Fenetre intempestive internet explorer

Fermé

rootzy - 4 janv. 2009 à 21:35
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 1 févr. 2009 à 18:53

Bonjour,

depuis qq jours j'ai des fenetres de pubs qui s'ouvrent quand je lance internet explrer. c'est des fenetres de casino ou d'agence de voyage et pleins d'autres (mais pas de cul..,je tenais à le préciser)

Et avast active constament son bouclier réseau mais les fenetres s'ouvre quand même.

J'ai trouvé un post sur le site qui semble résoudre mon problème ( http://www.commentcamarche.net/forum/affich 2655476 fenetre intempestive internet explorer ) mais je ne sais pas si c'est adapté à ma situation et de toute façon il y a un logiciel qui est demandé mais plus dispo (blacklight)

Alors est ce que qq'un peut me donner un coup de main svp.

je vous joint un rapport hijack.

Merci bcp

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:52, on 04/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
F:\avast\aswUpdSv.exe
F:\avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
F:\avast\ashMaiSv.exe
F:\avast\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
F:\mp3 samsung\samsung media studio\SMSTray.exe
F:\HP deskjet 6900\HP Software Update\HPWuSchd2.exe
F:\avast\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
F:\veoh tv\Veoh\VeohClient.exe
F:\HP deskjet 6900\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
F:\HP deskjet 6900\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\HP deskjet 6900\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\HPZipm12.exe
F:\hijackthis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SMSTray] F:\mp3 samsung\samsung media studio\SMSTray.exe
O4 - HKLM\..\Run: [HP Software Update] F:\HP deskjet 6900\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] F:\avast\ashDisp.exe
O4 - HKLM\..\Run: [00020037] rundll32.exe "C:\WINDOWS\system32\siyhmbym.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "F:\veoh tv\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Yannick\Local Settings\Temp\{CCE1F7D4-D12E-4811-91CD-E64BEFAF1D91}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: ASUS
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\HP deskjet 6900\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: bw+0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: oqedrh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\avast\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\avast\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

A voir également:

Fenetre intempestive internet explorer
Telecharger internet explorer - Télécharger - Navigateurs
Internet explorer 8 - Télécharger - Navigateurs
Ouvrir internet explorer - Guide
Internet explorer 9 - Télécharger - Navigateurs
Explorer patcher - Télécharger - Personnalisation

11 réponses

Réponse 1 / 11

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
5 janv. 2009 à 09:44

slt
tu as bien fait de préciser pas d'images de cul :) sinon tu serais pas venu :)

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

rootzy
5 janv. 2009 à 14:03

Merci pour ton aide,

J'ai suivi le tuto à la lettre. Donc normalement pas de pb.

Voici le rapport de combofix.
J'attends tes instructions.

encore merci et @+

ComboFix 09-01-04.01 - Yannick 2009-01-05 13:52:29.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1540 [GMT 1:00]
Lancé depuis: c:\documents and settings\Yannick\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Yannick\Application Data\comctl32.dll
c:\windows\system32\atsweajb.dll
c:\windows\system32\axnkhi.dll
c:\windows\system32\bfyune.dll
c:\windows\system32\byXPJDSl.dll
c:\windows\system32\cfeccqeg.ini
c:\windows\system32\dhjwqohj.ini
c:\windows\system32\evbgbclh.ini
c:\windows\system32\fccaxuVo.dll
c:\windows\system32\fexbihba.dll
c:\windows\system32\idpgpkcr.dll
c:\windows\system32\JTAKnnmp.ini
c:\windows\system32\JTAKnnmp.ini2
c:\windows\system32\lcvpkk.dll
c:\windows\system32\lioekuxn.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mybmhyis.ini
c:\windows\system32\nojdzl.dll
c:\windows\system32\nukocwnc.dll
c:\windows\system32\oqedrh.dll
c:\windows\system32\pcyjsrdl.ini
c:\windows\system32\pmnnKATJ.dll
c:\windows\system32\sAKUDfhk.ini
c:\windows\system32\sAKUDfhk.ini2
c:\windows\system32\sctmurme.ini
c:\windows\system32\siyhmbym.dll
c:\windows\system32\tgdrlx.dll
c:\windows\system32\tmp70.tmp
c:\windows\system32\tuvUNfGV.dll
c:\windows\system32\tvhzsk.dll
c:\windows\system32\tvltavrp.ini
c:\windows\system32\ucnwnulp.dll
c:\windows\system32\ujlbvtfd.ini
c:\windows\system32\ulxgsyri.dll
c:\windows\system32\uuiphjlp.dll
c:\windows\system32\xncpayjx.dll
c:\windows\system32\zmfmoi.dll
F:\Autorun.inf
G:\Autorun.inf

----- BITS: Il y a peut-être des sites infectés -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-05 au 2009-01-05 ))))))))))))))))))))))))))))))))))))
.

2008-12-26 13:12 . 2008-12-26 13:12 400,404 --a------ c:\documents and settings\Yannick\Application Data\irbegdup.dll
2008-12-26 13:11 . 2008-12-26 13:11 400,404 --a------ c:\documents and settings\Yannick\Application Data\njkrhhrc.dll
2008-12-26 13:10 . 2008-12-26 13:10 400,404 --a------ c:\documents and settings\Yannick\Application Data\rtlfjhfj.dll
2008-12-23 22:03 . 2009-01-05 13:57 <REP> d-------- c:\documents and settings\Yannick\Tracing
2008-12-23 22:02 . 2008-12-23 22:02 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2008-12-23 22:02 . 2008-12-23 22:02 <REP> d-------- c:\program files\Microsoft
2008-12-23 22:01 . 2008-12-23 22:01 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-23 21:54 . 2008-12-23 21:54 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-22 18:40 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2008-12-22 18:40 . 2001-08-17 21:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 12:54 --------- d-----w c:\program files\SuperCopier2
2008-12-28 21:48 --------- d-----w c:\documents and settings\Yannick\Application Data\uTorrent
2008-12-28 17:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-23 21:01 --------- d-----w c:\program files\Windows Live
2008-12-13 16:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-15 16:35 --------- d-----w c:\program files\Microsoft Works
2008-11-15 16:34 --------- d-----w c:\program files\Microsoft.NET
2008-11-15 16:32 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-11-05 12:36 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 10:38 663,552 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-04-22 32768]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 68856]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2005-08-17 1048576]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-14 1057280]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Veoh"="f:\veoh tv\Veoh\VeohClient.exe" [2008-08-28 3660848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2008-06-09 287984]
"SMSTray"="f:\mp3 samsung\samsung media studio\SMSTray.exe" [2007-09-20 132624]
"HP Software Update"="f:\hp deskjet 6900\HP Software Update\HPWuSchd2.exe" [2005-09-23 49152]
"avast!"="f:\avast\ashDisp.exe" [2008-11-26 81000]
"nwiz"="nwiz.exe" [2005-04-01 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - f:\hp deskjet 6900\Digital Imaging\bin\hpqtra08.exe [2005-09-23 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-22 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-22 450560]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ASUS\ASUS Splendid
ASUS Splendid.lnk - c:\program files\ASUS\ASUS Splendid\ASUSplendid.exe [2008-04-22 651264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\irbegdup]
2008-12-26 13:12 400404 c:\documents and settings\Yannick\Application Data\irbegdup.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=oqedrh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\CYBERL~1\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM
"vidc.asv2"= asusasv2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"f:\\e-mule\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"f:\\football manager 08\\fm.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\veoh tv\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-27 111184]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2006-03-21 402944]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D.sys [2004-07-06 44544]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-27 20560]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-04-22 2831232]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS --> c:\program files\WinFast\WFDTV\WFIOCTL.SYS [?]

---- Other Services/Drivers In Memory ----

mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a93a571-b803-11dd-bb81-000138a678d3}]
\Shell\Auto\command - H:\oaqcxmcmf.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL oaqcxmcmf.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7fe7220-6632-11dd-bb2b-000138a678d3}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db478c90-108f-11dd-8407-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{316eb9c0-2378-4a68-a350-dde51f29d6f4} - c:\windows\system32\oqedrh.dll
BHO-{443C3781-E516-4FEA-AB2A-A37177667C6A} - c:\windows\system32\khfDUKAs.dll
BHO-{62D09891-8931-4BDC-95D5-BE2E5DBDD8E4} - c:\windows\system32\pmnnKATJ.dll

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 13:55:25
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Yannick\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\documents and settings\Yannick\Application Data\irbegdup.dll
.
------------------------ Autres processus actifs ------------------------
.
f:\avast\aswUpdSv.exe
f:\avast\ashServ.exe
c:\windows\system32\rundll32.exe
c:\windows\ATKKBService.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
f:\avast\ashMaiSv.exe
f:\avast\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
f:\hp deskjet 6900\Digital Imaging\bin\hpqste08.exe
f:\hp deskjet 6900\Digital Imaging\bin\hpqnrs08.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Heure de fin: 2009-01-05 13:59:05 - La machine a redémarré [Yannick]
ComboFix-quarantined-files.txt 2009-01-05 12:59:02

Avant-CF: 67 666 903 040 octets libres
Après-CF: 68,179,308,544 octets libres

231 --- E O F --- 2008-12-21 09:57:36

Réponse 2 / 11

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
5 janv. 2009 à 18:25

analyse ces 3 fichiers sur virus total et colle les rapports:

c:\documents and settings\Yannick\Application Data\irbegdup.dll
c:\documents and settings\Yannick\Application Data\njkrhhrc.dll
c:\documents and settings\Yannick\Application Data\rtlfjhfj.dll

____________

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:files
c:\docume~1\Yannick\LOCALS~1\Temp\mc22.tmp
:reg
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"=-

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________________

Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

rootzy
5 janv. 2009 à 19:07

dans un 1er tps les rapports des 3 fichiers analysé par virus total:

Fichier irbegdup.dll reçu le 2009.01.05 18:44:10 (CET)
Situation actuelle: terminé
Résultat: 5/38 (13.16%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.05 -
AhnLab-V3 2009.1.5.3 2009.01.05 -
AntiVir 7.9.0.45 2009.01.05 -
Authentium 5.1.0.4 2009.01.04 W32/AdAgent.B.gen!Eldorado
Avast 4.8.1281.0 2009.01.05 -
AVG 8.0.0.199 2009.01.05 -
BitDefender 7.2 2009.01.05 -
CAT-QuickHeal 10.00 2009.01.05 -
ClamAV 0.94.1 2009.01.05 -
Comodo 878 2009.01.05 -
DrWeb 4.44.0.09170 2009.01.05 BACKDOOR.Trojan
eTrust-Vet 31.6.6289 2009.01.02 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.04 W32/AdAgent.B.gen!Eldorado
F-Secure 8.0.14470.0 2009.01.05 -
Fortinet 3.117.0.0 2009.01.05 -
GData 19 2009.01.05 -
Ikarus T3.1.1.45.0 2009.01.05 -
K7AntiVirus 7.10.576 2009.01.05 -
Kaspersky 7.0.0.125 2009.01.05 -
McAfee 5485 2009.01.05 -
McAfee+Artemis 5485 2009.01.05 -
Microsoft 1.4205 2009.01.05 -
NOD32 3739 2009.01.05 probably a variant of Win32/Adware.SecToolbar
Norman 5.80.02 2009.01.02 -
Panda 9.0.0.4 2009.01.05 -
PCTools 4.4.2.0 2009.01.05 -
Prevx1 V2 2009.01.05 -
Rising 21.11.02.00 2009.01.05 -
SecureWeb-Gateway 6.7.6 2009.01.05 -
Sophos 4.37.0 2009.01.05 Mal/Behav-027
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.05 -
TheHacker 6.3.1.4.205 2009.01.05 -
TrendMicro 8.700.0.1004 2009.01.05 -
VBA32 3.12.8.10 2009.01.05 -
ViRobot 2009.1.5.1544 2009.01.05 -
VirusBuster 4.5.11.0 2009.01.05 -

Fichier njkrhhrc.dll reçu le 2009.01.05 18:47:14 (CET)
Situation actuelle: terminé
Résultat: 5/38 (13.16%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.05 -
AhnLab-V3 2009.1.5.3 2009.01.05 -
AntiVir 7.9.0.45 2009.01.05 -
Authentium 5.1.0.4 2009.01.04 W32/AdAgent.B.gen!Eldorado
Avast 4.8.1281.0 2009.01.05 -
AVG 8.0.0.199 2009.01.05 -
BitDefender 7.2 2009.01.05 -
CAT-QuickHeal 10.00 2009.01.05 -
ClamAV 0.94.1 2009.01.05 -
Comodo 878 2009.01.05 -
DrWeb 4.44.0.09170 2009.01.05 BACKDOOR.Trojan
eTrust-Vet 31.6.6287 2009.01.01 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.04 W32/AdAgent.B.gen!Eldorado
F-Secure 8.0.14470.0 2009.01.05 -
Fortinet 3.117.0.0 2009.01.05 -
GData 19 2009.01.05 -
Ikarus T3.1.1.45.0 2009.01.05 -
K7AntiVirus 7.10.576 2009.01.05 -
Kaspersky 7.0.0.125 2009.01.05 -
McAfee 5485 2009.01.05 -
McAfee+Artemis 5485 2009.01.05 -
Microsoft 1.4205 2009.01.05 -
NOD32 3739 2009.01.05 probably a variant of Win32/Adware.SecToolbar
Norman 5.80.02 2009.01.02 -
Panda 9.0.0.4 2009.01.05 -
PCTools 4.4.2.0 2009.01.05 -
Prevx1 V2 2009.01.05 -
Rising 21.11.02.00 2009.01.05 -
SecureWeb-Gateway 6.7.6 2009.01.05 -
Sophos 4.37.0 2009.01.05 Mal/Behav-027
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.05 -
TheHacker 6.3.1.4.205 2009.01.05 -
TrendMicro 8.700.0.1004 2009.01.05 -
VBA32 3.12.8.10 2009.01.05 -
ViRobot 2009.1.5.1544 2009.01.05 -
VirusBuster 4.5.11.0 2009.01.05 -

Fichier rtlfjhfj.dll reçu le 2009.01.05 18:51:36 (CET)
Situation actuelle: terminé
Résultat: 5/38 (13.16%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.05 -
AhnLab-V3 2009.1.5.3 2009.01.05 -
AntiVir 7.9.0.45 2009.01.05 -
Authentium 5.1.0.4 2009.01.04 W32/AdAgent.B.gen!Eldorado
Avast 4.8.1281.0 2009.01.05 -
AVG 8.0.0.199 2009.01.05 -
BitDefender 7.2 2009.01.05 -
CAT-QuickHeal 10.00 2009.01.05 -
ClamAV 0.94.1 2009.01.05 -
Comodo 878 2009.01.05 -
DrWeb 4.44.0.09170 2009.01.05 BACKDOOR.Trojan
eTrust-Vet 31.6.6287 2009.01.01 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.04 W32/AdAgent.B.gen!Eldorado
F-Secure 8.0.14470.0 2009.01.05 -
Fortinet 3.117.0.0 2009.01.05 -
GData 19 2009.01.05 -
Ikarus T3.1.1.45.0 2009.01.05 -
K7AntiVirus 7.10.576 2009.01.05 -
Kaspersky 7.0.0.125 2009.01.05 -
McAfee 5485 2009.01.05 -
McAfee+Artemis 5485 2009.01.05 -
Microsoft 1.4205 2009.01.05 -
NOD32 3739 2009.01.05 probably a variant of Win32/Adware.SecToolbar
Norman 5.80.02 2009.01.02 -
Panda 9.0.0.4 2009.01.05 -
PCTools 4.4.2.0 2009.01.05 -
Prevx1 V2 2009.01.05 -
Rising 21.11.02.00 2009.01.05 -
SecureWeb-Gateway 6.7.6 2009.01.05 -
Sophos 4.37.0 2009.01.05 Mal/Behav-027
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.05 -
TheHacker 6.3.1.4.205 2009.01.05 -
TrendMicro 8.700.0.1004 2009.01.05 -
VBA32 3.12.8.10 2009.01.05 -
ViRobot 2009.1.5.1544 2009.01.05 -
VirusBuster 4.5.11.0 2009.01.05 -

---------------------------------------------------------------------------------------

Dans un 2ème tps le rapport de OTMOVEIT

========== FILES ==========
File/Folder c:\docume~1\Yannick\LOCALS~1\Temp\mc22.tmp not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv\\ not found.
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01052009_185352

-----------------------------------------------------------------------------------------

Et enfin le rapport de usbFix

-------------- UsbFix V2.413.9 ---------------

* User : Yannick - SCHIRCH
* Outils mis a jours le 05/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 18:58:29 le 05/01/2009
* Windows Xp - Internet Explorer 6.0.2900.2180

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
F:\avast\aswUpdSv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
F:\avast\ashServ.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur fixe

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[22/04/2008 16:32][--a------] C:\AUTOEXEC.BAT
[03/08/2004 21:38][-rahs----] C:\NTDETECT.COM
[05/01/2009 13:49][-rahs----] C:\boot.ini
[05/01/2009 13:59][--a------] C:\ComboFix.txt
[05/01/2009 13:59][--a------] C:\UsbFix.txt
[22/04/2008 16:32][--a------] C:\CONFIG.SYS
[22/04/2008 16:32][--a------] C:\IO.SYS
[22/04/2008 16:32][--a------] C:\MSDOS.SYS
[22/04/2008 16:32][--a------] C:\pagefile.sys

--------------- [ Lecteur F ] ----------------

F: - Lecteur fixe

+- Listing des fichiers présents :

--------------- [ Lecteur G ] ----------------

G: - Lecteur fixe

+- Listing des fichiers présents :

[26/06/2007 12:02][--a------] G:\Setup.exe
[26/06/2007 12:02][--a------] G:\aaqkkvvyf.exe

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ASUS SmartDoctor=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
TomTomHOME.exe="C:\Program Files\TomTom HOME 2\HOMERunner.exe"
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
Veoh="F:\veoh tv\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
RemoteControl=C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader\Reader_sl.exe"
PCMService="C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
SoundMan=SOUNDMAN.EXE
Autoconfigurateur WiFi Neuf="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
SMSTray=F:\mp3 samsung\samsung media studio\SMSTray.exe
HP Software Update=F:\HP deskjet 6900\HP Software Update\HPWuSchd2.exe
avast!=F:\avast\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a93a571-b803-11dd-bb81-000138a678d3}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7fe7220-6632-11dd-bb2b-000138a678d3}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db478c90-108f-11dd-8407-806d6172696f}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [22/12/2008 18:56][--ahs----] F:\THUMBS.DB
Supprimé ! - [26/06/2007 12:02][--a------] G:\Setup.exe
Supprimé ! - [17/01/2008 19:05][d--------] G:\AutoRun

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[22/04/2008 16:32][--a------] C:\AUTOEXEC.BAT
[03/08/2004 21:38][-rahs----] C:\NTDETECT.COM
[05/01/2009 13:49][-rahs----] C:\boot.ini
[23/11/2008 23:25][-rahs----] G:\aaqkkvvyf.exe

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
G:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------

------------------------------------------------------------------------------------------

Voilà c'est fait

y a t-il encore qqch à faire?

Réponse 3 / 11

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
5 janv. 2009 à 19:10

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:files
c:\documents and settings\Yannick\Application Data\irbegdup.dll
c:\documents and settings\Yannick\Application Data\njkrhhrc.dll
c:\documents and settings\Yannick\Application Data\rtlfjhfj.dll
G:\aaqkkvvyf.exe
c:\docume~1\Yannick\LOCALS~1\Temp\mc22.tmp
:reg
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"=-

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________________

encore des soucis?

rootzy
5 janv. 2009 à 19:29

Error: Unable to interpret <files > in the current context!
Error: Unable to interpret <c:\documents and settings\Yannick\Application Data\irbegdup.dll > in the current context!
Error: Unable to interpret <c:\documents and settings\Yannick\Application Data\njkrhhrc.dll > in the current context!
Error: Unable to interpret <c:\documents and settings\Yannick\Application Data\rtlfjhfj.dll > in the current context!
Error: Unable to interpret <G:\aaqkkvvyf.exe > in the current context!
Error: Unable to interpret <c:\docume~1\Yannick\LOCALS~1\Temp\mc22.tmp > in the current context!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv\\ not found.
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01052009_192715

-------------------------------------------------------------------------------------------------------

non je n'ai plus de pub qui s'ouvre pour le moment

Réponse 4 / 11

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
6 janv. 2009 à 10:51

tu avais bien mis :files au debut de la procedure otmovit???? refais

ou vire manuellement ces fichiers:

c:\documents and settings\Yannick\Application Data\irbegdup.dll
c:\documents and settings\Yannick\Application Data\njkrhhrc.dll
c:\documents and settings\Yannick\Application Data\rtlfjhfj.dll
G:\aaqkkvvyf.exe

pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

ANTIVIR ou AVG8 ou (AVAST )
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/

rootzy
6 janv. 2009 à 19:04

J'ai refias l'opération, cette fois ça semble avoir marché. Voilà le rapport

Par contre il à demandé un redemarrage. j'ai accepté mais l'ordi ne se rallumait plus (5 ou 6 tentative). j'ai alors debrancher mon DD externe et il est reparti. Est ce normal??
Et quand windows s'est relancé il a ouvert une fenetre: "windows installer"

========== FILES ==========
c:\documents and settings\Yannick\Application Data\irbegdup.dll unregistered successfully.
File move failed. c:\documents and settings\Yannick\Application Data\irbegdup.dll scheduled to be moved on reboot.
c:\documents and settings\Yannick\Application Data\njkrhhrc.dll unregistered successfully.
c:\documents and settings\Yannick\Application Data\njkrhhrc.dll moved successfully.
c:\documents and settings\Yannick\Application Data\rtlfjhfj.dll unregistered successfully.
c:\documents and settings\Yannick\Application Data\rtlfjhfj.dll moved successfully.
G:\aaqkkvvyf.exe moved successfully.
File/Folder c:\docume~1\Yannick\LOCALS~1\Temp\mc22.tmp not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv\\ not found.
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01062009_185102

Files moved on Reboot...
c:\documents and settings\Yannick\Application Data\irbegdup.dll unregistered successfully.
File move failed. c:\documents and settings\Yannick\Application Data\irbegdup.dll scheduled to be moved on reboot.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 11

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
6 janv. 2009 à 19:41

remets un rapport combofix pour verifier

rootzy
6 janv. 2009 à 22:39

ComboFix 09-01-04.01 - Yannick 2009-01-06 22:30:23.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1586 [GMT 1:00]
Lancé depuis: c:\documents and settings\Yannick\Bureau\ComboFix.exe
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-06 au 2009-01-06 ))))))))))))))))))))))))))))))))))))
.

2009-01-05 18:55 . 2009-01-05 18:59 <REP> d-------- c:\program files\UsbFix
2009-01-05 18:53 . 2009-01-05 18:53 <REP> d-------- C:\_OTMoveIt
2008-12-26 13:12 . 2008-12-26 13:12 400,404 --a------ c:\documents and settings\Yannick\Application Data\irbegdup.dll
2008-12-23 22:03 . 2009-01-06 18:58 <REP> d-------- c:\documents and settings\Yannick\Tracing
2008-12-23 22:02 . 2008-12-23 22:02 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2008-12-23 22:02 . 2008-12-23 22:02 <REP> d-------- c:\program files\Microsoft
2008-12-23 22:01 . 2008-12-23 22:01 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-23 21:54 . 2008-12-23 21:54 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-22 18:40 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2008-12-22 18:40 . 2001-08-17 21:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 21:30 --------- d-----w c:\program files\SuperCopier2
2008-12-28 21:48 --------- d-----w c:\documents and settings\Yannick\Application Data\uTorrent
2008-12-28 17:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-23 21:01 --------- d-----w c:\program files\Windows Live
2008-12-13 16:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-15 16:35 --------- d-----w c:\program files\Microsoft Works
2008-11-15 16:34 --------- d-----w c:\program files\Microsoft.NET
2008-11-15 16:32 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-11-05 12:36 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 10:38 663,552 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_13.58.09.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-23 21:03:36 80,395 ----a-r c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
+ 2009-01-06 17:58:15 80,395 ----a-r c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
+ 2009-01-06 17:32:01 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5d0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-04-22 32768]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 68856]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2005-08-17 1048576]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-14 1057280]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Veoh"="f:\veoh tv\Veoh\VeohClient.exe" [2008-08-28 3660848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2008-06-09 287984]
"SMSTray"="f:\mp3 samsung\samsung media studio\SMSTray.exe" [2007-09-20 132624]
"HP Software Update"="f:\hp deskjet 6900\HP Software Update\HPWuSchd2.exe" [2005-09-23 49152]
"avast!"="f:\avast\ashDisp.exe" [2008-11-26 81000]
"nwiz"="nwiz.exe" [2005-04-01 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - f:\hp deskjet 6900\Digital Imaging\bin\hpqtra08.exe [2005-09-23 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-22 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-22 450560]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ASUS\ASUS Splendid
ASUS Splendid.lnk - c:\program files\ASUS\ASUS Splendid\ASUSplendid.exe [2008-04-22 651264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\irbegdup]
2008-12-26 13:12 400404 c:\documents and settings\Yannick\Application Data\irbegdup.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=oqedrh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\CYBERL~1\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM
"vidc.asv2"= asusasv2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"f:\\e-mule\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"f:\\football manager 08\\fm.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\veoh tv\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-27 111184]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2006-03-21 402944]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D.sys [2004-07-06 44544]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-27 20560]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-04-22 2831232]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS --> c:\program files\WinFast\WFDTV\WFIOCTL.SYS [?]

---- Other Services/Drivers In Memory ----

mchInjDrv
.
.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 22:31:48
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Yannick\LOCALS~1\Temp\mc21.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\documents and settings\Yannick\Application Data\irbegdup.dll
.
Heure de fin: 2009-01-06 22:32:35
ComboFix-quarantined-files.txt 2009-01-06 21:32:21
ComboFix2.txt 2009-01-05 12:59:07

Avant-CF: 68 143 661 056 octets libres
Après-CF: 68,177,211,392 octets libres

154 --- E O F --- 2008-12-21 09:57:36

Réponse 6 / 11

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
7 janv. 2009 à 11:10

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:processus
explorer.exe
:files
c:\docume~1\Yannick\LOCALS~1\Temp\mc21.tmp
c:\documents and settings\Yannick\Application Data\irbegdup.dll
:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\irbegdup]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Yannick\LOCALS~1\Temp\mc21.tmp"
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

Réponse 7 / 11

rootzy
7 janv. 2009 à 18:32

Error: Unable to interpret <:processus > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== FILES ==========
File/Folder c:\docume~1\Yannick\LOCALS~1\Temp\mc21.tmp not found.
c:\documents and settings\Yannick\Application Data\irbegdup.dll unregistered successfully.
File move failed. c:\documents and settings\Yannick\Application Data\irbegdup.dll scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\irbegdup\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv\\ not found.
HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv\\"ImagePath"|"\??\c:\docume~1\Yannick\LOCALS~1\Temp\mc21.tmp" /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Yannick\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Yannick\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Yannick\LOCALS~1\Temp\Perflib_Perfdata_944.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Yannick\LOCALS~1\Temp\~DF2CF8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5f0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01072009_182709

Files moved on Reboot...
c:\documents and settings\Yannick\Application Data\irbegdup.dll unregistered successfully.
File move failed. c:\documents and settings\Yannick\Application Data\irbegdup.dll scheduled to be moved on reboot.
C:\DOCUME~1\Yannick\LOCALS~1\Temp\hpodvd09.log moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Yannick\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\Yannick\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\Yannick\LOCALS~1\Temp\IadHide5.dll moved successfully.
File C:\DOCUME~1\Yannick\LOCALS~1\Temp\Perflib_Perfdata_944.dat not found!
C:\DOCUME~1\Yannick\LOCALS~1\Temp\~DF2CF8.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_5f0.dat moved successfully.

Réponse 8 / 11

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
7 janv. 2009 à 20:03

tu avais bien mis :

:processus

au depart de la procedure? sinon refais

rootzy
7 janv. 2009 à 20:47

ouai j'ai refais mais il me donne la même chose

rootzy
26 janv. 2009 à 14:10

salut,

dsl pour le retard, j'étais en vacance je ne suis rentré qu'hier...

J'ai fais ce que tu m'as demandé.
voici les rapports.

COMBOFIX:

ComboFix 09-01-21.04 - Yannick 2009-01-26 13:56:44.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1612 [GMT 1:00]
Lancé depuis: c:\documents and settings\Yannick\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Yannick\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1296 [VPS 090125-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
c:\docume~1\Yannick\LOCALS~1\Temp\mc21.tmp
c:\documents and settings\Yannick\Application Data\irbegdup.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Yannick\Application Data\irbegdup.dll
.
---- Exécution préalable -------
.
c:\documents and settings\Yannick\Application Data\irbegdup.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-26 au 2009-01-26 ))))))))))))))))))))))))))))))))))))
.

2009-01-05 18:55 . 2009-01-05 18:59 <REP> d-------- c:\program files\UsbFix
2009-01-05 18:53 . 2009-01-05 18:53 <REP> d-------- C:\_OTMoveIt

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 12:51 --------- d-----w c:\program files\SuperCopier2
2009-01-26 11:46 --------- d-----w c:\documents and settings\Yannick\Application Data\uTorrent
2008-12-28 17:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-23 21:02 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-12-23 21:02 --------- d-----w c:\program files\Microsoft
2008-12-23 21:01 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-23 21:01 --------- d-----w c:\program files\Windows Live
2008-12-23 20:54 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-13 16:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_13.58.09.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-23 21:03:36 80,395 ----a-r c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
+ 2009-01-06 17:58:15 80,395 ----a-r c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2008-11-16 02:09:47 282,928 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-09 07:42:20 282,928 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-26 12:59:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-04-22 32768]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 68856]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2005-08-17 1048576]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-14 1057280]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Veoh"="f:\veoh tv\Veoh\VeohClient.exe" [2008-08-28 3660848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2008-06-09 287984]
"SMSTray"="f:\mp3 samsung\samsung media studio\SMSTray.exe" [2007-09-20 132624]
"HP Software Update"="f:\hp deskjet 6900\HP Software Update\HPWuSchd2.exe" [2005-09-23 49152]
"avast!"="f:\avast\ashDisp.exe" [2008-11-26 81000]
"nwiz"="nwiz.exe" [2005-04-01 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - f:\hp deskjet 6900\Digital Imaging\bin\hpqtra08.exe [2005-09-23 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-22 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-22 450560]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ASUS\ASUS Splendid
ASUS Splendid.lnk - c:\program files\ASUS\ASUS Splendid\ASUSplendid.exe [2008-04-22 651264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=oqedrh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\CYBERL~1\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM
"vidc.asv2"= asusasv2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"f:\\e-mule\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"f:\\football manager 08\\fm.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\veoh tv\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-27 111184]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2006-03-21 402944]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-27 20560]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-04-22 2831232]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS --> c:\program files\WinFast\WFDTV\WFIOCTL.SYS [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
.
.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 13:59:30
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Yannick\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Autres processus actifs ------------------------
.
f:\avast\aswUpdSv.exe
f:\avast\ashServ.exe
c:\windows\ATKKBService.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
f:\avast\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
f:\hp deskjet 6900\Digital Imaging\bin\hpqste08.exe
f:\hp deskjet 6900\Digital Imaging\bin\hpqnrs08.exe
c:\program files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
c:\windows\system32\HPZinw12.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Heure de fin: 2009-01-26 14:02:37 - La machine a redémarré [Yannick]
ComboFix-quarantined-files.txt 2009-01-26 13:02:34
ComboFix2.txt 2009-01-06 21:32:36
ComboFix3.txt 2009-01-05 12:59:07

Avant-CF: 67,820,851,200 octets libres
Après-CF: 67,812,458,496 octets libres

167 --- E O F --- 2008-12-21 09:57:36

HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:34, on 26/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
F:\avast\aswUpdSv.exe
F:\avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
F:\avast\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\Adobe\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
F:\mp3 samsung\samsung media studio\SMSTray.exe
F:\HP deskjet 6900\HP Software Update\HPWuSchd2.exe
F:\avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Messenger\msmsgs.exe
F:\veoh tv\Veoh\VeohClient.exe
F:\HP deskjet 6900\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\HP deskjet 6900\Digital Imaging\bin\hpqSTE08.exe
F:\HP deskjet 6900\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZinw12.exe
F:\hijackthis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SMSTray] F:\mp3 samsung\samsung media studio\SMSTray.exe
O4 - HKLM\..\Run: [HP Software Update] F:\HP deskjet 6900\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] F:\avast\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "F:\veoh tv\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Yannick\Local Settings\Temp\{CCE1F7D4-D12E-4811-91CD-E64BEFAF1D91}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: ASUS
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\HP deskjet 6900\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: bw+0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: oqedrh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\avast\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\avast\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Réponse 9 / 11

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 janv. 2009 à 10:46

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
c:\docume~1\Yannick\LOCALS~1\Temp\mc21.tmp
c:\documents and settings\Yannick\Application Data\irbegdup.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\irbegdup]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Yannick\LOCALS~1\Temp\mc21.tmp"

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

rootzy
26 janv. 2009 à 22:17

Je reposte car ma réponse est dans le désordre.

salut,

dsl pour le retard, j'étais en vacance je ne suis rentré qu'hier...

J'ai fais ce que tu m'as demandé.
voici les rapports.

COMBOFIX:

ComboFix 09-01-21.04 - Yannick 2009-01-26 13:56:44.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1612 [GMT 1:00]
Lancé depuis: c:\documents and settings\Yannick\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Yannick\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1296 [VPS 090125-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
c:\docume~1\Yannick\LOCALS~1\Temp\mc21.tmp
c:\documents and settings\Yannick\Application Data\irbegdup.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Yannick\Application Data\irbegdup.dll
.
---- Exécution préalable -------
.
c:\documents and settings\Yannick\Application Data\irbegdup.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-26 au 2009-01-26 ))))))))))))))))))))))))))))))))))))
.

2009-01-05 18:55 . 2009-01-05 18:59 <REP> d-------- c:\program files\UsbFix
2009-01-05 18:53 . 2009-01-05 18:53 <REP> d-------- C:\_OTMoveIt

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 12:51 --------- d-----w c:\program files\SuperCopier2
2009-01-26 11:46 --------- d-----w c:\documents and settings\Yannick\Application Data\uTorrent
2008-12-28 17:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-23 21:02 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-12-23 21:02 --------- d-----w c:\program files\Microsoft
2008-12-23 21:01 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-23 21:01 --------- d-----w c:\program files\Windows Live
2008-12-23 20:54 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-13 16:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_13.58.09.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-23 21:03:36 80,395 ----a-r c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
+ 2009-01-06 17:58:15 80,395 ----a-r c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2008-11-16 02:09:47 282,928 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-09 07:42:20 282,928 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-26 12:59:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-04-22 32768]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 68856]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2005-08-17 1048576]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-14 1057280]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Veoh"="f:\veoh tv\Veoh\VeohClient.exe" [2008-08-28 3660848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2008-06-09 287984]
"SMSTray"="f:\mp3 samsung\samsung media studio\SMSTray.exe" [2007-09-20 132624]
"HP Software Update"="f:\hp deskjet 6900\HP Software Update\HPWuSchd2.exe" [2005-09-23 49152]
"avast!"="f:\avast\ashDisp.exe" [2008-11-26 81000]
"nwiz"="nwiz.exe" [2005-04-01 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - f:\hp deskjet 6900\Digital Imaging\bin\hpqtra08.exe [2005-09-23 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-22 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-22 450560]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ASUS\ASUS Splendid
ASUS Splendid.lnk - c:\program files\ASUS\ASUS Splendid\ASUSplendid.exe [2008-04-22 651264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=oqedrh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\CYBERL~1\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM
"vidc.asv2"= asusasv2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"f:\\e-mule\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"f:\\football manager 08\\fm.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\veoh tv\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-27 111184]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2006-03-21 402944]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-27 20560]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-04-22 2831232]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS --> c:\program files\WinFast\WFDTV\WFIOCTL.SYS [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
.
.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 13:59:30
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Yannick\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Autres processus actifs ------------------------
.
f:\avast\aswUpdSv.exe
f:\avast\ashServ.exe
c:\windows\ATKKBService.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
f:\avast\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
f:\hp deskjet 6900\Digital Imaging\bin\hpqste08.exe
f:\hp deskjet 6900\Digital Imaging\bin\hpqnrs08.exe
c:\program files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
c:\windows\system32\HPZinw12.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Heure de fin: 2009-01-26 14:02:37 - La machine a redémarré [Yannick]
ComboFix-quarantined-files.txt 2009-01-26 13:02:34
ComboFix2.txt 2009-01-06 21:32:36
ComboFix3.txt 2009-01-05 12:59:07

Avant-CF: 67,820,851,200 octets libres
Après-CF: 67,812,458,496 octets libres

167 --- E O F --- 2008-12-21 09:57:36

HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:34, on 26/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
F:\avast\aswUpdSv.exe
F:\avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
F:\avast\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\Adobe\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
F:\mp3 samsung\samsung media studio\SMSTray.exe
F:\HP deskjet 6900\HP Software Update\HPWuSchd2.exe
F:\avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Messenger\msmsgs.exe
F:\veoh tv\Veoh\VeohClient.exe
F:\HP deskjet 6900\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\HP deskjet 6900\Digital Imaging\bin\hpqSTE08.exe
F:\HP deskjet 6900\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZinw12.exe
F:\hijackthis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SMSTray] F:\mp3 samsung\samsung media studio\SMSTray.exe
O4 - HKLM\..\Run: [HP Software Update] F:\HP deskjet 6900\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] F:\avast\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "F:\veoh tv\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Yannick\Local Settings\Temp\{CCE1F7D4-D12E-4811-91CD-E64BEFAF1D91}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: ASUS
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\HP deskjet 6900\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com
O18 - Protocol: bw+0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7F776B0D-AFAC-4B5C-830C-1AFAA0C3D0AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: oqedrh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\avast\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\avast\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

End of file - 19887 bytes

Réponse 10 / 11

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
29 janv. 2009 à 19:03

télécharge OTMoveIt

http://oldtimer.geekstogo.com/OTMoveIt3.exe

(de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

:files
c:\docume~1\Yannick\LOCALS~1\Temp\mc22.tmp
:reg
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Yannick\LOCALS~1\Temp\mc22.tmp"

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_________________________

mets a jour internet explorer :

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

___________________________

scan en ligne chez bitdefender et colle le rapport:
http://www.bitdefender.fr/scan_fr/scan8/ie.html

huca
30 janv. 2009 à 19:55

rapport OTMOVEIT

========== FILES ==========
File/Folder c:\docume~1\Yannick\LOCALS~1\Temp\mc22.tmp not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv\\ not found.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv\\"ImagePath"|"\??\c:\docume~1\Yannick\LOCALS~1\Temp\mc22.tmp" /E : value set successfully!

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01302009_195324

rootzy > huca
30 janv. 2009 à 20:34

et voila le rapport bitdefender:

pour info le message posté par huca c'est le mien ( juste une erreur de frappe)

BitDefender Online Scanner

Rapport d'analyse généré à: Fri, Jan 30, 2009 - 20:29:28

Voie d'analyse: C:\;D:\;E:\;F:\;G:\;

Statistiques

Temps
00:15:09

Fichiers
53845

Directoires
5332

Secteurs de boot
0

Archives
1078

Paquets programmes
4438

Résultats

Virus identifiés
16

Fichiers infectés
34

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
34

Info sur les moteurs

Définition virus
2624387

Version des moteurs
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Analyse des plugins
17

Archive des plugins
45

Unpack des plugins
7

E-mail plugins
6

Système plugins
4

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP243\A0027255.dll
Infecté par: Trojan.Agent.ALPG

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP243\A0027255.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP243\A0027263.dll
Infecté par: Trojan.Generic.1266638

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP243\A0027263.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP243\A0027284.dll
Infecté par: Trojan.Generic.1265215

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP243\A0027284.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP244\A0027301.dll
Infecté par: Gen:Trojan.Heur.544453

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP244\A0027301.dll
Echec de la désinfection

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP244\A0027301.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP244\A0028314.dll
Infecté par: Trojan.Generic.1265215

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP244\A0028314.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP245\A0029314.dll
Infecté par: Trojan.Generic.1272353

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP245\A0029314.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP245\A0029338.dll
Infecté par: Trojan.Vundo.GET

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP245\A0029338.dll
Echec de la désinfection

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP245\A0029338.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP246\A0029357.dll
Infecté par: Gen:Trojan.Heur.544453

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP246\A0029357.dll
Echec de la désinfection

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP246\A0029357.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP246\A0029374.dll
Infecté par: Trojan.Vundo.GEM

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP246\A0029374.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP248\A0032524.dll
Infecté par: Trojan.Vundo.GEM

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP248\A0032524.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032629.dll
Infecté par: Trojan.Vundo.GET

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032629.dll
Echec de la désinfection

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032629.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032630.dll
Infecté par: Trojan.Generic.1281171

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032630.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032631.dll
Infecté par: Trojan.Generic.1268856

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032631.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032632.dll
Infecté par: Trojan.Generic.1274695

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032632.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032636.dll
Infecté par: Trojan.Generic.1274695

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032636.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032637.dll
Infecté par: Trojan.Generic.1281171

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032637.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032638.dll
Infecté par: Trojan.Generic.1281171

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032638.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032639.dll
Infecté par: Trojan.Vundo.GET

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032639.dll
Echec de la désinfection

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032639.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032640.dll
Infecté par: Trojan.Packed.47475

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032640.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032642.dll
Infecté par: Trojan.Generic.1281171

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032642.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032643.dll
Infecté par: Trojan.Generic.1270104

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032643.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032644.dll
Infecté par: Trojan.Generic.1297563

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032644.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032646.dll
Infecté par: Gen:Trojan.Heur.544453

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032646.dll
Echec de la désinfection

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032646.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032649.dll
Infecté par: Trojan.Generic.1297578

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032649.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032650.dll
Infecté par: Trojan.Generic.1270104

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032650.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032651.dll
Infecté par: Trojan.Generic.1274695

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032651.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032652.dll
Infecté par: Trojan.Packed.47475

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032652.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032654.dll
Infecté par: Trojan.Generic.1268856

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032654.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032656.dll
Infecté par: Trojan.Vundo.GET

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032656.dll
Echec de la désinfection

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032656.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032657.dll
Infecté par: Trojan.Generic.1297563

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032657.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032658.dll
Infecté par: Trojan.Generic.1270104

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032658.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032659.dll
Infecté par: Trojan.Generic.1270104

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP249\A0032659.dll
Supprimé

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP263\A0036398.exe
Infecté par: Trojan.Generic.1337801

C:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP263\A0036398.exe
Supprimé

F:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP248\A0032499.exe
Infecté par: Trojan.Dropper.SFD

F:\System Volume Information\_restore{2AFA8BF0-66EE-415A-92B7-399A4A6440B9}\RP248\A0032499.exe
Supprimé

Réponse 11 / 11

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 févr. 2009 à 18:53

Désactive ta restauration systeme puis redemarre ton ordi puis réactive là comme ceci:
https://www.informatruc.com

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Discussions similaires

internet explorer portable ?

FOTOSE (allemagne)

App explorer Sa sert a quoi ?

Discussions similaires

Newsletters