Se connecter / S'enregistrer
Votre question

Fenêtre Windows Security Alert - SOS! SVP

Tags :
  • Windows genuine advantage
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Novembre 2007 10:19:05

Bonjour à toutes et à tous,

J'ai grand besoin d'aide.
J'ai depuis peu, un message dans une fenêtre "Windows Security Alert":

Windows Security Alert : Warning! Potential Spyware Operation! your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unathorised access to your files! Click here to download spyware remover ...

Que dois je faire?

Quelqu'un peut il m'aider à éliminer ce virus, pour que je n'ai plus ce message qui réapparait toutes les 3 minutes?

Merci par avance,
Dans l'attente de vous lire

Autres pages sur : fenetre windows security alert sos svp

23 Novembre 2007 22:19:37

Bonsoir,

D'abord merci à toi chercheur_ pour t'occuper de moi et mon souci :) 

De plus, j'ai remarqué que je n'ai plus accès à mon panneau de configuration, ni au gestionnaire des tâches (alors que je suis l'administrateur de l'ordi!), j'ai des messages de Norton antivirus qui me disent qu'il a contré des attaques (je peux vous en faire le détail si vous voulez), l'ordinateur s'est un peu ralenti aussi.

Mon rapport HijackThis v2.0.2:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:58, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\proper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ufdsvc.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\spools.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\PBC\Bureau\Problème virus au 231107 Merci Chercheur Infodunet\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spools.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - Startup: infos.exe
O4 - Global Startup: autos.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: bw+0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sol548.txt
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe

--
End of file - 24790 bytes

Merci pour ton action chercheur_
Contenus similaires
23 Novembre 2007 23:52:11



Merci pour ta rapidté:) 

Voilà le rapport mais je tiens à te dire que j'ai eu 6 fois de suite ce message:

Editeur du Registre
La modification de Registre a été désactivée par votre administrateur


Le rapport:

SmitFraudFix v2.253

Rapport fait à 23:47:10,28, 23/11/2007
Executé à partir de C:\Documents and Settings\PBC\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\proper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ufdsvc.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\spools.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\bronto.dll PRESENT !
C:\WINDOWS\system32\proper.exe PRESENT !
C:\WINDOWS\system32\winter.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PBC


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PBC\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\PBC\MENUDM~1\PROGRA~1\DMARRA~1\infos.exe PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\autos.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PBC\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\sol548.txt"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.198.2.51
DNS Server Search Order: 212.198.0.91

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.198.2.51
DNS Server Search Order: 212.198.0.91

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C4085863-532A-49E3-B63C-D7A768B52AEA}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E81FA634-4E5C-4A73-BBD6-BCDC67821625}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C4085863-532A-49E3-B63C-D7A768B52AEA}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E81FA634-4E5C-4A73-BBD6-BCDC67821625}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C4085863-532A-49E3-B63C-D7A768B52AEA}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E81FA634-4E5C-4A73-BBD6-BCDC67821625}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.198.2.51 212.198.0.91


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


Merci pour ton action :) 
24 Novembre 2007 00:30:42

C'est ton infection qui provoque ce problème de registre.

* Télécharge
clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

CCleaner.
http://www.pcastuces.com/logitheque/ccleaner.htm
Installe le.
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner


* Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.


* Lance CCleaner.
Clique sur Options, Avancé et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Coche ces cases dans Windows (Internet Explorer, Windows Explorer et Système) et dans Applications (toutes les cases).
Lance le nettoyage.


* Relance SmitfraudFix. Choisis cette fois l’option 2 et réponds oui à tout.


* Ouvre le dossier Clean qui se trouve sur ton bureau, et double-clic sur clean.cmd.
Choisis l'option 2
Enregistre le rapport une fois le scan terminé


* Redémarre normalement et communique le deuxième rapport de SmitfraudFix, le rapport qui se trouve ici C:\rapport_clean.txt et un nouveau rapport Hijackthis.
24 Novembre 2007 08:39:40

chercheur_,


J'ai une question.

Quand je fais clique droit sur clean.zip (sur le bureau) J'ai 3 possibilités:
- Extraire les fichiers...
- Extraire ici
- Extraire vers clean\

Quel choix dois je prendre?

Désolé si mes questions sont stupides :( 

Merci pour tes lumières :) 
24 Novembre 2007 17:59:43

Re

Extraire vers Clean.
30 Novembre 2007 22:08:48

Bonsoir,

Désolé chercheur_, pour ce retard dans le traitement de mon problème mais n'étant pas une flêche en informatique, j'ai préféré y aller progressivement ("Qui va piano...")

Sâches que j'apprécie beaucoup l'aide que tu m'a apporté, que tu m'apportes, et que, j'espère tu vas continuer à m'apporter :) )

J'ai fait tout ce que tu m'as dis. J'ai plein de choses à dire. Je vais tâcher d'être concis.

Pendant l'execution de ce que tu m'as demandé, j'avais encore le message Windows Security Alert. En outre, j'ai avorté à plusieurs reprises le nettoyage du disque, processus que parraissait long et pas primordial) J'espère que j'ai bien fait.
D'autre part, pendant l'éxecution de CCleaner, j'ai eu une dizaine de fois le message suivant:

Editeur du Registre
La modification de Registre a été désactivée par votre administrateur

auquel j'ai fait OK, vu que je ne pouvais plus continuer le nettoyage sans.

Résultats: La fenêtre Windows Security Alert a disparue (bonne nouvelle) J'ai enfin accès au gestionnaire des tâches (re bonne nouvelle).
En revanche, Je n'ai toujours pas accès à mes panneaux de configuration et mon ordinateur "ronronne" bizarrement régulièrement (sans aucune raison apparente, pas de mises à jour en tâche de fond) Accesoirement, quand je lance mon ordinateur le ventilateur ne fonctionne plus à fond pendant 5 secs comme auparavant.

Parallèlement, mon antivirus Norton detecte réguliérement des attaques de virus ou de troyens, et je ne sais pas si c'est grave.

Voilà, j'ai tout dit (ou presque), je te confie les 3 rapports que tu m'as demandés.

Merci pour cette lecture et pour ton action (surtout pour récupérer les panneaux de configuration)

Bien à toi,

Cocagina


SmitFraudFix v2.253

Rapport fait à 21:35:17,78, 30/11/2007
Executé à partir de C:\Documents and Settings\PBC\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 ar.atwola.com
192.168.200.3 atdmt.com
192.168.200.3 avp.ch
192.168.200.3 avp.com
192.168.200.3 avp.ru
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net
192.168.200.3 banners.fastclick.net
192.168.200.3 ca.com
192.168.200.3 click.atdmt.com
192.168.200.3 clicks.atdmt.com
192.168.200.3 customer.symantec.com
192.168.200.3 dispatch.mcafee.com
192.168.200.3 download.mcafee.com
192.168.200.3 downloads-us1.kaspersky-labs.com
192.168.200.3 downloads-us2.kaspersky-labs.com
192.168.200.3 downloads-us3.kaspersky-labs.com
192.168.200.3 downloads1.kaspersky-labs.com
192.168.200.3 downloads2.kaspersky-labs.com
192.168.200.3 downloads3.kaspersky-labs.com
192.168.200.3 downloads4.kaspersky-labs.com
192.168.200.3 engine.awaps.net
192.168.200.3 f-secure.com
192.168.200.3 fastclick.net
192.168.200.3 ftp.avp.ch
192.168.200.3 ftp.downloads1.kaspersky-labs.com
192.168.200.3 ftp.downloads2.kaspersky-labs.com
192.168.200.3 ftp.downloads3.kaspersky-labs.com
192.168.200.3 ftp.f-secure.com
192.168.200.3 ftp.kasperskylab.ru
192.168.200.3 ftp.sophos.com
192.168.200.3 ids.kaspersky-labs.com
192.168.200.3 kaspersky-labs.com
192.168.200.3 kaspersky.com
192.168.200.3 liveupdate.symantec.com
192.168.200.3 liveupdate.symantecliveupdate.com
192.168.200.3 mast.mcafee.com
192.168.200.3 mcafee.com
192.168.200.3 media.fastclick.net
192.168.200.3 my-etrust.com
192.168.200.3 nai.com
192.168.200.3 networkassociates.com
192.168.200.3 norton.com
192.168.200.3 phx.corporate-ir.net
192.168.200.3 rads.mcafee.com
192.168.200.3 secure.nai.com
192.168.200.3 securityresponse.symantec.com
192.168.200.3 service1.symantec.com
192.168.200.3 sophos.com
192.168.200.3 spd.atdmt.com
192.168.200.3 symantec.com
192.168.200.3 trendmicro.com
192.168.200.3 update.symantec.com
192.168.200.3 updates.symantec.com
192.168.200.3 updates1.kaspersky-labs.com
192.168.200.3 updates2.kaspersky-labs.com
192.168.200.3 updates3.kaspersky-labs.com
192.168.200.3 updates4.kaspersky-labs.com
192.168.200.3 updates5.kaspersky-labs.com
192.168.200.3 us.mcafee.com
192.168.200.3 vil.nai.com
192.168.200.3 viruslist.com
192.168.200.3 viruslist.ru
192.168.200.3 virusscan.jotti.org
192.168.200.3 virustotal.com
192.168.200.3 www.avp.ch
192.168.200.3 www.avp.com
192.168.200.3 www.avp.ru
192.168.200.3 www.awaps.net
192.168.200.3 www.ca.com
192.168.200.3 www.f-secure.com
192.168.200.3 www.fastclick.net
192.168.200.3 www.grisoft.com
192.168.200.3 www.kaspersky-labs.com
192.168.200.3 www.kaspersky.com
192.168.200.3 www.kaspersky.ru
192.168.200.3 www.mcafee.com
192.168.200.3 www.my-etrust.com
192.168.200.3 www.nai.com
192.168.200.3 www.networkassociates.com
192.168.200.3 www.sophos.com
192.168.200.3 www.symantec.com
192.168.200.3 www.symantec.com
192.168.200.3 www.trendmicro.com
192.168.200.3 www.viruslist.com
192.168.200.3 www.viruslist.ru
192.168.200.3 www.virustotal.com
192.168.200.3 www3.ca.com

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\bronto.dll supprimé
C:\WINDOWS\system32\proper.exe supprimé
C:\WINDOWS\system32\winter.exe supprimé
C:\DOCUME~1\PBC\MENUDM~1\PROGRA~1\DMARRA~1\infos.exe supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\autos.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C4085863-532A-49E3-B63C-D7A768B52AEA}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E81FA634-4E5C-4A73-BBD6-BCDC67821625}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C4085863-532A-49E3-B63C-D7A768B52AEA}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E81FA634-4E5C-4A73-BBD6-BCDC67821625}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C4085863-532A-49E3-B63C-D7A768B52AEA}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E81FA634-4E5C-4A73-BBD6-BCDC67821625}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.198.2.51 212.198.0.91


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin













Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 30/11/2007 a 21:42:00,60

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de "C:\WINDOWS\Matrix Code.exe"

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Viewpoint\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !












Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:29, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Symantec Shared\SecurityHistory\mcui32.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\PBC\Bureau\Problème virus au 231107 Merci Chercheur Infodunet\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: bw+0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sol548.txt
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe

--
End of file - 24438 bytes
1 Décembre 2007 19:12:09

Bonsoir à tous,
Salutations chercheur_,

Si vous pouviez jeter un coup d'oeil sur mon souci, ce serait gentil à vous :) 

Car j'ai maintenant une fenêtre qui s'ouvre à chaque démarrage de ma session:

C:\wINDOWS\system32\proper.exe

Croix blanche sur rond rouge

Windows ne trouve pas 'C:\wINDOWS\system32\proper.exe'. Vérifiez que vous avez entré le nom correctement et essayez à nouveau. Pour rechercher un fichier, cliquez sur le bouton Démarrer, puis sr Rechercher.

Bouton OK

Et je n'ai toujours pas accès à mon panneau de configuration.

Espérant vous lire rapidement, s'il vous plaît.

Merci encore pour votre aide.
3 Décembre 2007 04:27:45

Bonjour!

Merci pour votre prompte conseils et actions à entreprendre s'il vous plait.

Bonne journée.
4 Décembre 2007 18:20:23

Bonsoir,

Personne veut m'aider?
5 Décembre 2007 21:23:42

Bonjour


Je n'ai pas vu le drapeau signalant que tu répondais.
Tu as bien fais de me prévenir par MP.


Relances Smitfraudfix et choisis l'option 4 pour faire une mise à jour.

Ensuite, tu refais un scan option 1 pour un nouveau scan.
6 Décembre 2007 08:11:42

Bonjour,

Merci pour ton suivi et actions à entreprendre.
Je sais pas pour le drapeau, comment ca marche.

La MAJ de Smitfraud a été correctement faite. Mais j'ai dû (comme précedemment) fermé 6 fois de suite la fenêtre:

Editeur du Registre
La modification de Registre a été désactivée par votre
administrateur

Voici tout de même le rapport:

SmitFraudFix v2.258

Rapport fait à 8:03:35,32, 06/12/2007
Executé à partir de C:\Documents and Settings\PBC\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PBC


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PBC\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PBC\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\sol548.txt"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.198.2.51
DNS Server Search Order: 212.198.0.91

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.198.2.51
DNS Server Search Order: 212.198.0.91

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C4085863-532A-49E3-B63C-D7A768B52AEA}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E81FA634-4E5C-4A73-BBD6-BCDC67821625}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C4085863-532A-49E3-B63C-D7A768B52AEA}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E81FA634-4E5C-4A73-BBD6-BCDC67821625}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C4085863-532A-49E3-B63C-D7A768B52AEA}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E81FA634-4E5C-4A73-BBD6-BCDC67821625}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.198.2.51 212.198.0.91


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin




Merci encore pour tes prochains conseils et actions car sans mes panneaux de configuration, c'est pas évident :( 

Bonne journée.
6 Décembre 2007 22:01:00

Bien.


Redémarre en mode sans échec et fais le scan option 2.

Redémarre normalement.


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le deuxième rapport de Smitfraudfix.
8 Décembre 2007 23:36:17

Bonsoir chercheur_,

Une bonne nouvelle: panneau de configuration revenu! :) 

Un bémol: l'ordinateur semble plus lent (ouverture des fenêtres internet etc) Il "ronronne" (travaille, utilisation du cpu) aussi sans raison, bizarrement, surtout juste après le démarrage. Le fond du bureau est parti (mais je l'ai remis)


Je te mets les 3 rapports dans l'ordre demandé, bonne lecture.



ComboFix 07-12-07.3 - PBC 2007-12-08 8:08:12.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.137 [GMT 1:00]
Running from: C:\Documents and Settings\PBC\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\6_exception.nls
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF
-------\runtime


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))))))))
.

2007-12-01 20:09 . 2007-12-01 20:09 <REP> d-------- C:\Program Files\Lavasoft
2007-12-01 20:09 . 2007-12-01 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-30 15:25 . 2007-11-30 15:35 800 --a------ C:\WINDOWS\system32\5006.lps
2007-11-26 10:04 . 2007-12-07 03:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-26 10:04 . 2007-11-26 10:04 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-23 08:57 . 2007-12-08 08:02 291,328 --a------ C:\WINDOWS\system32\libcurl.dll
2007-11-11 12:30 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-10 19:30 . 2007-11-10 19:30 <REP> d-------- C:\Program Files\Makayama Interactive
2007-11-10 19:30 . 2004-02-05 20:53 389,120 --------- C:\WINDOWS\system32\actskn43.ocx
2007-11-10 19:30 . 2004-11-01 12:38 57,344 --------- C:\WINDOWS\system32\XButton.ocx
2007-11-10 17:38 . 2007-11-10 17:38 22,328 --a------ C:\Documents and Settings\PBC\Application Data\PnkBstrK.sys
2007-11-10 17:37 . 2007-11-10 17:37 319 --a------ C:\WINDOWS\game.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 04:28 --------- d-----w C:\Documents and Settings\PBC\Application Data\Xfire
2007-12-08 04:17 --------- d-s---w C:\Program Files\Xfire
2007-12-08 00:51 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-07 05:01 --------- d-----w C:\Program Files\Call of Duty
2007-12-07 04:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-01 19:14 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-01 19:14 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-01 19:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-01 19:07 --------- d-----w C:\Documents and Settings\PBC\Application Data\Lavasoft
2007-12-01 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-26 07:31 97,252 ----a-w C:\Documents and Settings\PBC\Application Data\wklnhst.dat
2007-11-24 05:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 01:36 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-10 16:24 --------- d-----w C:\Program Files\Activision
2007-11-07 16:29 --------- d-----w C:\Documents and Settings\MSS\Application Data\ATI
2007-11-07 16:28 --------- d-----w C:\Documents and Settings\MSS\Application Data\Dossier de téléchargement Share-to-Web
2007-11-07 15:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Creative
2007-11-07 14:31 --------- d-----w C:\Documents and Settings\MSS\Application Data\Sonic
2007-11-07 14:31 --------- d-----w C:\Documents and Settings\MSS\Application Data\Leadertech
2007-11-07 12:35 --------- d-----w C:\Documents and Settings\MSS\Application Data\InterVideo
2007-11-07 12:32 --------- d-----w C:\Documents and Settings\MSS\Application Data\Dossier de téléchargement Share-to-Web
2007-10-26 19:25 --------- d-----w C:\Documents and Settings\PBC\Application Data\Skype
2007-10-20 00:43 --------- d-----w C:\Program Files\DivX
2007-10-18 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-11 18:21 --------- d-----w C:\Program Files\Trojan Remover
2007-10-10 19:41 --------- d-----w C:\Program Files\dominions3
2007-06-23 22:29 71,906 ----a-w C:\Documents and Settings\PBC\call.exe
2007-06-23 22:29 240,046 ----a-w C:\Documents and Settings\PBC\services.exe
2007-05-10 09:37 21,638 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2007-05-10 01:28 68,360 ----a-w C:\Documents and Settings\PBC\Application Data\GDIPFONTCACHEV1.DAT
2005-02-04 18:25 68,744 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2005-01-31 03:58 251 -c--a-w C:\Program Files\wt3d.ini
2005-02-18 19:21 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2005-02-07 05:54 56 --sh--r C:\WINDOWS\system32\743449A9FB.sys
2006-10-12 06:38 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 11:00]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe" [2004-01-01 10:42]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 23:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 11:04]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 09:19]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:43]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 09:47]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"CamMonitor"="C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 00:23]
"Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-29 20:17]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 13:12]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11]
"CTHelper"="CTHELPER.EXE" [2003-11-14 01:18 C:\WINDOWS\system32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 13:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-06-13 13:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 02:13 C:\WINDOWS\MIDIDEF.EXE]
"StartMS"="C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.exe" [2003-03-26 13:54]
"CMSRegOW.exe"="C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 01:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^PBC^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\PBC\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-10-18 11:58 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 15:44 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-07-03 00:23 36864 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\pando.exe /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAP]
C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-12 23:06 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]
C:\WINDOWS\system32\WinAvXX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless SoftAP]
C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe /M

R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
R2 PCTWPASV;SoftAP WPA Authenticator Service;"C:\Program Files\Arcadyan Wireless\pctwpasv.exe"
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 DTVFW;DVB-T USB adapter firmware;C:\WINDOWS\system32\DRIVERS\dtvfw.sys
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 usbdtv;DVB-T TV Tuner;C:\WINDOWS\system32\Drivers\usbdtv.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-05-22 08:47:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
"2007-12-03 19:02:20 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - PBC.job"
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 08:26:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 8:29:42 - machine was rebooted
.
--- E O F ---





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:05, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\Documents and Settings\PBC\Bureau\Problème virus au 231107 Merci Chercheur Infodunet\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: bw+0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe

--
End of file - 24135 bytes




SmitFraudFix v2.258

Rapport fait à 7:47:09,70, 08/12/2007
Executé à partir de C:\Documents and Settings\PBC\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 ar.atwola.com
192.168.200.3 atdmt.com
192.168.200.3 avp.ch
192.168.200.3 avp.com
192.168.200.3 avp.ru
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net
192.168.200.3 banners.fastclick.net
192.168.200.3 ca.com
192.168.200.3 click.atdmt.com
192.168.200.3 clicks.atdmt.com
192.168.200.3 customer.symantec.com
192.168.200.3 dispatch.mcafee.com
192.168.200.3 download.mcafee.com
192.168.200.3 downloads-us1.kaspersky-labs.com
192.168.200.3 downloads-us2.kaspersky-labs.com
192.168.200.3 downloads-us3.kaspersky-labs.com
192.168.200.3 downloads1.kaspersky-labs.com
192.168.200.3 downloads2.kaspersky-labs.com
192.168.200.3 downloads3.kaspersky-labs.com
192.168.200.3 downloads4.kaspersky-labs.com
192.168.200.3 engine.awaps.net
192.168.200.3 f-secure.com
192.168.200.3 fastclick.net
192.168.200.3 ftp.avp.ch
192.168.200.3 ftp.downloads1.kaspersky-labs.com
192.168.200.3 ftp.downloads2.kaspersky-labs.com
192.168.200.3 ftp.downloads3.kaspersky-labs.com
192.168.200.3 ftp.f-secure.com
192.168.200.3 ftp.kasperskylab.ru
192.168.200.3 ftp.sophos.com
192.168.200.3 ids.kaspersky-labs.com
192.168.200.3 kaspersky-labs.com
192.168.200.3 kaspersky.com
192.168.200.3 liveupdate.symantec.com
192.168.200.3 liveupdate.symantecliveupdate.com
192.168.200.3 mast.mcafee.com
192.168.200.3 mcafee.com
192.168.200.3 media.fastclick.net
192.168.200.3 my-etrust.com
192.168.200.3 nai.com
192.168.200.3 networkassociates.com
192.168.200.3 norton.com
192.168.200.3 phx.corporate-ir.net
192.168.200.3 rads.mcafee.com
192.168.200.3 secure.nai.com
192.168.200.3 securityresponse.symantec.com
192.168.200.3 service1.symantec.com
192.168.200.3 sophos.com
192.168.200.3 spd.atdmt.com
192.168.200.3 symantec.com
192.168.200.3 trendmicro.com
192.168.200.3 update.symantec.com
192.168.200.3 updates.symantec.com
192.168.200.3 updates1.kaspersky-labs.com
192.168.200.3 updates2.kaspersky-labs.com
192.168.200.3 updates3.kaspersky-labs.com
192.168.200.3 updates4.kaspersky-labs.com
192.168.200.3 updates5.kaspersky-labs.com
192.168.200.3 us.mcafee.com
192.168.200.3 vil.nai.com
192.168.200.3 viruslist.com
192.168.200.3 viruslist.ru
192.168.200.3 virusscan.jotti.org
192.168.200.3 virustotal.com
192.168.200.3 www.avp.ch
192.168.200.3 www.avp.com
192.168.200.3 www.avp.ru
192.168.200.3 www.awaps.net
192.168.200.3 www.ca.com
192.168.200.3 www.f-secure.com
192.168.200.3 www.fastclick.net
192.168.200.3 www.grisoft.com
192.168.200.3 www.kaspersky-labs.com
192.168.200.3 www.kaspersky.com
192.168.200.3 www.kaspersky.ru
192.168.200.3 www.mcafee.com
192.168.200.3 www.my-etrust.com
192.168.200.3 www.nai.com
192.168.200.3 www.networkassociates.com
192.168.200.3 www.sophos.com
192.168.200.3 www.symantec.com
192.168.200.3 www.symantec.com
192.168.200.3 www.trendmicro.com
192.168.200.3 www.viruslist.com
192.168.200.3 www.viruslist.ru
192.168.200.3 www.virustotal.com
192.168.200.3 www3.ca.com

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C4085863-532A-49E3-B63C-D7A768B52AEA}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E81FA634-4E5C-4A73-BBD6-BCDC67821625}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C4085863-532A-49E3-B63C-D7A768B52AEA}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E81FA634-4E5C-4A73-BBD6-BCDC67821625}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C4085863-532A-49E3-B63C-D7A768B52AEA}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E81FA634-4E5C-4A73-BBD6-BCDC67821625}: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.198.2.51 212.198.0.91
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.198.2.51 212.198.0.91


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin






Merci pour ton aide d'expert et les futures actions à entreprendre.
9 Décembre 2007 19:31:08

Bonjour


Relance un scan HijackThis et coche les lignes ci-dessous :

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/ [...] NPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/g [...] ection.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: bw+0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {98A85ABE-FB73-406D-9B3B-B1DC2344AFD7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge R-Hosts
http://siri.urz.free.fr/RHosts.php
Installe le sur le Bureau.
Lance le. Clique sur Restaurer.
Confirme.
Ferme le programme.


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\WinAvXX.exe
C:\Documents and Settings\PBC\call.exe
C:\Documents and Settings\PBC\services.exe
C:\WINDOWS\system32\5006.lps

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
10 Décembre 2007 10:12:51

Bonjour!

Question stupide, je dois le faire en mode sans echec (je veux etre sur)
Bonne journée.
10 Décembre 2007 14:04:32

Non, en mode normal ;) 
11 Décembre 2007 12:09:05

Bonjour chercheur_,

Voilà je viens de tout faire ce que tu m'as dit.

J'ai eu un peu peur car après je n'avais plus internet.
J'ai relancé et tout est redevenu normal :) 

J'ai remarqué que je n'avais plus en icone l'auto protect de Norton (mais il semble être en tâche de fond)

Que puis je faire de plus?

Sinon, je te poste le rapport Combofix demandé.

Merci encore pour ton aide et suivi.


ComboFix 07-12-07.3 - PBC 2007-12-11 11:40:04.2 - NTFSx86
Running from: C:\Documents and Settings\PBC\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\PBC\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\PBC\call.exe
C:\Documents and Settings\PBC\services.exe
C:\WINDOWS\system32\5006.lps
C:\WINDOWS\system32\WinAvXX.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\PBC\call.exe
C:\Documents and Settings\PBC\services.exe
C:\WINDOWS\system32\5006.lps

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-11 to 2007-12-11 ))))))))))))))))))))))))))))))))))))
.

2007-12-01 20:09 . 2007-12-01 20:09 <REP> d-------- C:\Program Files\Lavasoft
2007-12-01 20:09 . 2007-12-01 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-26 10:04 . 2007-12-07 03:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-26 10:04 . 2007-11-26 10:04 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-23 08:57 . 2007-12-08 08:02 291,328 --a------ C:\WINDOWS\system32\libcurl.dll
2007-11-11 12:30 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 10:47 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-11 04:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-11 04:05 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-11 02:57 97,000 ----a-w C:\Documents and Settings\PBC\Application Data\wklnhst.dat
2007-12-11 02:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-09 00:34 --------- d-----w C:\Documents and Settings\PBC\Application Data\Xfire
2007-12-08 08:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 06:48 4,658 ----a-w C:\WINDOWS\system32\tmp.reg
2007-12-08 04:17 --------- d-s---w C:\Program Files\Xfire
2007-12-07 05:01 --------- d-----w C:\Program Files\Call of Duty
2007-12-01 19:14 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-01 19:14 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-01 19:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-01 19:07 --------- d-----w C:\Documents and Settings\PBC\Application Data\Lavasoft
2007-12-01 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-22 01:36 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-10 18:30 --------- d-----w C:\Program Files\Makayama Interactive
2007-11-10 16:41 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-10 16:38 22,328 ----a-w C:\Documents and Settings\PBC\Application Data\PnkBstrK.sys
2007-11-10 16:24 --------- d-----w C:\Program Files\Activision
2007-11-07 16:29 --------- d-----w C:\Documents and Settings\MSS\Application Data\ATI
2007-11-07 16:28 --------- d-----w C:\Documents and Settings\MSS\Application Data\Dossier de téléchargement Share-to-Web
2007-11-07 15:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Creative
2007-11-07 14:31 --------- d-----w C:\Documents and Settings\MSS\Application Data\Sonic
2007-11-07 14:31 --------- d-----w C:\Documents and Settings\MSS\Application Data\Leadertech
2007-11-07 12:35 --------- d-----w C:\Documents and Settings\MSS\Application Data\InterVideo
2007-11-07 12:32 --------- d-----w C:\Documents and Settings\MSS\Application Data\Dossier de téléchargement Share-to-Web
2007-10-26 19:25 --------- d-----w C:\Documents and Settings\PBC\Application Data\Skype
2007-10-20 00:43 --------- d-----w C:\Program Files\DivX
2007-10-18 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-11 18:21 --------- d-----w C:\Program Files\Trojan Remover
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-10-02 14:44 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2007-10-01 11:05 278,528 ----a-w C:\WINDOWS\system32\livesnth.dll
2007-09-20 19:47 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-05-10 09:37 21,638 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2007-05-10 01:28 68,360 ----a-w C:\Documents and Settings\PBC\Application Data\GDIPFONTCACHEV1.DAT
2005-02-04 18:25 68,744 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2005-01-31 03:58 251 -c--a-w C:\Program Files\wt3d.ini
2005-02-18 19:21 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2005-02-07 05:54 56 --sh--r C:\WINDOWS\system32\743449A9FB.sys
2006-10-12 06:38 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-08_ 8.28.50.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-08 08:02:13 10,134 ----a-r C:\WINDOWS\Installer\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\ARPPRODUCTICON.exe
- 2007-05-29 11:55:35 22,112 ----a-r C:\WINDOWS\system32\drivers\COH_Mon.sys
+ 2007-05-29 12:55:35 22,112 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 11:00]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe" [2004-01-01 10:42]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 23:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 11:04]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 09:19]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:43]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 09:47]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"CamMonitor"="C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 00:23]
"Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 C:\WINDOWS\KHALMNPR.Exe]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 13:12]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11]
"CTHelper"="CTHELPER.EXE" [2003-11-14 01:18 C:\WINDOWS\system32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 13:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 02:13 C:\WINDOWS\MIDIDEF.EXE]
"StartMS"="C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.exe" [2003-03-26 13:54]
"CMSRegOW.exe"="C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 01:00]

C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-17]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^PBC^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\PBC\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-10-18 11:58 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 15:44 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-07-03 00:23 36864 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\pando.exe /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAP]
C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-12 23:06 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless SoftAP]
C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe /M

R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
R2 PCTWPASV;SoftAP WPA Authenticator Service;"C:\Program Files\Arcadyan Wireless\pctwpasv.exe"
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 DTVFW;DVB-T USB adapter firmware;C:\WINDOWS\system32\DRIVERS\dtvfw.sys
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 usbdtv;DVB-T TV Tuner;C:\WINDOWS\system32\Drivers\usbdtv.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - PNKBSTRK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-05-22 08:47:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2007-12-03 19:02:20 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - PBC.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 11:47:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 11:48:30
C:\ComboFix2.txt ... 2007-12-08 08:29
.
--- E O F ---

11 Décembre 2007 13:13:31

Re

Je ne sais pas pour l'icône.

Regarde dans les options de Norton.


Poste un nouveau rapport Hijackthis pour contrôle.
13 Décembre 2007 08:22:53

Bonjour chercheur_!

C'est bon, l'icône est revenue :) 

Je te mets le rapport Hijack, pour contrôle.

Merci encore pour ta grande aide, ton expertise, tes conseils (même si j'ai pas tout compris ce que je faisais) et ton suivi tres réactif.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:22:18, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Documents and Settings\PBC\Bureau\Problème virus au 231107 Merci Chercheur Infodunet\HiJackThis.exe
C:\WINDOWS\system32\MsiExec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [StartMS] "C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.EXE" /s (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe

--
End of file - 10996 bytes
28 Décembre 2007 10:01:00

Bonjour!

Désolé pour le retard concernant mes nouvelles. :sleep: 

Globalement, l'ordinateur semble ne plus être infécté même si je perds régulièrement mes barres d'outils Msn et Google quand je surfe (je ne sais pas pourquoi?! :??:  )
De plus, j'ai un message de mon antivirus Norton qui m'indique qu'il est en train de traiter une menace: downloader.
En farfouillant dans l'antivirus, je remarque que le problème serait localisé sur la racine du disque dur dans un répertoire appelé qoobox (je ne sais pas d'où il vient)
Y a t'il une manipulation à faire pour s'en prémunir et savez vous à quoi correspond ce répertoire?

En outre, Voilà je voulais profiter d'un peu de temps pendant ces fêtes de fin d'année pour te remercier chercheur_ pour toute l'aide rapide et éfficace que tu m'as apporté. :wahoo: 

Pour info, je n'ai pas encore passer l'antivirus online Kapersky mais je vais m'y atteler dès que possible. :sol: 

Un grand merci encore à toi ;) 

Passe de bonnes fêtes :) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS