIR.135
[INFO] The file was deleted!
C:\System Volume Information\_restore{D64136B6-5531-4792-B7ED-AE74C5F5DA3E}\RP309\A0044982.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.114688.3
[INFO] The file was deleted!


End of the scan: 2008-02-21 18:38
Used time: 37:30 min

The scan has been done completely.

5446 Scanning directories
176393 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
6 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
176387 Files not concerned
1023 Archives were scanned
1 Warnings
4 Notes

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS