infection virtumonde/m64, nouveau post

Question

Bonjour,
une aimable personne a deja tenté de m'aider mais comme il devait s'en aller il m'a dit de creer un nouveau post pour la suite.
j'ai été infectée par virtumonde/remover.M64 et j'ai deja fait une analyse malware.
voici mon nouveau rapport :

je viens de renommer hijackthis en skim et voici le nouveau rapport : 

Logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 02:05:17, on 05/10/2008 
Platform: Windows XP SP3 (WinNT 5.01.2600) 
MSIE: Internet Explorer v7.00 (7.00.6000.16705) 
Boot mode: Normal 

Running processes: 
C:\WINDOWS\System32\smss.exe 
C:\WINDOWS\system32\csrss.exe 
C:\WINDOWS\system32\winlogon.exe 
C:\WINDOWS\system32\services.exe 
C:\WINDOWS\system32\lsass.exe 
C:\WINDOWS\system32\Ati2evxx.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\System32\svchost.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\system32\svchost.exe 
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
C:\Program Files\Alwil Software\Avast4\ashServ.exe 
C:\WINDOWS\Explorer.EXE 
C:\WINDOWS\system32\spoolsv.exe 
C:\WINDOWS\SOUNDMAN.EXE 
C:\Acer\eManager\anbmServ.exe 
C:\WINDOWS\AGRSMMSG.exe 
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
C:\Program Files\Aspire Arcade\PCMService.exe 
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 
C:\PROGRA~1\LAUNCH~1\LManager.exe 
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe 
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe 
C:\WINDOWS\system32\rundll32.exe 
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe 
C:\WINDOWS\system32\svchost.exe 
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe 
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe 
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 
C:\Program Files\Logitech\QuickCam\Quickcam.exe 
C:\WINDOWS\system32\svchost.exe 
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe 
C:\Program Files\SuperCopier2\SuperCopier2.exe 
C:\WINDOWS\system32\ctfmon.exe 
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe 
C:\Program Files\Free Download Manager\fdm.exe 
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe 
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe 
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe 
C:\Program Files\Bouygues\GlobeTrotter Connect\GlobeTrotter Connect.exe 
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 
C:\WINDOWS\system32\wscntfy.exe 
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe 
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe 
C:\WINDOWS\System32\alg.exe 
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
C:\Program Files\Internet Explorer\iexplore.exe 
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe 
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 
C:\WINDOWS\system32\wbem\wmiprvse.exe 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://try.starware.com/landing/recipe/intro_01.php?mkt=fr 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 
O2 - BHO: (no name) - {1DE7B76F-CC67-439C-997F-F1D7315A1120} - (no file) 
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll 
O2 - BHO: (no name) - {3DA02DDC-379B-40AF-8F9B-9CDDFDE1CABD} - (no file) 
O2 - BHO: (no name) - {43AC4700-7860-4A5D-8AB3-A26555F1DC59} - (no file) 
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
O2 - BHO: (no name) - {96C9F28E-6C4E-48A7-9329-CCB57C34E53F} - (no file) 
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll 
O2 - BHO: (no name) - {eaf5e575-d444-4daf-9a19-e7ecdfa5f093} - (no file) 
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - (no file) 
O2 - BHO: (no name) - {FEC8CCC8-3C99-44B4-BBE0-891CECD0150A} - (no file) 
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll 
O4 - HKLM\..\Run: [LaunchApp] Alaunch 
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE 
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe 
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe" 
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC 
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC 
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName 
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe 
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" 
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe 
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent 
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" 
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide 
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" 
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe 
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun 
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') 
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe 
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ? 
O4 - Global Startup: BTTray.lnk = ? 
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE 
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Bouygues\GlobeTrotter Connect\GlobeTrotter Connect.exe 
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm 
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm 
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html 
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm 
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html 
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm 
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm 
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm 
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll 
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll 
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll 
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm 
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm 
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O15 - Trusted Zone: www.ca-centreloire.fr 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab 
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://www.canalblog.com/sharedDocs/misc/uploader/ImageUploader5.cab 
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab 
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab 
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab 
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL 
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe 
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe 
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe 
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe 
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe 
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

sherred · Answer

Télécharge combofix.exe 
 http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
 clique combofix.exe. 
 touche 1 (Yes) pour démarrer le scan. 
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 
Le rapport se trouve également ici : C:\Combofix.txt 

 

 Déconnecte toi d'internet  ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
 Pendant la durée de l'analyse ne te sert pas de ton pc 


une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares

sKe69 · Answer

Salut,

Pour suivre ....^^


On aimerait voir le rapport de Malwarebytes (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date) .


Merci ...  ;)

diddy2703 · Answer

désolée je metais ecroulée de fatigue....
voici mon dernier rapport malwarebytes :

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3

05/10/2008 01:38:29
mbam-log-2008-10-05 (01-38-29).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 133019
Temps écoulé: 41 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 28

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32edvfooy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mlJYPIBt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32qRlmmKd.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{674855c3-b0b1-4413-9bb4-bfa6a9b5257b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notifyqrlmmkd (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{674855c3-b0b1-4413-9bb4-bfa6a9b5257b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e99bd53-aafa-45d8-859c-ba766c3d67bb} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8e99bd53-aafa-45d8-859c-ba766c3d67bb} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eec73ea5-1367-49d1-93f4-ca1d8c22e9f9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion	dssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE	dss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\320d18a1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{674855c3-b0b1-4413-9bb4-bfa6a9b5257b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljypibt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljypibt  -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32qRlmmKd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mlJYPIBt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32	BIPYJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	BIPYJlm.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32edvfooy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yoofvder.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJCvSKd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUmKBrR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLEUNg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy\Local Settings\Temporary Internet Files\Content.IE5\7YFMZLWC\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy\Local Settings\Temporary Internet Files\Content.IE5\2C40ZHXQ\file[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy\Local Settings\Temporary Internet Files\Content.IE5\2C40ZHXQ\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Cindy\LOCALS~1\Temp\blowfish_d.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	dssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32	dssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32	dssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32	dssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32	dssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32	dsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32	dssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers	dssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM313e2b3d.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM313e2b3d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcv1cj0er1q.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcv1cj0er1q.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcv1cj0er1q.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

sKe69 · Answer

Bien ...

Dans l'ordre :

1- suprimes tout ce qui ce trouve dans la quarantaine de Malwarebytes .


2- Télécharges : - CCleaner 
https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ). 

Un tuto ( aide ): 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

---> Utilisation:
! déconnectes toi et fermes toutes applications en cours !
* vas dans "nettoyeur" : fait analyse puis nettoyage 
* vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) . 

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )


3- redémarres ton PC ! ( pour que Malwarebytes finisse le boulot ...)


4- fais exatement ce qui suit :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !): 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 


--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! Déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENSES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe : 
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après  !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques sur l'icône "combofix.exe" pour lancer l'outil . 

Appuyes sur la touche Y (Yes) pour démarrer le scan . 

Notes importantes : 
-> n'utilises pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisses le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment  : cliques sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... ) 

Le rapport sera crée dans: C:\Combofix.txt 
 
Postes le rapport Combofix pour analyse et attends la suite ...

diddy2703 · Answer

voila j'ai lancé ccleaner, redemarrer, lancé combofix, redemarrer, voici le rapport combofix :

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Cindy\ravmonlog
C:\WINDOWS\system32\cgraddtb.ini
C:\WINDOWS\system32\grybjibt.ini
C:\WINDOWS\system32\ioeuqicn.ini
C:\WINDOWS\system32\TDSSerrors.log

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV
-------\Legacy_TDSSSERV
-------\Service_mchInjDrv
-------\Service_TDSSserv

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
.

2008-10-05 01:49 . 2008-10-05 01:49 <REP> d-------- C:\Program Files\Trend Micro
2008-10-05 00:55 . 2008-10-05 00:55 <REP> d-------- C:\Documents and Settings\Cindy\Application Data\Malwarebytes
2008-10-05 00:54 . 2008-10-05 00:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-05 00:54 . 2008-10-05 00:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 00:54 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-05 00:54 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-04 23:02 . 2008-10-04 23:02 <REP> d-------- C:\Lop SD
2008-10-04 22:36 . 2008-10-04 22:36 <REP> d-------- C:\VundoFix Backups
2008-10-04 21:38 . 2008-10-04 21:49 8,192 --a------ C:\WINDOWS\system32\tdssserf1.dll
2008-10-04 21:25 . 2007-11-15 11:52 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll
2008-10-04 21:25 . 2007-10-15 14:50 720,896 --a------ C:\WINDOWS\system32\MobiProxyPlugin.ax
2008-10-04 21:25 . 2007-11-15 11:52 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-10-04 21:25 . 2007-11-15 11:52 19,968 --a------ C:\WINDOWS\system32\drivers\MobiCap.sys
2008-10-04 21:03 . 2008-10-04 21:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-04 21:03 . 2008-10-04 21:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-04 21:03 . 2008-10-05 11:09 0 --a------ C:\WINDOWS\system32\drivers\logiflt.iad
2008-10-04 20:58 . 2008-10-04 20:58 <REP> d-------- C:\Documents and Settings\Cindy\Application Data\Leadertech
2008-10-04 20:58 . 2008-07-26 16:25 627,864 --a------ C:\WINDOWS\system32\drivers\lvrs.sys
2008-10-04 20:58 . 2008-07-26 16:23 195,096 --a------ C:\WINDOWS\system32\lvci11801048.dll
2008-10-04 20:45 . 2008-10-04 20:45 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-04 20:45 . 2008-10-04 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-10-04 20:38 . 2007-10-12 02:57 195,096 --------- C:\WINDOWS\system32\lvci1150.dll
2008-10-04 16:25 . 2008-07-26 16:26 4,658,584 --a------ C:\WINDOWS\system32\drivers\lvuvc.sys
2008-10-04 16:25 . 2003-02-21 13:42 348,160 -ra------ C:\WINDOWS\system\msvcr71.dll
2008-10-04 16:25 . 2007-02-03 19:29 129,824 -ra------ C:\WINDOWS\system32\lvci1051.dll
2008-10-04 16:25 . 2008-07-26 16:24 95,384 --a------ C:\WINDOWS\system32\drivers\lvpopflt.sys
2008-10-04 16:25 . 2008-07-26 15:46 25,974 --a------ C:\WINDOWS\system32\Repository.reg
2008-10-04 16:25 . 2008-04-14 04:34 20,992 --------- C:\WINDOWS\system32\dshowext.ax
2008-10-04 16:25 . 2008-04-14 04:34 20,992 --a------ C:\WINDOWS\system32\dllcache\dshowext.ax
2008-10-04 16:25 . 2008-10-05 11:09 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs
2008-10-04 16:23 . 2008-07-26 16:26 23,832 --a------ C:\WINDOWS\system32\drivers\lvuvcflt.sys
2008-10-04 16:20 . 2008-10-04 16:20 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-10-04 16:15 . 2008-10-04 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-04 16:14 . 2008-10-04 16:15 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-09-24 22:38 . 2008-09-24 22:38 <REP> d-------- C:\Documents and Settings\Cindy\Application Data\Yahoo!
2008-09-11 20:26 . 2008-09-11 20:26 <REP> d-------- C:\Program Files\Logitech
2008-09-11 20:25 . 2004-01-21 03:14 5,915 --a------ C:\WINDOWS\system32\drivers\lv302af.sys
2008-09-11 20:24 . 2008-09-11 20:24 <REP> d-------- C:\Program Files\Fichiers communs\Labtec
2008-09-11 19:49 . 2008-07-26 16:26 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-09-11 19:49 . 2008-07-26 16:26 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-09-11 19:49 . 2008-07-26 16:23 416,280 --a------ C:\WINDOWS\system32\LVCodec2.dll
2008-09-11 19:49 . 2004-01-21 03:14 271,360 --a------ C:\WINDOWS\system32\drivers\LV302AV.SYS
2008-09-11 19:49 . 2004-01-21 03:24 135,214 -ra------ C:\WINDOWS\system32\LVComS.exe
2008-09-11 19:49 . 2004-01-21 03:24 57,344 -ra------ C:\WINDOWS\system32\LVComC.dll
2008-09-11 19:49 . 2008-07-26 16:26 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-09-10 20:25 . 2008-09-10 20:25 <REP> d-------- C:\Documents and Settings\Cindy\Application Data\skypePM
2008-09-10 20:25 . 2008-09-10 20:25 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-10 20:24 . 2008-09-10 20:24 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-09-10 19:43 . 2008-09-10 19:43 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-09-10 19:43 . 2004-10-08 13:54 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-09-10 19:43 . 2004-10-08 13:58 585,824 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2008-09-10 19:43 . 2004-01-21 03:28 86,016 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2008-09-10 19:43 . 2008-07-26 15:42 66,482 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-09-10 19:43 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-09-10 19:42 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-09-10 19:42 . 2008-09-11 20:24 520 --a------ C:\WINDOWS\_delis32.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 21:17 90,112 ----a-w C:\WINDOWS\DUMP4630.tmp
2008-10-01 14:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-19 11:26 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-09-19 11:26 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-09-08 22:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-18 11:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-13 23:12 78,464 ----a-w C:\Documents and Settings\Cindy\Application Data\GDIPFONTCACHEV1.DAT
2008-07-07 21:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 21:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2004-01-31 18:54 331,776 ----a-w C:\WINDOWS\inf\pdfinst2.exe
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2008-04-21 11:24 229,648 --sha-w C:\WINDOWS\system32\eLSYxGgh.ini2
2008-04-23 09:14 222,923 --sha-w C:\WINDOWS\system32\pWaIOXbc.ini2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 2474031]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [2004-03-25 81920]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2004-09-03 495616]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-09-04 28738]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-16 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 C:\WINDOWS\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-03 113664]
Rappels du Calendrier Microsoft Works.lnk - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 24633]
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-10-01 565309]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-04 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--------- 2003-03-19 00:39 184320 C:\Program Files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Free Download Manager\\FDM.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17182:TCP"= 17182:TCP:NortonAV
"12116:TCP"= 12116:TCP:NortonAV
"14414:TCP"= 14414:TCP:NortonAV
"14766:TCP"= 14766:TCP:BitComet 14766 TCP
"14766:UDP"= 14766:UDP:BitComet 14766 UDP

R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-04-14 5632]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2007-01-11 11008]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-06-01 10594]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 4054]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-09-08 159872]
R3 LVRS;Logitech RightSound Filter Driver;C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 APL531;Hercules Blog Webcam;C:\WINDOWS\system32\Drivers\BLvid.sys [ ]
S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys [ ]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
S3 U2SG54HP;BUFFALO WLI-U2-SG54HP Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\u2sg54hp.sys [2006-09-07 347776]
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys [ ]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5b0116-4a07-11dd-b62b-00023f0ac84f}]
\Shell\AutoRun\command - F:\setup.exe AUTORUN=1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94af2d65-7afe-11dc-a3ed-00023f0ac84f}]
\Shell\AutoRun\command - F:\setup.exe

*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Tâches planifiées'

2008-10-03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-03 18:58]

2008-06-28 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2006-06-20 00:35]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{1DE7B76F-CC67-439C-997F-F1D7315A1120} - (no file)
BHO-{3DA02DDC-379B-40AF-8F9B-9CDDFDE1CABD} - (no file)
BHO-{43AC4700-7860-4A5D-8AB3-A26555F1DC59} - (no file)
BHO-{96C9F28E-6C4E-48A7-9329-CCB57C34E53F} - (no file)
BHO-{eaf5e575-d444-4daf-9a19-e7ecdfa5f093} - (no file)
BHO-{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - (no file)
BHO-{FEC8CCC8-3C99-44B4-BBE0-891CECD0150A} - (no file)
HKU-Default-RunOnce-IETI - C:\Program Files\Skype\Phone\IEPlugin\unins000.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-FlashGet - C:\Program Files\FlashGet\FlashGet.exe
MSConfigStartUp-HerculesCamService - C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe
MSConfigStartUp-SuperCopier - C:\Program Files\SuperCopier\SuperCopier.exe

.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\yxs95m45.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 11:10:08
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Cindy\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\WIDCOMM\LOGICIEL BLUETOOTH\BIN\BTWDINS.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LOGISHRD\LVCOMSER\LVCOMSER.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LOGISHRD\LVMVFM\LVPRCSRV.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LOGISHRD\LVCOMSER\LVCOMSER.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\LAUNCH MANAGER\LMANAGER.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-10-05 11:13:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-05 10:13:16

Avant-CF: 7 056 310 272 octets libres
Après-CF: 6,956,335,104 octets libres

268 --- E O F --- 2008-09-10 19:47:49

ah oui je tiens a preciser qu'un des "problemes" actuels de mon ordinateur est un ecran noir lors du chargement. (quand mon bureau windows s'affiche et que les icones commencent a se charger, j'ai un ecran noir de 2 à 3 secondes et tout redevient normal)

sKe69 · Answer

la suite:

1-Crées un doc texte sur ton bureau : 
pointes ta souris sur ton bureau , cliques droit : vas dans "nouveau" et choisis "document texte" . 

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer : 

Registry:: 
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv] 
"ImagePath"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5b0116-4a07-11dd-b62b-00023f0ac84f}] 

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94af2d65-7afe-11dc-a3ed-00023f0ac84f}] 

File:: 
C:\DOCUME~1\Cindy\LOCALS~1\Temp\mc22.tmp
C:\WINDOWS\system32\eLSYxGgh.ini2 
C:\WINDOWS\system32\pWaIOXbc.ini2 
C:\WINDOWS\system32	dssserf1.dll 
F:\setup.exe 

Driver:: 
mchInjDrv


Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi : 
CFScript puis valides ...
 

2-Nettoyage :

!! Déconnectes toi, fermes toutes tes applications et désactives TOUTES TES DEFENSES ( tu les réactiveras après )  !! 

--->Sur ton bureau, fais un glissé avec ta souris le fichier CFScript sur l'icône de ComboFix.exe . 

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tapes 1 puis valide. 

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!) 

!! Ne touches à rien tant que le scan n'est pas terminé !! 

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

diddy2703 · Answer

voici le rapport combofix :
ComboFix 08-10-04.07 - Cindy 2008-10-05 16:36:20.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.231 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Cindy\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Cindy\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
C:\DOCUME~1\Cindy\LOCALS~1\Temp\mc22.tmp
C:\WINDOWS\system32\eLSYxGgh.ini2
C:\WINDOWS\system32\pWaIOXbc.ini2
C:\WINDOWS\system32\tdssserf1.dll
F:\setup.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\eLSYxGgh.ini2
C:\WINDOWS\system32\pWaIOXbc.ini2
C:\WINDOWS\system32\tdssserf1.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV
-------\Service_mchInjDrv

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
.

2008-10-05 15:46 . 2008-10-05 15:46 1,514,756 --a------ C:\skype nzh.wav.WAV
2008-10-05 01:49 . 2008-10-05 01:49 <REP> d-------- C:\Program Files\Trend Micro
2008-10-05 00:55 . 2008-10-05 00:55 <REP> d-------- C:\Documents and Settings\Cindy\Application Data\Malwarebytes
2008-10-05 00:54 . 2008-10-05 00:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-05 00:54 . 2008-10-05 00:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 00:54 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-05 00:54 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-04 23:02 . 2008-10-04 23:02 <REP> d-------- C:\Lop SD
2008-10-04 22:36 . 2008-10-04 22:36 <REP> d-------- C:\VundoFix Backups
2008-10-04 21:25 . 2007-11-15 11:52 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll
2008-10-04 21:25 . 2007-10-15 14:50 720,896 --a------ C:\WINDOWS\system32\MobiProxyPlugin.ax
2008-10-04 21:25 . 2007-11-15 11:52 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-10-04 21:25 . 2007-11-15 11:52 19,968 --a------ C:\WINDOWS\system32\drivers\MobiCap.sys
2008-10-04 21:03 . 2008-10-04 21:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-04 21:03 . 2008-10-04 21:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-04 21:03 . 2008-10-05 16:42 0 --a------ C:\WINDOWS\system32\drivers\logiflt.iad
2008-10-04 20:58 . 2008-10-04 20:58 <REP> d-------- C:\Documents and Settings\Cindy\Application Data\Leadertech
2008-10-04 20:58 . 2008-07-26 16:25 627,864 --a------ C:\WINDOWS\system32\drivers\lvrs.sys
2008-10-04 20:58 . 2008-07-26 16:23 195,096 --a------ C:\WINDOWS\system32\lvci11801048.dll
2008-10-04 20:45 . 2008-10-04 20:45 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-04 20:45 . 2008-10-04 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-10-04 20:38 . 2007-10-12 02:57 195,096 --------- C:\WINDOWS\system32\lvci1150.dll
2008-10-04 16:25 . 2008-07-26 16:26 4,658,584 --a------ C:\WINDOWS\system32\drivers\lvuvc.sys
2008-10-04 16:25 . 2003-02-21 13:42 348,160 -ra------ C:\WINDOWS\system\msvcr71.dll
2008-10-04 16:25 . 2007-02-03 19:29 129,824 -ra------ C:\WINDOWS\system32\lvci1051.dll
2008-10-04 16:25 . 2008-07-26 16:24 95,384 --a------ C:\WINDOWS\system32\drivers\lvpopflt.sys
2008-10-04 16:25 . 2008-07-26 15:46 25,974 --a------ C:\WINDOWS\system32\Repository.reg
2008-10-04 16:25 . 2008-04-14 04:34 20,992 --------- C:\WINDOWS\system32\dshowext.ax
2008-10-04 16:25 . 2008-04-14 04:34 20,992 --a------ C:\WINDOWS\system32\dllcache\dshowext.ax
2008-10-04 16:25 . 2008-10-05 16:42 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs
2008-10-04 16:23 . 2008-07-26 16:26 23,832 --a------ C:\WINDOWS\system32\drivers\lvuvcflt.sys
2008-10-04 16:20 . 2008-10-04 16:20 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-10-04 16:15 . 2008-10-04 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-04 16:14 . 2008-10-04 16:15 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-09-24 22:38 . 2008-09-24 22:38 <REP> d-------- C:\Documents and Settings\Cindy\Application Data\Yahoo!
2008-09-11 20:26 . 2008-09-11 20:26 <REP> d-------- C:\Program Files\Logitech
2008-09-11 20:25 . 2004-01-21 03:14 5,915 --a------ C:\WINDOWS\system32\drivers\lv302af.sys
2008-09-11 20:24 . 2008-09-11 20:24 <REP> d-------- C:\Program Files\Fichiers communs\Labtec
2008-09-11 19:49 . 2008-07-26 16:26 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-09-11 19:49 . 2008-07-26 16:26 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-09-11 19:49 . 2008-07-26 16:23 416,280 --a------ C:\WINDOWS\system32\LVCodec2.dll
2008-09-11 19:49 . 2004-01-21 03:14 271,360 --a------ C:\WINDOWS\system32\drivers\LV302AV.SYS
2008-09-11 19:49 . 2004-01-21 03:24 135,214 -ra------ C:\WINDOWS\system32\LVComS.exe
2008-09-11 19:49 . 2004-01-21 03:24 57,344 -ra------ C:\WINDOWS\system32\LVComC.dll
2008-09-11 19:49 . 2008-07-26 16:26 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-09-10 20:25 . 2008-09-10 20:25 <REP> d-------- C:\Documents and Settings\Cindy\Application Data\skypePM
2008-09-10 20:25 . 2008-09-10 20:25 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-10 20:24 . 2008-09-10 20:24 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-09-10 19:43 . 2008-09-10 19:43 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-09-10 19:43 . 2004-10-08 13:54 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-09-10 19:43 . 2004-10-08 13:58 585,824 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2008-09-10 19:43 . 2004-01-21 03:28 86,016 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2008-09-10 19:43 . 2008-07-26 15:42 66,482 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-09-10 19:43 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-09-10 19:42 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-09-10 19:42 . 2008-09-11 20:24 520 --a------ C:\WINDOWS\_delis32.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 21:17 90,112 ----a-w C:\WINDOWS\DUMP4630.tmp
2008-10-01 14:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-19 11:26 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-09-19 11:26 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-09-08 22:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-18 11:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-13 23:12 78,464 ----a-w C:\Documents and Settings\Cindy\Application Data\GDIPFONTCACHEV1.DAT
2008-07-07 21:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 21:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2004-01-31 18:54 331,776 ----a-w C:\WINDOWS\inf\pdfinst2.exe
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-05_11.12.31.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-05 15:42:12 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_6b8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 2474031]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [2004-03-25 81920]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2004-09-03 495616]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-09-04 28738]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-16 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 C:\WINDOWS\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-03 113664]
Rappels du Calendrier Microsoft Works.lnk - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 24633]
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-10-01 565309]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-04 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"VIDC.I420"= i420vfw.dll
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--------- 2003-03-19 00:39 184320 C:\Program Files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Free Download Manager\\FDM.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17182:TCP"= 17182:TCP:NortonAV
"12116:TCP"= 12116:TCP:NortonAV
"14414:TCP"= 14414:TCP:NortonAV
"14766:TCP"= 14766:TCP:BitComet 14766 TCP
"14766:UDP"= 14766:UDP:BitComet 14766 UDP

R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-04-14 5632]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2007-01-11 11008]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-06-01 10594]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 4054]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-09-08 159872]
R3 LVRS;Logitech RightSound Filter Driver;C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 APL531;Hercules Blog Webcam;C:\WINDOWS\system32\Drivers\BLvid.sys [ ]
S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys [ ]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
S3 U2SG54HP;BUFFALO WLI-U2-SG54HP Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\u2sg54hp.sys [2006-09-07 347776]
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys [ ]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Tâches planifiées'

2008-10-03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-03 18:58]

2008-06-28 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2006-06-20 00:35]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 16:42:47
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Cindy\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\LAUNCH MANAGER\LMANAGER.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\WIDCOMM\LOGICIEL BLUETOOTH\BIN\BTWDINS.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LOGISHRD\LVCOMSER\LVCOMSER.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LOGISHRD\LVMVFM\LVPRCSRV.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LOGISHRD\LVCOMSER\LVCOMSER.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Heure de fin: 2008-10-05 16:46:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-05 15:46:04
ComboFix2.txt 2008-10-05 10:13:32

Avant-CF: 11 818 647 552 octets libres
Après-CF: 11,820,580,864 octets libres

249 --- E O F --- 2008-09-10 19:47:49

et le rapport hijackthis fait juste apres :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:35, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://try.starware.com/landing/recipe/intro_01.php?mkt=fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.ca-centreloire.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://www.canalblog.com/sharedDocs/misc/uploader/ImageUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

sKe69 · Answer

Bien ... Dans l'ordre :

1- refais un coup de CCleaner ( registre compris ) .

2- Avoir accès aux fichiers cachés :
 
Vas dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage 
* "Afficher les fichiers et dossiers cachés" ---> coché 
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché 
* "masquer les fichiers du système" ---> décoché
-> valides la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... ) 


3- Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Copies ce qui suit et colles le dans l'espace pour la recherche : 
C:\WINDOWS\system32\drivers\lvuvc.hs 

Cliques sur Send File ( = " Envoyer le fichier " ). 

Un rapport va s'élaborer ligne à ligne. 

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé. 

Sauvegarde le rapport avec le bloc-note. 

Copies le dans ta prochaine réponse ... 

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )


Fais de même pour :
C:\WINDOWS\system32\dllcache\dshowext.ax 
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 
C:\WINDOWS\system32\drivers\lvrs.sys 
C:\WINDOWS\system32\lvci11801048.dll 
C:\WINDOWS\system32\mfc71d.dll 
C:\WINDOWS\system32\MobiProxyPlugin.ax 
C:\WINDOWS\system32\msvcr71d.dll 
C:\WINDOWS\system32\drivers\MobiCap.sys 

postes moi donc ces 9 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...

diddy2703 · Answer

ok merci bien.
mais avant de faire 9 fois la manip, en faisant la 1ere : C:\WINDOWS\system32\drivers\lvuvc.hs 
je n'obtiens pas d'analyse mais ca : 
0 bytes size received / Se ha recibido un archivo vacio

est ce que je fais les 8 autres quand meme

diddy2703 · Answer

rapport pour C:\WINDOWS\system32\dllcache\dshowext.ax :
Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.10.3.2 2008.10.03 - 
AntiVir 7.8.1.34 2008.10.04 - 
Authentium 5.1.0.4 2008.10.05 - 
Avast 4.8.1248.0 2008.10.04 - 
AVG 8.0.0.161 2008.10.05 - 
BitDefender 7.2 2008.10.05 - 
CAT-QuickHeal 9.50 2008.10.04 - 
ClamAV 0.93.1 2008.10.05 - 
DrWeb 4.44.0.09170 2008.10.05 - 
eSafe 7.0.17.0 2008.10.05 - 
eTrust-Vet 31.6.6129 2008.10.04 - 
Ewido 4.0 2008.10.05 - 
F-Prot 4.4.4.56 2008.10.05 - 
F-Secure 8.0.14332.0 2008.10.05 - 
Fortinet 3.113.0.0 2008.10.04 - 
GData 19 2008.10.05 - 
Ikarus T3.1.1.34.0 2008.10.05 - 
K7AntiVirus 7.10.484 2008.10.04 - 
Kaspersky 7.0.0.125 2008.10.05 - 
McAfee 5398 2008.10.04 - 
Microsoft 1.4005 2008.10.05 - 
NOD32 3495 2008.10.04 - 
Norman 5.80.02 2008.10.03 - 
Panda 9.0.0.4 2008.10.05 - 
PCTools 4.4.2.0 2008.10.05 - 
Prevx1 V2 2008.10.05 - 
Rising 20.63.62.00 2008.09.28 - 
SecureWeb-Gateway 6.7.6 2008.10.05 - 
Sophos 4.34.0 2008.10.05 - 
Sunbelt 3.1.1675.1 2008.09.27 - 
Symantec 10 2008.10.05 - 
TheHacker 6.3.1.0.101 2008.10.04 - 
TrendMicro 8.700.0.1004 2008.10.03 - 
VBA32 3.12.8.6 2008.10.05 - 
ViRobot 2008.10.4.1406 2008.10.04 - 
VirusBuster 4.5.11.0 2008.10.05 - 
Information additionnelle 
File size: 20992 bytes 
MD5...: 2dc3a2bdf341ba4d2b029aea714cfeef 
SHA1..: 9f02682ad9d83c2c7b84bb0e5c3a6fcfacaa74f3 
SHA256: 2b73227bf9baf726dd49e97d33d88f5e1be331bbae9975ec770a5c27f65151a9 
SHA512: b99cba8707362c11f58dbd78751e9cfd6c51a4a9fa31393fa8bb30444fd63754
31b6a42ae6a43d4a982937dcc69aaa40e32cec647cba358cd50065c7fed7410d 
PEiD..: - 
TrID..: File type identification
DirectShow filter (65.5%)
Win64 Executable Generic (27.8%)
Win32 Executable Generic (2.7%)
Win32 Dynamic Link Library (generic) (2.4%)
Generic Win/DOS Executable (0.6%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x584a3551
timedatestamp.....: 0x4802c238 (Mon Apr 14 02:32:24 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x37ab 0x3800 6.24 e6e097ae99f8d3643ad2d228584269b9
.data 0x5000 0x3e0 0x400 3.71 933735712b4735b853b5bce147e4bbcc
.rsrc 0x6000 0xb78 0xc00 3.28 89c6bc2b94d731136a9b27ecb1705e9b
.reloc 0x7000 0x592 0x600 4.67 39f46b6477a2722a373527d46ead11f4

( 6 imports ) 
> MFC42.DLL: -, -
> msvcrt.dll: _terminate@@YAXXZ, _purecall, __1type_info@@UAE@XZ, __CxxFrameHandler, _except_handler3
> KERNEL32.dll: CloseHandle, GetOverlappedResult, DeviceIoControl, GetLastError, CreateEventA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetVersionExW, DisableThreadLibraryCalls, InterlockedIncrement, FreeLibrary, InterlockedDecrement, lstrlenW
> USER32.dll: SendMessageA, SetDlgItemInt, EnableWindow, GetDlgItem, wsprintfA, SetDlgItemTextA, GetWindowLongW, SetWindowLongW, CreateDialogParamW, MoveWindow, InvalidateRect, ShowWindow, DestroyWindow, LoadStringW, GetWindowRect, GetDesktopWindow
> COMCTL32.dll: InitCommonControlsEx
> ole32.dll: CoTaskMemFree, CoTaskMemAlloc

( 2 exports ) 
DllCanUnloadNow, DllGetClassObject 

rapport pour C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe :
Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.10.3.2 2008.10.03 - 
AntiVir 7.8.1.34 2008.10.04 - 
Authentium 5.1.0.4 2008.10.05 - 
Avast 4.8.1248.0 2008.10.04 - 
AVG 8.0.0.161 2008.10.05 - 
BitDefender 7.2 2008.10.05 - 
CAT-QuickHeal 9.50 2008.10.04 - 
ClamAV 0.93.1 2008.10.05 - 
DrWeb 4.44.0.09170 2008.10.05 - 
eSafe 7.0.17.0 2008.10.05 - 
eTrust-Vet 31.6.6129 2008.10.04 - 
Ewido 4.0 2008.10.05 - 
F-Prot 4.4.4.56 2008.10.05 - 
F-Secure 8.0.14332.0 2008.10.05 Suspicious:W32/Netsnake.n!Gemini 
Fortinet 3.113.0.0 2008.10.04 - 
GData 19 2008.10.05 - 
Ikarus T3.1.1.34.0 2008.10.05 - 
K7AntiVirus 7.10.484 2008.10.04 - 
Kaspersky 7.0.0.125 2008.10.05 - 
McAfee 5398 2008.10.04 - 
Microsoft 1.4005 2008.10.05 - 
NOD32 3495 2008.10.04 - 
Norman 5.80.02 2008.10.03 - 
Panda 9.0.0.4 2008.10.05 - 
PCTools 4.4.2.0 2008.10.05 - 
Prevx1 V2 2008.10.05 - 
Rising 20.63.62.00 2008.09.28 - 
SecureWeb-Gateway 6.7.6 2008.10.05 - 
Sophos 4.34.0 2008.10.05 - 
Sunbelt 3.1.1668.1 2008.09.24 - 
Symantec 10 2008.10.05 - 
TheHacker 6.3.1.0.101 2008.10.04 - 
TrendMicro 8.700.0.1004 2008.10.03 - 
VBA32 3.12.8.6 2008.10.05 - 
ViRobot 2008.10.4.1406 2008.10.04 - 
VirusBuster 4.5.11.0 2008.10.05 - 
Information additionnelle 
File size: 127034 bytes 
MD5...: 21007bd289539a3ca0d0f3653dc11258 
SHA1..: 3f748144d07cd7609dae51ae0588f46e994c73c4 
SHA256: 072408c4c02de98c6dfcfa83b86f2dfebeadd1a085c371d2d8b78df9c9e670dc 
SHA512: 1063aac29899b35575a6f6369033b4855dcfcddfe733b7690042cd7af9d692c5
ca62c73f4fbb12707abb4ed8be4215b4b369f5a55a34407309bb815bf51cf90b 
PEiD..: Armadillo v1.71 
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40e536
timedatestamp.....: 0x455910f7 (Tue Nov 14 00:42:31 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe10e 0xf000 6.21 e916f8864e9c7b2fe0b96bef1e5f7e45
.rdata 0x10000 0x3c02 0x4000 5.35 5a9c9f9f9ff15ff15dcdd43eb0033aa1
.data 0x14000 0xb6e8 0x9000 4.90 fa1f2d7ab0d9fd1e4b379009d219da58
.rsrc 0x20000 0x1480 0x2000 3.33 5d1e5c5971a2cfe084c97dd0e154025e

( 8 imports ) 
> MSVCRT.dll: _except_handler3, _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, _chsize, fseek, fwrite, fread, _get_osfhandle, sscanf, _stat, swprintf, memset, strchr, realloc, atoi, fgets, _mbschr, _mbsdec, strncat, malloc, free, _purecall, ctime, fprintf, fflush, ftell, rename, memcpy, _iob, vfprintf, fopen, _unlink, _ftime, _strnicmp, memcmp, strrchr, _setmbcp, _snprintf, _mbslwr, strcpy, strlen, _errno, sprintf, _mbsrchr, __CxxFrameHandler, _mbsicmp, __3@YAXPAX@Z, strcat, strcmp, _rmdir, toupper, _ultoa, strncmp, _findnext, remove, strncpy, strstr, _findclose, __2@YAPAXI@Z, _chmod, _findfirst, _stricmp, fclose
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> KERNEL32.dll: ReleaseMutex, GetModuleHandleA, GetFileType, PeekNamedPipe, GetFileTime, GetFileSize, RemoveDirectoryA, LocalFree, OpenMutexA, Sleep, lstrlenW, WideCharToMultiByte, GetTickCount, MultiByteToWideChar, CreateDirectoryA, MoveFileExA, GetWindowsDirectoryA, GetCurrentThread, GetPrivateProfileSectionNamesA, GetPrivateProfileStringA, GetPrivateProfileSectionA, SetLastError, ExpandEnvironmentStringsA, GetEnvironmentVariableA, SetEnvironmentVariableA, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, GetCurrentProcess, OpenProcess, TerminateProcess, GetSystemDirectoryA, WritePrivateProfileStringA, lstrcmpA, GetTempPathA, LoadLibraryExA, GetFileAttributesA, DeleteFileA, CopyFileA, GetLocaleInfoA, SetFileAttributesA, lstrcatA, SleepEx, FindResourceA, LoadResource, SearchPathA, GetShortPathNameA, GetModuleFileNameA, GetStartupInfoA, CreateProcessA, LoadLibraryA, GetProcAddress, FreeLibrary, CloseHandle, CreateMutexA, lstrlenA, GetLastError, lstrcpyA, GetVersionExA, WaitForSingleObject
> USER32.dll: GetClassNameA, SendMessageTimeoutA, FindWindowA, EnumWindows, GetLastActivePopup, IsWindow, PostMessageA, ExitWindowsEx, IsIconic, GetClientRect, DrawIcon, MessageBoxA, SystemParametersInfoA, UpdateWindow, KillTimer, SendMessageA, SetTimer, EnableWindow, LoadIconA, MsgWaitForMultipleObjects, PeekMessageA, GetSystemMetrics, DispatchMessageA, TranslateMessage, LoadStringA
> ADVAPI32.dll: RegEnumKeyA, RegDeleteKeyA, RegFlushKey, GetServiceKeyNameA, OpenSCManagerA, CloseServiceHandle, LookupPrivilegeValueA, AdjustTokenPrivileges, GetUserNameA, RegSetValueExA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, OpenProcessToken, RegDeleteValueA, RegQueryInfoKeyA, RegOpenKeyExA, RegQueryValueExA
> SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc
> ole32.dll: CoTaskMemFree, CoUninitialize, StringFromCLSID, CLSIDFromProgID, CoInitialize, CoCreateInstance
> OLEAUT32.dll: -, -

( 2 exports ) 
GetUninstallerPath, RemoveUnusedVersions
 
rapport pour C:\WINDOWS\system32\drivers\lvrs.sys:
Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.10.3.2 2008.10.03 - 
AntiVir 7.8.1.34 2008.10.04 - 
Authentium 5.1.0.4 2008.10.05 - 
Avast 4.8.1248.0 2008.10.04 - 
AVG 8.0.0.161 2008.10.05 - 
BitDefender 7.2 2008.10.05 - 
CAT-QuickHeal 9.50 2008.10.04 - 
ClamAV 0.93.1 2008.10.05 - 
DrWeb 4.44.0.09170 2008.10.05 - 
eSafe 7.0.17.0 2008.10.05 - 
eTrust-Vet 31.6.6129 2008.10.04 - 
Ewido 4.0 2008.10.05 - 
F-Prot 4.4.4.56 2008.10.05 - 
F-Secure 8.0.14332.0 2008.10.05 - 
Fortinet 3.113.0.0 2008.10.04 - 
GData 19 2008.10.05 - 
Ikarus T3.1.1.34.0 2008.10.05 - 
K7AntiVirus 7.10.484 2008.10.04 - 
Kaspersky 7.0.0.125 2008.10.05 - 
McAfee 5398 2008.10.04 - 
Microsoft 1.4005 2008.10.05 - 
NOD32 3495 2008.10.04 - 
Norman 5.80.02 2008.10.03 - 
Panda 9.0.0.4 2008.10.05 - 
PCTools 4.4.2.0 2008.10.05 - 
Prevx1 V2 2008.10.05 - 
Rising 20.63.62.00 2008.09.28 - 
SecureWeb-Gateway 6.7.6 2008.10.05 - 
Sophos 4.34.0 2008.10.05 - 
Sunbelt 3.1.1675.1 2008.09.27 - 
Symantec 10 2008.10.05 - 
TheHacker 6.3.1.0.101 2008.10.04 - 
TrendMicro 8.700.0.1004 2008.10.03 - 
VBA32 3.12.8.6 2008.10.05 - 
ViRobot 2008.10.4.1406 2008.10.04 - 
VirusBuster 4.5.11.0 2008.10.05 - 
Information additionnelle 
File size: 627864 bytes 
MD5...: b895839b8743e400d7c7dae156f74e7e 
SHA1..: 8dce8ac50212617f2381191725ca771bb9329231 
SHA256: 52e13c6260f7e6718c782df0b43d838fb4939b314695a7a9cb2012d8b224066b 
SHA512: a73973391744fbd134b4fbab41f9719a85b9467ea0eefdae419c4aa98c9eac65
c342b824c72597175b8fbbdbc472da6ab944261e16f9ebd94b5807982bcd141a 
PEiD..: - 
TrID..: File type identification
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xa2f85
timedatestamp.....: 0x488b3d2e (Sat Jul 26 15:05:18 2008)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x500 0x75b55 0x75b80 6.73 189b3c306951f22433b1d2aeecfab36c
.rdata 0x76080 0x14730 0x14780 6.71 1c67337213535ba282bd776d33a63b24
.data 0x8a800 0x6954 0x6980 1.78 d3a4cabf2f1ed62324701436fe66f366
_RDATA 0x91180 0x14 0x80 0.83 72cd583c1261e42dde7ec9534dcb0c6d
PAGE 0x91200 0x1d32 0x1d80 6.38 591017d2743faa2337e772b7f9c724b4
INIT 0x92f80 0xcae 0xd00 5.47 7881765ec508ada40be52ac261b2b387
.rsrc 0x93c80 0x9a8 0xa00 3.36 4b485b599659313112c90f6a244fe5f9
.reloc 0x94680 0x33b0 0x3400 5.68 6e2d6c09cb98c7969ec6eb60d698da92

( 3 imports ) 
> NTOSKRNL.EXE: KeWaitForSingleObject, ExFreePool, ZwClose, IoOpenDeviceRegistryKey, memset, memcpy, KeTickCount, KeBugCheckEx, ZwQueryValueKey, RtlInitUnicodeString, InterlockedExchange, ExInterlockedPopEntrySList, ExInterlockedPushEntrySList, DbgBreakPoint, DbgPrint, sprintf, vsprintf, swprintf, ExDeleteNPagedLookasideList, ExDeletePagedLookasideList, ExInitializeNPagedLookasideList, ExInitializePagedLookasideList, KeInitializeSpinLock, ExFreeToPagedLookasideList, KeReleaseMutex, ExAllocatePoolWithTag, ExAllocateFromPagedLookasideList, KeInitializeMutex, IoGetDeviceProperty, wcsncpy, wcsstr, _wcsupr, ZwCreateKey, ZwOpenKey, RtlQueryRegistryValues, ZwSetValueKey, ZwEnumerateValueKey, IofCompleteRequest, IoDeleteDevice, InterlockedDecrement, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoGetDeviceObjectPointer, ObReferenceObjectByHandle, KeResetEvent, PsCreateSystemThread, ObfDereferenceObject, IoIsWdmVersionAvailable, KeSetEvent, IoDetachDevice, IoAttachDeviceToDeviceStack, IoCreateDevice, IoFreeWorkItem, RtlFreeUnicodeString, IoGetDeviceInterfaceAlias, IoQueueWorkItem, IoAllocateWorkItem, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, IoRegisterPlugPlayNotification, KeClearEvent, IoFreeMdl, MmUnlockPages, MmMapLockedPagesSpecifyCache, MmProbeAndLockPages, IoAllocateMdl, RtlStringFromGUID, PsTerminateSystemThread, KeWaitForMultipleObjects, _wcsnicmp, RtlCompareUnicodeString, KeDelayExecutionThread, IoAllocateDriverObjectExtension, IoGetDriverObjectExtension, PoCallDriver, PoStartNextPowerIrp, IoUnregisterPlugPlayNotification, IoBuildDeviceIoControlRequest, RtlCompareMemory, KeSetPriorityThread, KeGetCurrentThread, _purecall, IofCallDriver, KeSaveFloatingPointState, KeRestoreFloatingPointState, wcslen, _wcslwr, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlUnwind, InterlockedIncrement, memmove, IoGetAttachedDeviceReference
> HAL.DLL: KeGetCurrentIrql, KeQueryPerformanceCounter, KfAcquireSpinLock, KfReleaseSpinLock
> ntoskrnl.exe: ObOpenObjectByPointer, IoDeviceObjectType, RtlGetDaclSecurityDescriptor, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, _snwprintf, RtlLengthSecurityDescriptor, ExFreePoolWithTag, SeCaptureSecurityDescriptor, SeExports, RtlAddAccessAllowedAce, RtlLengthSid, wcschr, RtlAbsoluteToSelfRelativeSD, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ZwSetSecurityObject, MmGetSystemRoutineAddress, RtlRaiseException

( 0 exports ) 
 
rapport pour C:\WINDOWS\system32\lvci11801048.dll
Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.10.3.2 2008.10.03 - 
AntiVir 7.8.1.34 2008.10.04 - 
Authentium 5.1.0.4 2008.10.05 - 
Avast 4.8.1248.0 2008.10.04 - 
AVG 8.0.0.161 2008.10.05 - 
BitDefender 7.2 2008.10.05 - 
CAT-QuickHeal 9.50 2008.10.04 - 
ClamAV 0.93.1 2008.10.05 - 
DrWeb 4.44.0.09170 2008.10.05 - 
eSafe 7.0.17.0 2008.10.05 - 
eTrust-Vet 31.6.6129 2008.10.04 - 
Ewido 4.0 2008.10.05 - 
F-Prot 4.4.4.56 2008.10.05 - 
F-Secure 8.0.14332.0 2008.10.05 - 
Fortinet 3.113.0.0 2008.10.04 - 
GData 19 2008.10.05 - 
Ikarus T3.1.1.34.0 2008.10.05 - 
K7AntiVirus 7.10.484 2008.10.04 - 
Kaspersky 7.0.0.125 2008.10.05 - 
McAfee 5398 2008.10.04 - 
Microsoft 1.4005 2008.10.05 - 
NOD32 3495 2008.10.04 - 
Norman 5.80.02 2008.10.03 - 
Panda 9.0.0.4 2008.10.05 - 
PCTools 4.4.2.0 2008.10.05 - 
Prevx1 V2 2008.10.05 - 
Rising 20.63.62.00 2008.09.28 - 
SecureWeb-Gateway 6.7.6 2008.10.05 - 
Sophos 4.34.0 2008.10.05 - 
Sunbelt 3.1.1675.1 2008.09.27 - 
Symantec 10 2008.10.05 - 
TheHacker 6.3.1.0.101 2008.10.04 - 
TrendMicro 8.700.0.1004 2008.10.03 - 
VBA32 3.12.8.6 2008.10.05 - 
ViRobot 2008.10.4.1406 2008.10.04 - 
VirusBuster 4.5.11.0 2008.10.05 - 
Information additionnelle 
File size: 195096 bytes 
MD5...: 7e93439412b0db7d76ebf488b4f8c6d5 
SHA1..: 322fd18e0fbbd319aa36b56d38eabb3727cc9af7 
SHA256: 32f384cb6110549ac054aa60eb871435386af9f8af15f89f46ea875104d2e0c9 
SHA512: f7f8741c06e9f4dfb1f28154fbbefbd5f47bdc33106d4e54fbc87abb7045c5b5
086bde46f27b0f795a45565dfe51dc58f8f9f1aacea240b3526217a24acefc94 
PEiD..: - 
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10009a6c
timedatestamp.....: 0x488b3c15 (Sat Jul 26 15:00:37 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x211ba 0x22000 6.60 773b30c1f1829b15bce1cda314872cd4
.rdata 0x23000 0x53e7 0x6000 5.24 43b4734781662ccc2ad54e7b76987c53
.data 0x29000 0x2d8c 0x2000 1.58 68a48b3c0ce555cb4543d41b9b4abf35
.rsrc 0x2c000 0xa04 0x1000 4.15 2496c4589720454cafee8c04bc774282
.reloc 0x2d000 0x175a 0x2000 5.56 72e9279a1081dc856a7562478759f0e2

( 8 imports ) 
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
> SETUPAPI.dll: SetupDiOpenDevRegKey, SetupDiGetDriverInfoDetailA, SetupDiGetSelectedDriverA, SetupCloseInfFile, SetupGetLineTextA, SetupOpenInfFileA, SetupDiGetDeviceRegistryPropertyA, SetupDiGetDeviceInstallParamsA, SetupDiSetDeviceInstallParamsA, SetupDiOpenClassRegKey
> SHLWAPI.dll: SHDeleteValueA
> KERNEL32.dll: FreeLibrary, SetConsoleCtrlHandler, GetConsoleMode, CreateMutexA, CloseHandle, ReleaseMutex, WaitForMultipleObjectsEx, GetLastError, GetFileAttributesA, GetSystemDirectoryA, GetPrivateProfileStringA, GetVersionExA, CreateProcessA, GlobalFree, GetFullPathNameA, GlobalAlloc, FormatMessageA, WaitForMultipleObjects, InterlockedExchange, InterlockedDecrement, InterlockedIncrement, SetErrorMode, GetProcAddress, LoadLibraryA, GetPrivateProfileSectionA, GetWindowsDirectoryA, GetVersion, lstrcmpiA, FindClose, FindNextFileA, FindFirstFileA, MoveFileA, DeleteFileA, CopyFileA, GetConsoleCP, IsValidLocale, SetStdHandle, FlushFileBuffers, CreateFileA, GetTimeZoneInformation, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, HeapSize, GetLocaleInfoW, SetEndOfFile, CompareStringA, CompareStringW, GetLocalTime, GetCommandLineA, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetDateFormatA, GetTimeFormatA, GetStringTypeW, GetStringTypeA, InitializeCriticalSection, HeapAlloc, HeapFree, GetCurrentThreadId, SetEnvironmentVariableA, GetProcessHeap, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThread, LCMapStringA, WideCharToMultiByte, MultiByteToWideChar, LCMapStringW, FatalAppExitA, VirtualFree, VirtualAlloc, HeapReAlloc, HeapDestroy, HeapCreate, ExitProcess, WriteFile, GetModuleFileNameA, RtlUnwind, SetFilePointer, ReadFile, Sleep, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime
> USER32.dll: CharLowerA
> ADVAPI32.dll: RegEnumValueA, RegDeleteKeyA, RegCreateKeyExA, RegOpenKeyExA, RegEnumKeyA, RegQueryValueExA, RegDeleteValueA, RegCloseKey, RegSetValueExA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, RegOpenKeyA
> SHELL32.dll: SHGetSpecialFolderPathA, ShellExecuteExA, SHFileOperationA
> ole32.dll: CoFreeLibrary, CoInitialize, CoUninitialize

( 2 exports ) 
LvCoInstaller, SetupEntryPoint
 
rapport pour C:\WINDOWS\system32\mfc71d.dll 

Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.10.3.2 2008.10.03 - 
AntiVir 7.8.1.34 2008.10.04 - 
Authentium 5.1.0.4 2008.10.05 - 
Avast 4.8.1248.0 2008.10.04 - 
AVG 8.0.0.161 2008.10.05 - 
BitDefender 7.2 2008.10.05 - 
CAT-QuickHeal 9.50 2008.10.04 - 
ClamAV 0.93.1 2008.10.05 - 
DrWeb 4.44.0.09170 2008.10.05 - 
eSafe 7.0.17.0 2008.10.05 - 
eTrust-Vet 31.6.6129 2008.10.04 - 
Ewido 4.0 2008.10.05 - 
F-Prot 4.4.4.56 2008.10.05 - 
F-Secure 8.0.14332.0 2008.10.05 - 
Fortinet 3.113.0.0 2008.10.04 - 
GData 19 2008.10.05 - 
Ikarus T3.1.1.34.0 2008.10.05 - 
K7AntiVirus 7.10.484 2008.10.04 - 
Kaspersky 7.0.0.125 2008.10.05 - 
McAfee 5398 2008.10.04 - 
Microsoft 1.4005 2008.10.05 - 
NOD32 3495 2008.10.04 - 
Norman 5.80.02 2008.10.03 - 
Panda 9.0.0.4 2008.10.05 - 
PCTools 4.4.2.0 2008.10.05 - 
Prevx1 V2 2008.10.05 - 
Rising 20.63.62.00 2008.09.28 - 
SecureWeb-Gateway 6.7.6 2008.10.05 - 
Sophos 4.34.0 2008.10.05 - 
Sunbelt 3.1.1675.1 2008.09.27 - 
Symantec 10 2008.10.05 - 
TheHacker 6.3.1.0.101 2008.10.04 - 
TrendMicro 8.700.0.1004 2008.10.03 - 
VBA32 3.12.8.6 2008.10.05 - 
ViRobot 2008.10.4.1406 2008.10.04 - 
VirusBuster 4.5.11.0 2008.10.05 - 
Information additionnelle 
File size: 2179072 bytes 
MD5...: 2ada914bdd813631aab2882d51d7a24a 
SHA1..: 927c54353e88accc04f5082e0f0e4f4b3e475dbb 
SHA256: caf9cfd3d98dc0f1ba7d1093d515732f7b88584011b5b37839217c43dd7c2b30 
SHA512: a01c195e6c11c0d4fd61db9c9aa86761770bfe7da66e1fd6cb0955341ba92ffa
18f407e0131085d49420337b437469883e153634eb346ebdb3c31191a45548db 
PEiD..: InstallShield 2000 
TrID..: File type identification
Windows OCX File (90.7%)
Win32 Executable Generic (6.2%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7c1f8120
timedatestamp.....: 0x3e77f1f4 (Wed Mar 19 04:28:36 2003)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1e1d27 0x1e2000 6.26 7a08a204e45ee2ec18d12b85b4898e57
.data 0x1e3000 0x9ff4 0x7000 5.12 5ab7f845986082e9c962a586c332cbd9
.rsrc 0x1ed000 0xb478 0xc000 3.42 acb7f45c8690d13cfbaace2077a5a3f6
.reloc 0x1f9000 0x1da94 0x1e000 6.29 207e8c4b5f3ef584f82158baabf30eac

( 5 imports ) 
> MSVCR71D.dll: __CppXcptFilter, _adjust_fdiv, _initterm, _onexit, __dllonexit, _terminate@@YAXXZ, __security_error_handler, __1type_info@@UAE@XZ, _itoa, wcsncpy, _ltoa, _ultoa, _ismbcdigit, swprintf, labs, _mbsnbcmp, _mbsnbicmp, _splitpath, _fullpath, atol, __p___argc, __p___argv, _beginthreadex, __CxxFrameHandler, _endthreadex, _mbsdec, _strdup, _expand, atoi, strtod, strtol, strtoul, sscanf, abs, _mbctype, calloc, _msize, _ctime64, realloc, fclose, fflush, fseek, ftell, fgets, fputs, fwrite, fread, clearerr, _open_osfhandle, _fdopen, __doserrno, _get_osfhandle, abort, _CrtDoForAllClientObjects, _CrtMemDumpAllObjectsSince, _CrtMemCheckpoint, _CrtMemDumpStatistics, _CrtMemDifference, _CrtIsMemoryBlock, _CrtCheckMemory, _CrtSetBreakAlloc, _CrtSetAllocHook, _malloc_dbg, _free_dbg, _vsnprintf, _CrtDumpMemoryLeaks, _CrtSetDbgFlag, _CrtSetDumpClient, _CrtSetReportHook, _CrtSetReportMode, _CrtReportBlockType, _snprintf, memcmp, _gcvt, sprintf, _CxxThrowException, _purecall, memset, vsprintf, _vscprintf, _mbsrev, _mbslwr, _mbsupr, _mbscspn, _mbsspn, _mbspbrk, _mbsrchr, _mbschr, _mbsstr, _mbsicoll, _mbscoll, _mbsicmp, _mbscmp, _ismbcspace, _mbsinc, vswprintf, _vscwprintf, iswspace, _wcsrev, _wcslwr, _wcsupr, wcsrchr, wcspbrk, wcschr, wcscspn, wcsspn, wcsstr, _wcsicoll, wcscoll, _wcsicmp, wcscmp, wcslen, strlen, memmove, memcpy, free, malloc, wcscpy, _except_handler3, _resetstkoflw, _CrtDbgReport, floor, ceil, _localtime64, _gmtime64, _mktime64, _time64, _snwprintf, _vsnwprintf, strcpy, strcmp
> KERNEL32.dll: InitializeCriticalSection, TlsAlloc, GlobalHandle, TlsFree, LeaveCriticalSection, EnterCriticalSection, TlsSetValue, LocalReAlloc, TlsGetValue, WaitForSingleObject, SetEvent, PulseEvent, ResetEvent, CreateSemaphoreA, ReleaseSemaphore, CreateMutexA, ReleaseMutex, CreateEventA, WaitForMultipleObjects, GetModuleHandleA, lstrcmpW, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GlobalGetAtomNameA, GetCurrentThreadId, lstrcatA, FreeResource, FreeLibrary, MulDiv, GetProfileIntA, VirtualProtect, GlobalFlags, GetTempFileNameA, GetDiskFreeSpaceA, LocalUnlock, LocalLock, GetTempPathA, SearchPathA, EnumResourceLanguagesA, ConvertDefaultLocale, GetCurrentThread, SetErrorMode, GetPrivateProfileIntA, GetPrivateProfileStringA, WritePrivateProfileStringA, GetCurrentDirectoryA, InterlockedIncrement, FindNextFileA, GetTickCount, FileTimeToSystemTime, CopyFileA, lstrcpynW, GetUserDefaultLCID, IsDBCSLeadByte, lstrcpyW, GetSystemTime, ExitProcess, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, LocalAlloc, InterlockedDecrement, GetOEMCP, GetCPInfo, SetFileAttributesA, SetFileTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetFileTime, GetFileAttributesA, GlobalFree, GlobalUnlock, GlobalReAlloc, GlobalAlloc, GlobalLock, GlobalSize, GetModuleFileNameA, GetShortPathNameA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, lstrcpyA, LoadLibraryA, DeleteFileA, MoveFileA, GetFileSize, SetEndOfFile, UnlockFile, LockFile, CloseHandle, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetCurrentProcess, DuplicateHandle, SuspendThread, ResumeThread, GetThreadPriority, SetThreadPriority, lstrcmpA, lstrcpynA, SetLastError, RaiseException, DeleteCriticalSection, LocalFree, FormatMessageA, GetLastError, FindResourceExA, LoadResource, LockResource, SizeofResource, FindResourceA, IsBadStringPtrA, IsBadReadPtr, IsBadWritePtr, lstrlenA, lstrcmpiA, lstrcmpiW, GetStringTypeExA, GetStringTypeExW, WideCharToMultiByte, lstrlenW, CompareStringA, CompareStringW, GetEnvironmentVariableA, MultiByteToWideChar, GetVersion, GetEnvironmentVariableW, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, GetVersionExA, GetModuleFileNameW, OpenFileMappingA, CreateFileMappingA, MapViewOfFile, GetSystemInfo, UnmapViewOfFile, VirtualAlloc, FileTimeToLocalFileTime, OutputDebugStringW, OutputDebugStringA, GetProcAddress, OpenEventA
> GDI32.dll: ResetDCA, Ellipse, Chord, Polyline, Arc, GetCurrentPositionEx, RectVisible, PtVisible, PaintRgn, InvertRgn, FrameRgn, CopyMetaFileA, PlayMetaFile, EnumMetaFile, PlayMetaFileRecord, ExtSelectClipRgn, SelectClipPath, GetClipRgn, PolyBezierTo, SetColorAdjustment, PolylineTo, PolyDraw, SetArcDirection, ArcTo, SetMapperFlags, SetTextCharacterExtra, SetTextJustification, SetTextAlign, LineTo, OffsetClipRgn, ExcludeClipRect, SelectClipRgn, OffsetWindowOrgEx, SetStretchBltMode, SetROP2, SetPolyFillMode, SetBkMode, SelectPalette, EnumFontFamiliesExA, DeleteMetaFile, IntersectClipRect, SetWindowOrgEx, MoveToEx, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, RestoreDC, SaveDC, DeleteObject, StretchDIBits, DeleteDC, SetBkColor, SetTextColor, GetClipBox, GetDCOrgEx, PlayEnhMetaFile, GdiComment, WidenPath, StrokePath, StrokeAndFillPath, SetMiterLimit, GetPath, GetMiterLimit, FlattenPath, FillPath, EndPath, CloseFigure, BeginPath, AbortPath, GetCharWidthFloatA, GetCharABCWidthsFloatA, ExtEscape, DrawEscape, PolyBezier, GetCurrentObject, GetColorAdjustment, PolyPolyline, GetArcDirection, AngleArc, SetPixelV, PlgBlt, MaskBlt, EndDoc, AbortDoc, SetAbortProc, EndPage, StartPage, StartDocA, GetGlyphOutlineA, GetKerningPairsA, GetFontData, GetCharABCWidthsA, GetOutlineTextMetricsA, GetBoundsRect, SetBoundsRect, Escape, GetAspectRatioFilterEx, GetCharacterPlacementA, GetFontLanguageInfo, GetCharWidthA, GetTextCharacterExtra, GetTextMetricsA, GetTextFaceA, GetTextAlign, GetTextExtentPoint32A, TextOutA, ExtFloodFill, FloodFill, SetPixel, GetPixel, StretchBlt, BitBlt, PatBlt, RoundRect, Rectangle, PolyPolygon, Polygon, FillRgn, LPtoDP, DPtoLP, GetWindowExtEx, GetWindowOrgEx, GetViewportExtEx, GetViewportOrgEx, GetMapMode, GetTextColor, GetStretchBltMode, GetROP2, GetPolyFillMode, GetBkMode, GetBkColor, UpdateColors, RealizePalette, GetNearestColor, SelectObject, EnumObjects, SetBrushOrgEx, GetBrushOrgEx, GetDeviceCaps, CreateCompatibleDC, CreateICA, CreateDCA, RectInRegion, PtInRegion, GetRgnBox, OffsetRgn, EqualRgn, CombineRgn, SetRectRgn, GetRegionData, ExtCreateRegion, PathToRegion, CreateRoundRectRgn, CreatePolyPolygonRgn, CreatePolygonRgn, CreateEllipticRgnIndirect, CreateEllipticRgn, CreateRectRgnIndirect, CreateRectRgn, ResizePalette, GetNearestPaletteIndex, AnimatePalette, SetPaletteEntries, GetPaletteEntries, CreateHalftonePalette, CreatePalette, CreateDiscardableBitmap, CreateCompatibleBitmap, GetBitmapDimensionEx, Pie, SetBitmapDimensionEx, GetBitmapBits, SetBitmapBits, CreateBitmapIndirect, CreateBitmap, CreateFontA, CreateFontIndirectA, CreateDIBPatternBrushPt, CreatePatternBrush, CreateBrushIndirect, CreateHatchBrush, CreateSolidBrush, ExtCreatePen, CreatePenIndirect, CreatePen, GetObjectType, UnrealizeObject, GetStockObject, GetObjectA, ExtTextOutA, CloseEnhMetaFile, CreateEnhMetaFileA, CloseMetaFile, CreateMetaFileA
> USER32.dll: DrawTextExA, GetTabbedTextExtentA, GrayStringA, ScrollDC, CreateMenu, CreatePopupMenu, IsMenu, DeleteMenu, AppendMenuA, CheckMenuItem, EnableMenuItem, SetMenuDefaultItem, GetMenuDefaultItem, GetMenuItemCount, GetMenuItemID, GetMenuState, GetMenuStringA, GetMenuItemInfoA, SetMenuItemInfoA, GetSubMenu, InsertMenuA, InsertMenuItemA, ModifyMenuA, RemoveMenu, SetMenuItemBitmaps, LoadMenuA, LoadMenuIndirectA, SetMenuContextHelpId, GetMenuContextHelpId, CheckMenuRadioItem, DragDetect, GetMenu, SetMenu, DrawMenuBar, GetSystemMenu, HiliteMenuItem, IsIconic, IsZoomed, ArrangeIconicWindows, SetWindowRgn, GetWindowRgn, BringWindowToTop, GetWindowRect, GetClientRect, MapWindowPoints, ClientToScreen, ScreenToClient, BeginPaint, EndPaint, GetDC, GetWindowDC, ReleaseDC, UpdateWindow, GetUpdateRect, GetUpdateRgn, InvalidateRect, InvalidateRgn, ValidateRect, ValidateRgn, IsWindowVisible, ShowOwnedPopups, GetDCEx, LockWindowUpdate, RedrawWindow, EnableScrollBar, DrawAnimatedRects, DrawCaption, SetTimer, KillTimer, GetActiveWindow, SetActiveWindow, GetCapture, SetCapture, GetFocus, GetDesktopWindow, DlgDirListA, DlgDirListComboBoxA, DlgDirSelectExA, DlgDirSelectComboBoxExA, GetNextDlgGroupItem, GetNextDlgTabItem, ShowScrollBar, ChildWindowFromPoint, ChildWindowFromPointEx, FindWindowA, FindWindowExA, GetWindow, GetTopWindow, GetLastActivePopup, IsChild, GetParent, SetParent, WindowFromPoint, FlashWindow, ChangeClipboardChain, SetClipboardViewer, OpenClipboard, GetOpenClipboardWindow, GetClipboardOwner, GetClipboardViewer, CreateCaret, GetCaretPos, SetCaretPos, HideCaret, ShowCaret, SetForegroundWindow, GetForegroundWindow, SendNotifyMessageA, SetWindowContextHelpId, GetWindowContextHelpId, EnableWindow, DrawTextA, GetScrollPos, SetScrollPos, GetScrollRange, SetScrollRange, PostThreadMessageA, LoadCursorA, LoadIconA, CloseWindow, OpenIcon, GetSystemMetrics, UnhookWindowsHookEx, MsgWaitForMultipleObjects, GetWindowPlacement, SystemParametersInfoA, IntersectRect, OffsetRect, SetWindowPos, SetWindowLongA, GetMessagePos, GetMessageTime, DefWindowProcA, RemovePropA, CallWindowProcA, GetPropA, SetPropA, GetClassNameA, GetClassInfoExA, GetClassLongA, CallNextHookEx, SetWindowsHookExA, CreateWindowExA, GetDlgCtrlID, DestroyWindow, GetKeyState, GetWindowTextA, GetWindowTextLengthA, GetDlgItem, SetWindowPlacement, TrackPopupMenu, TrackPopupMenuEx, RegisterClassA, GetClassInfoA, WinHelpA, MessageBoxA, SetScrollInfo, GetScrollInfo, ScrollWindow, EndDeferWindowPos, CopyRect, BeginDeferWindowPos, DeferWindowPos, EqualRect, AdjustWindowRectEx, SetFocus, DispatchMessageA, GetSysColor, SendDlgItemMessageA, RegisterWindowMessageA, LoadAcceleratorsA, TranslateAcceleratorA, ReleaseCapture, SetCursor, IsWindowEnabled, ShowWindow, DestroyMenu, ReuseDDElParam, UnpackDDElParam, WaitMessage, GetCursorPos, GetWindowThreadProcessId, TranslateMessage, GetMessageA, DefFrameProcA, TranslateMDISysAccel, DefMDIChildProcA, SetRectEmpty, GetKeyNameTextA, MapVirtualKeyA, CreateDialogIndirectParamA, EndDialog, GetAsyncKeyState, GetDialogBaseUnits, GetClipboardFormatNameA, SetWindowTextA, CheckDlgButton, CheckRadioButton, GetDlgItemInt, GetDlgItemTextA, SetDlgItemInt, SetDlgItemTextA, IsDlgButtonChecked, ScrollWindowEx, IsDialogMessageA, MoveWindow, GetMenuCheckMarkDimensions, DestroyIcon, SetCursorPos, DestroyCursor, PtInRect, IsClipboardFormatAvailable, MessageBeep, RegisterClipboardFormatA, CopyAcceleratorTableA, InSendMessage, IsRectEmpty, CountClipboardFormats, CharNextA, ClipCursor, InflateRect, EnumChildWindows, DrawFocusRect, DrawFrameControl, DrawEdge, DrawStateA, DrawIcon, GetWindowLongA, InvertRect, FrameRect, FillRect, ExcludeUpdateRgn, WindowFromDC, LoadBitmapA, GetSysColorBrush, TabbedTextOutA, PostMessageA, SendMessageA, IsWindow, MapDialogRect, PeekMessageA, PostQuitMessage, wsprintfA, UnregisterClassA, OemToCharA, CharToOemA, CharUpperA, CharUpperW, CharLowerA, CharLowerW, DispatchMessageW, GetMessageW, IsWindowUnicode, SetRect, UnionRect, SubtractRect
> SHLWAPI.dll: PathFindFileNameA, PathRemoveExtensionA, PathFindExtensionA, PathStripToRootA, PathIsUNCA, UrlUnescapeA

 
0 exports

rapport pour C:\WINDOWS\system32\MobiProxyPlugin.ax 
Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.10.3.2 2008.10.03 - 
AntiVir 7.8.1.34 2008.10.04 - 
Authentium 5.1.0.4 2008.10.05 - 
Avast 4.8.1248.0 2008.10.04 - 
AVG 8.0.0.161 2008.10.05 - 
BitDefender 7.2 2008.10.05 - 
CAT-QuickHeal 9.50 2008.10.04 - 
ClamAV 0.93.1 2008.10.05 - 
DrWeb 4.44.0.09170 2008.10.05 - 
eSafe 7.0.17.0 2008.10.05 - 
eTrust-Vet 31.6.6129 2008.10.04 - 
Ewido 4.0 2008.10.05 - 
F-Prot 4.4.4.56 2008.10.05 - 
F-Secure 8.0.14332.0 2008.10.05 - 
Fortinet 3.113.0.0 2008.10.04 - 
GData 19 2008.10.05 - 
Ikarus T3.1.1.34.0 2008.10.05 - 
K7AntiVirus 7.10.484 2008.10.04 - 
Kaspersky 7.0.0.125 2008.10.05 - 
McAfee 5398 2008.10.04 - 
Microsoft 1.4005 2008.10.05 - 
NOD32 3495 2008.10.04 - 
Norman 5.80.02 2008.10.03 - 
Panda 9.0.0.4 2008.10.05 - 
PCTools 4.4.2.0 2008.10.05 - 
Prevx1 V2 2008.10.05 - 
Rising 20.63.62.00 2008.09.28 - 
SecureWeb-Gateway 6.7.6 2008.10.05 - 
Sophos 4.34.0 2008.10.05 - 
Sunbelt 3.1.1675.1 2008.09.27 - 
Symantec 10 2008.10.05 - 
TheHacker 6.3.1.0.101 2008.10.04 - 
TrendMicro 8.700.0.1004 2008.10.03 - 
VBA32 3.12.8.6 2008.10.05 - 
ViRobot 2008.10.4.1406 2008.10.04 - 
VirusBuster 4.5.11.0 2008.10.05 - 
Information additionnelle 
File size: 720896 bytes 
MD5...: f88445fc6d5d1046a62be4f34a4b88ec 
SHA1..: 423db83ae285c6265990a4ef17dc334c94e3cb10 
SHA256: 6d4a4abd1e4fa1638ab6c881edb066be6888e227b3839567a0fde641ec60bb47 
SHA512: d23a2f705acb88750c62b994361f9673b2541345bd28a6eed1830989f001941a
29edac51b3f7059829aa8233d75977e12e0dddddd100cbe0bbd7c6a4e1353974 
PEiD..: - 
TrID..: File type identification
DirectShow filter (98.0%)
Generic Win/DOS Executable (0.9%)
DOS Executable Generic (0.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10002731
timedatestamp.....: 0x46e4e4df (Mon Sep 10 06:31:59 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1868 0x2000 5.25 d3b6e588ae81cc37e9c9d7fa12e47762
.rdata 0x3000 0x9fe 0x1000 3.57 5ff8fd80876461d364c5cca0d8828822
.data 0x4000 0xcc 0x1000 0.03 1061cfffddaa095daeccf62d123b87f7
.rsrc 0x5000 0xa9340 0xaa000 4.33 1ba77b9f69417ce65059a1894cbfe81e
.reloc 0xaf000 0x8a2 0x1000 1.23 ede669babf87f54cd824486598dd8d47

( 7 imports ) 
> KERNEL32.dll: CloseHandle, GetVersionExA, LoadLibraryA, InterlockedDecrement, FreeLibrary, InterlockedIncrement, GetModuleFileNameA, GetModuleHandleA, GetLastError, lstrlenA, MultiByteToWideChar, DisableThreadLibraryCalls
> USER32.dll: wsprintfA, LoadBitmapA
> GDI32.dll: CreateCompatibleDC, GetObjectA, CreateDIBSection, StretchBlt, DeleteObject, DeleteDC, SelectObject
> ADVAPI32.dll: RegSetValueExA, RegEnumKeyExA, RegOpenKeyExA, RegCreateKeyA, RegSetValueA, RegDeleteKeyW, RegSetValueExW, RegCloseKey, RegCreateKeyExW, RegDeleteKeyA
> ole32.dll: StringFromGUID2, CoUninitialize, CoFreeUnusedLibraries, CoCreateInstance, CoInitialize
> MSVCR71.dll: __3@YAXPAX@Z, wcscpy, wcslen, wcsncat, __2@YAPAXI@Z
> ksproxy.ax: KsSynchronousDeviceControl

( 4 exports ) 
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
 

rapport pour C:\WINDOWS\system32\msvcr71d.dll 
Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.10.3.2 2008.10.03 - 
AntiVir 7.8.1.34 2008.10.04 - 
Authentium 5.1.0.4 2008.10.05 - 
Avast 4.8.1248.0 2008.10.04 - 
AVG 8.0.0.161 2008.10.05 - 
BitDefender 7.2 2008.10.05 - 
CAT-QuickHeal 9.50 2008.10.04 - 
ClamAV 0.93.1 2008.10.05 - 
DrWeb 4.44.0.09170 2008.10.05 - 
eSafe 7.0.17.0 2008.10.05 - 
eTrust-Vet 31.6.6129 2008.10.04 - 
Ewido 4.0 2008.10.05 - 
F-Prot 4.4.4.56 2008.10.05 - 
F-Secure 8.0.14332.0 2008.10.05 - 
Fortinet 3.113.0.0 2008.10.04 - 
GData 19 2008.10.05 - 
Ikarus T3.1.1.34.0 2008.10.05 - 
K7AntiVirus 7.10.484 2008.10.04 - 
Kaspersky 7.0.0.125 2008.10.05 - 
McAfee 5398 2008.10.04 - 
Microsoft 1.4005 2008.10.05 - 
NOD32 3495 2008.10.04 - 
Norman 5.80.02 2008.10.03 - 
Panda 9.0.0.4 2008.10.05 - 
PCTools 4.4.2.0 2008.10.05 - 
Prevx1 V2 2008.10.05 - 
Rising 20.63.62.00 2008.09.28 - 
SecureWeb-Gateway 6.7.6 2008.10.05 - 
Sophos 4.34.0 2008.10.05 - 
Sunbelt 3.1.1675.1 2008.09.27 - 
Symantec 10 2008.10.05 - 
TheHacker 6.3.1.0.101 2008.10.04 - 
TrendMicro 8.700.0.1004 2008.10.03 - 
VBA32 3.12.8.6 2008.10.05 - 
ViRobot 2008.10.4.1406 2008.10.04 - 
VirusBuster 4.5.11.0 2008.10.05 - 
Information additionnelle 
File size: 544768 bytes 
MD5...: 40d72771ded1a9b92110a20e65cd15e9 
SHA1..: 68fb2078475fe7f1cad47fe78091d4209c52fcc0 
SHA256: cd20e6ccf6ce1d7f968dbf24040c365f53e7b5e868dbb0df5009698b2aa8963a 
SHA512: 2d9e00ab19628e13149677f32003db64eec56104b27c6866cc250c9e17c10cbe
eacbbc25929582c491da7f5298e1f8fde311e28e2c196097d28e16f0142c687d 
PEiD..: - 
TrID..: File type identification
Win64 Executable Generic (46.2%)
Win32 EXE PECompact compressed (generic) (22.4%)
Win32 Executable MS Visual C++ (generic) (20.3%)
Win32 Executable Generic (4.6%)
Win32 Dynamic Link Library (generic) (4.0%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10202130
timedatestamp.....: 0x3e77de16 (Wed Mar 19 03:03:50 2003)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x65182 0x66000 6.35 4354c4320bac05d664d8bbd026e476a1
.rdata 0x67000 0x1259e 0x13000 6.12 279b10769851747bb7bce0596132fbbb
.data 0x7a000 0x6948 0x5000 2.90 b810a73a2e5f2dfac6f591efa163ce54
.rsrc 0x81000 0x3c0 0x1000 1.03 a8ea7c6a0ae1a61a34259e87e9bf978b
.reloc 0x82000 0x4ca2 0x5000 6.39 3665fb63eb3e399caeefe00f336a7bb1

( 1 imports ) 
> KERNEL32.dll: GetModuleFileNameA, GetModuleFileNameW, TerminateProcess, GetCurrentProcess, ExitProcess, GetProcAddress, GetModuleHandleA, WriteFile, GetStdHandle, GetCurrentThreadId, GetCommandLineA, GetVersionExA, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, FatalAppExitA, ResumeThread, GetLastError, CreateThread, ExitThread, CloseHandle, TlsAlloc, TlsFree, TlsSetValue, TlsGetValue, SetLastError, GetCurrentThread, FindNextFileA, FindFirstFileA, FindClose, FindNextFileW, FindFirstFileW, GetEnvironmentVariableA, HeapDestroy, HeapCreate, HeapFree, VirtualFree, HeapAlloc, VirtualAlloc, HeapReAlloc, IsBadWritePtr, SetHandleCount, GetFileType, GetStartupInfoA, GetACP, GetOEMCP, GetCPInfo, IsBadReadPtr, HeapValidate, RtlUnwind, LoadLibraryA, DebugBreak, InterlockedDecrement, OutputDebugStringA, InterlockedIncrement, MultiByteToWideChar, GetCommandLineW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, InitializeCriticalSection, UnhandledExceptionFilter, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetConsoleCtrlHandler, VirtualQuery, InterlockedExchange, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetEnvironmentVariableA, SetEnvironmentVariableW, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, GetLocaleInfoW, GetTimeFormatA, GetDateFormatA, GetTimeZoneInformation, VirtualProtect, GetSystemInfo, FlushFileBuffers, SetFilePointer, SetStdHandle, CompareStringA, CompareStringW, Sleep, Beep, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDiskFreeSpaceA, GetLogicalDrives, SetErrorMode, GetFileAttributesA, GetCurrentDirectoryA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetDriveTypeA, CreateDirectoryA, RemoveDirectoryA, DeleteFileA, GetFileAttributesW, GetCurrentDirectoryW, SetCurrentDirectoryW, SetFileAttributesW, GetFullPathNameW, CreateDirectoryW, DeleteFileW, MoveFileW, RemoveDirectoryW, GetDriveTypeW, MoveFileA, RaiseException, SetUnhandledExceptionFilter, IsBadCodePtr, GetExitCodeProcess, WaitForSingleObject, FreeLibrary, CreateProcessA, CreateProcessW, HeapCompact, HeapWalk, ReadConsoleA, SetConsoleMode, GetConsoleMode, IsDBCSLeadByteEx, GetConsoleCP, ReadConsoleW, SetEndOfFile, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, DuplicateHandle, GetFileInformationByHandle, PeekNamedPipe, ReadConsoleInputA, PeekConsoleInputA, GetNumberOfConsoleInputEvents, ReadConsoleInputW, LockFile, UnlockFile, CreateFileA, CreatePipe, ReadFile, CreateFileW, SetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, GetLocalTime, SetLocalTime

( 879 exports ) 
$I10_OUTPUT, __0__non_rtti_object@@QAE@ABV0@@Z, __0__non_rtti_object@@QAE@PBD@Z, __0bad_cast@@AAE@PBQBD@Z, __0bad_cast@@QAE@ABQBD@Z, __0bad_cast@@QAE@ABV0@@Z, __0bad_cast@@QAE@PBD@Z, __0bad_typeid@@QAE@ABV0@@Z, __0bad_typeid@@QAE@PBD@Z, __0exception@@QAE@ABQBD@Z, __0exception@@QAE@ABV0@@Z, __0exception@@QAE@XZ, __1__non_rtti_object@@UAE@XZ, __1bad_cast@@UAE@XZ, __1bad_typeid@@UAE@XZ, __1exception@@UAE@XZ, __1type_info@@UAE@XZ, __2@YAPAXI@Z, __2@YAPAXIHPBDH@Z, __3@YAXPAX@Z, __4__non_rtti_object@@QAEAAV0@ABV0@@Z, __4bad_cast@@QAEAAV0@ABV0@@Z, __4bad_typeid@@QAEAAV0@ABV0@@Z, __4exception@@QAEAAV0@ABV0@@Z, __8type_info@@QBEHABV0@@Z, __9type_info@@QBEHABV0@@Z, ___7__non_rtti_object@@6B@, ___7bad_cast@@6B@, ___7bad_typeid@@6B@, ___7exception@@6B@, ___Fbad_cast@@QAEXXZ, ___Fbad_typeid@@QAEXXZ, ___U@YAPAXI@Z, ___U@YAPAXIHPBDH@Z, ___V@YAXPAX@Z, __query_new_handler@@YAP6AHI@ZXZ, __query_new_mode@@YAHXZ, __set_new_handler@@YAP6AHI@ZP6AHI@Z@Z, __set_new_mode@@YAHH@Z, __set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z, _before@type_info@@QBEHABV1@@Z, _name@type_info@@QBEPBDXZ, _raw_name@type_info@@QBEPBDXZ, _set_new_handler@@YAP6AXXZP6AXXZ@Z, _set_terminate@@YAP6AXXZP6AXXZ@Z, _set_unexpected@@YAP6AXXZP6AXXZ@Z, _swprintf@@YAHPAGIPBGZZ, _swprintf@@YAHPA_WIPB_WZZ, _terminate@@YAXXZ, _unexpected@@YAXXZ, _vswprintf@@YAHPAGIPBGPAD@Z, _vswprintf@@YAHPA_WIPB_WPAD@Z, _what@exception@@UBEPBDXZ, _CIacos, _CIasin, _CIatan, _CIatan2, _CIcos, _CIcosh, _CIexp, _CIfmod, _CIlog, _CIlog10, _CIpow, _CIsin, _CIsinh, _CIsqrt, _CItan, _CItanh, _CRT_RTC_INIT, _CrtCheckMemory, _CrtDbgBreak, _CrtDbgReport, _CrtDoForAllClientObjects, _CrtDumpMemoryLeaks, _CrtIsMemoryBlock, _CrtIsValidHeapPointer, _CrtIsValidPointer, _CrtMemCheckpoint, _CrtMemDifference, _CrtMemDumpAllObjectsSince, _CrtMemDumpStatistics, _CrtReportBlockType, _CrtSetAllocHook, _CrtSetBreakAlloc, _CrtSetDbgBlockType, _CrtSetDbgFlag, _CrtSetDumpClient, _CrtSetReportFile, _CrtSetReportHook, _CrtSetReportHook2, _CrtSetReportMode, _CxxThrowException, _EH_prolog, _Getdays, _Getmonths, _Gettnames, _HUGE, _Strftime, _XcptFilter, __CppXcptFilter, __CxxCallUnwindDtor, __CxxCallUnwindVecDtor, __CxxDetectRethrow, __CxxExceptionFilter, __CxxFrameHandler, __CxxLongjmpUnwind, __CxxQueryExceptionSize, __CxxRegisterExceptionObject, __CxxUnregisterExceptionObject, __DestructExceptionObject, __RTCastToVoid, __RTDynamicCast, __RTtypeid, __STRINGTOLD, ___lc_codepage_func, ___lc_collate_cp_func, ___lc_handle_func, ___mb_cur_max_func, ___setlc_active_func, ___unguarded_readlc_active_add_func, __argc, __argv, __badioinfo, __buffer_overrun, __crtCompareStringA, __crtCompareStringW, __crtGetLocaleInfoW, __crtGetStringTypeW, __crtLCMapStringA, __crtLCMapStringW, __dllonexit, __doserrno, __fpecode, __getmainargs, __initenv, __iob_func, __isascii, __iscsym, __iscsymf, __lc_clike, __lc_codepage, __lc_collate_cp, __lc_handle, __lconv_init, __mb_cur_max, __p___argc, __p___argv, __p___initenv, __p___mb_cur_max, __p___wargv, __p___winitenv, __p__acmdln, __p__amblksiz, __p__commode, __p__crtAssertBusy, __p__crtBreakAlloc, __p__crtDbgFlag, __p__daylight, __p__dstbias, __p__environ, __p__fileinfo, __p__fmode, __p__iob, __p__mbcasemap, __p__mbctype, __p__osver, __p__pctype, __p__pgmptr, __p__pwctype, __p__timezone, __p__tzname, __p__wcmdln, __p__wenviron, __p__winmajor, __p__winminor, __p__winver, __p__wpgmptr, __pctype_func, __pioinfo, __pwctype_func, __pxcptinfoptrs, __security_error_handler, __set_app_type, __set_buffer_overrun_handler, __setlc_active, __setusermatherr, __threadhandle, __threadid, __toascii, __unDName, __unDNameEx, __uncaught_exception, __unguarded_readlc_active, __wargv, __wcserror, __wgetmainargs, __winitenv, _abnormal_termination, _access, _acmdln, _adj_fdiv_m16i, _adj_fdiv_m32, _adj_fdiv_m32i, _adj_fdiv_m64, _adj_fdiv_r, _adj_fdivr_m16i, _adj_fdivr_m32, _adj_fdivr_m32i, _adj_fdivr_m64, _adj_fpatan, _adj_fprem, _adj_fprem1, _adj_fptan, _adjust_fdiv, _aexit_rtn, _aligned_free, _aligned_free_dbg, _aligned_malloc, _aligned_malloc_dbg, _aligned_offset_malloc, _aligned_offset_malloc_dbg, _aligned_offset_realloc, _aligned_offset_realloc_dbg, _aligned_realloc, _aligned_realloc_dbg, _amsg_exit, _assert, _atodbl, _atoi64, _atoldbl, _beep, _beginthread, _beginthreadex, _c_exit, _cabs, _callnewh, _calloc_dbg, _cexit, _cgets, _cgetws, _chdir, _chdrive, _chgsign, _chkesp, _chmod, _chsize, _chvalidator, _clearfp, _close, _commit, _commode, _control87, _controlfp, _copysign, _cprintf, _cputs, _cputws, _creat, _crtAssertBusy, _crtBreakAlloc, _crtDbgFlag, _cscanf, _ctime64, _cwait, _cwprintf, _cwscanf, _daylight, _dstbias, _dup, _dup2, _ecvt, _endthread, _endthreadex, _environ, _eof, _errno, _except_handler2, _except_handler3, _execl, _execle, _execlp, _execlpe, _execv, _execve, _execvp, _execvpe, _exit, _expand, _expand_dbg, _fcloseall, _fcvt, _fdopen, _fgetchar, _fgetwchar, _filbuf, _fileinfo, _filelength, _filelengthi64, _fileno, _findclose, _findfirst, _findfirst64, _findfirsti64, _findnext, _findnext64, _findnexti64, _finite, _flsbuf, _flushall, _fmode, _fpclass, _fpieee_flt, _fpreset, _fputchar, _fputwchar, _free_dbg, _fsopen, _fstat, _fstat64, _fstati64, _ftime, _ftime64, _ftol, _fullpath, _futime, _futime64, _gcvt, _get_heap_handle, _get_osfhandle, _get_sbh_threshold, _getch, _getche, _getcwd, _getdcwd, _getdiskfree, _getdllprocaddr, _getdrive, _getdrives, _getmaxstdio, _getmbcp, _getpid, _getsystime, _getw, _getwch, _getwche, _getws, _global_unwind2, _gmtime64, _heapadd, _heapchk, _heapmin, _heapset, _heapused, _heapwalk, _hypot, _i64toa, _i64tow, _initterm, _inp, _inpd, _inpw, _iob, _isatty, _isctype, _ismbbalnum, _ismbbalpha, _ismbbgraph, _ismbbkalnum, _ismbbkana, _ismbbkprint, _ismbbkpunct, _ismbblead, _ismbbprint, _ismbbpunct, _ismbbtrail, _ismbcalnum, _ismbcalpha, _ismbcdigit, _ismbcgraph, _ismbchira, _ismbckata, _ismbcl0, _ismbcl1, _ismbcl2, _ismbclegal, _ismbclower, _ismbcprint, _ismbcpunct, _ismbcspace, _ismbcsymbol, _ismbcupper, _ismbslead, _ismbstrail, _isnan, _itoa, _itow, _j0, _j1, _jn, _kbhit, _lfind, _loaddll, _local_unwind2, _localtime64, _lock, _locking, _logb, _longjmpex, _lrotl, _lrotr, _lsearch, _lseek, _lseeki64, _ltoa, _ltow, _makepath, _malloc_dbg, _mbbtombc, _mbbtype, _mbcasemap, _mbccpy, _mbcjistojms, _mbcjmstojis, _mbclen, _mbctohira, _mbctokata, _mbctolower, _mbctombb, _mbctoupper, _mbctype, _mbsbtype, _mbscat, _mbschr, _mbscmp, _mbscoll, _mbscpy, _mbscspn, _mbsdec, _mbsdup, _mbsicmp, _mbsicoll, _mbsinc, _mbslen, _mbslwr, _mbsnbcat, _mbsnbcmp, _mbsnbcnt, _mbsnbcoll, _mbsnbcpy, _mbsnbicmp, _mbsnbicoll, _mbsnbset, _mbsncat, _mbsnccnt, _mbsncmp, _mbsncoll, _mbsncpy, _mbsnextc, _mbsnicmp, _mbsnicoll, _mbsninc, _mbsnset, _mbspbrk, _mbsrchr, _mbsrev, _mbsset, _mbsspn, _mbsspnp, _mbsstr, _mbstok, _mbstrlen, _mbsupr, _memccpy, _memicmp, _mkdir, _mktemp, _mktime64, _msize, _msize_dbg, _nextafter, _onexit, _open, _open_osfhandle, _osplatform, _osver, _outp, _outpd, _outpw, _pclose, _pctype, _pgmptr, _pipe, _popen, _purecall, _putch, _putenv, _putw, _putwch, _putws, _pwctype, _read, _realloc_dbg, _resetstkoflw, _rmdir, _rmtmp, _rotl, _rotr, _safe_fdiv, _safe_fdivr, _safe_fprem, _safe_fprem1, _scalb, _scprintf, _scwprintf, _searchenv, _seh_longjmp_unwind, _set_SSE2_enable, _set_error_mode, _set_purecall_handler, _set_sbh_threshold, _set_security_error_handler, _seterrormode, _setjmp, _setjmp3, _setmaxstdio, _setmbcp, _setmode, _setsystime, _sleep, _snprintf, _snscanf, _snwprintf, _snwscanf, _sopen, _spawnl, _spawnle, _spawnlp, _spawnlpe, _spawnv, _spawnve, _spawnvp, _spawnvpe, _splitpath, _stat, _stat64, _stati64, _statusfp, _strcmpi, _strdate, _strdup, _strerror, _stricmp, _stricoll, _strlwr, _strncoll, _strnicmp, _strnicoll, _strnset, _strrev, _strset, _strtime, _strtoi64, _strtoui64, _strupr, _swab, _sys_errlist, _sys_nerr, _tell, _telli64, _tempnam, _time64, _timezone, _tolower, _toupper, _tzname, _tzset, _ui64toa, _ui64tow, _ultoa, _ultow, _umask, _ungetch, _ungetwch, _unlink, _unloaddll, _unlock, _utime, _utime64, _vscprintf, _vscwprintf, _vsnprintf, _vsnwprintf, _waccess, _wasctime, _wchdir, _wchmod, _wcmdln, _wcreat, _wcsdup, _wcserror, _wcsicmp, _wcsicoll, _wcslwr, _wcsncoll, _wcsnicmp, _wcsnicoll, _wcsnset, _wcsrev, _wcsset, _wcstoi64, _wcstoui64, _wcsupr, _wctime, _wctime64, _wctype, _wenviron, _wexecl, _wexecle, _wexeclp, _wexeclpe, _wexecv, _wexecve, _wexecvp, _wexecvpe, _wfdopen, _wfindfirst, _wfindfirst64, _wfindfirsti64, _wfindnext, _wfindnext64, _wfindnexti64, _wfopen, _wfreopen, _wfsopen, _wfullpath, _wgetcwd, _wgetdcwd, _wgetenv, _winmajor, _winminor, _winver, _wmakepath, _wmkdir, _wmktemp, _wopen, _wperror, _wpgmptr, _wpopen, _wputenv, _wremove, _wrename, _write, _wrmdir, _wsearchenv, _wsetlocale, _wsopen, _wspawnl, _wspawnle, _wspawnlp, _wspawnlpe, _wspawnv, _wspawnve, _wspawnvp, _wspawnvpe, _wsplitpath, _wstat, _wstat64, _wstati64, _wstrdate, _wstrtime, _wsystem, _wtempnam, _wtmpnam, _wtof, _wtoi, _wtoi64, _wtol, _wunlink, _wutime, _wutime64, _y0, _y1, _yn, abort, abs, acos, asctime, asin, atan, atan2, atexit, atof, atoi, atol, bsearch, calloc, ceil, clearerr, clock, cos, cosh, ctime, difftime, div, exit, exp, fabs, fclose, feof, ferror, fflush, fgetc, fgetpos, fgets, fgetwc, fgetws, floor, fmod, fopen, fprintf, fputc, fputs, fputwc, fputws, fread, free, freopen, frexp, fscanf, fseek, fsetpos, ftell, fwprintf, fwrite, fwscanf, getc, getchar, getenv, gets, getwc, getwchar, gmtime, is_wctype, isalnum, isalpha, iscntrl, isdigit, isgraph, isleadbyte, islower, isprint, ispunct, isspace, isupper, iswalnum, iswalpha, iswascii, iswcntrl, iswctype, iswdigit, iswgraph, iswlower, iswprint, iswpunct, iswspace, iswupper, iswxdigit, isxdigit, labs, ldexp, ldiv, localeconv, localtime, log, log10, longjmp, malloc, mblen, mbstowcs, mbtowc, memchr, memcmp, memcpy, memmove, memset, mktime, modf, perror, pow, printf, putc, putchar, puts, putwc, putwchar, qsort, raise, rand, realloc, remove, rename, rewind, scanf, setbuf, setlocale, setvbuf, signal, sin, sinh, sprintf, sqrt, srand, sscanf, strcat, strchr, strcmp, strcoll, strcpy, strcspn, strerror, strftime, strlen, strncat, strncmp, strncpy, strpbrk, strrchr, strspn, strstr, strtod, strtok, strtol, strtoul, strxfrm, swprintf, swscanf, system, tan, tanh, time, tmpfile, tmpnam, tolower, toupper, towlower, towupper, ungetc, ungetwc, vfprintf, vfwprintf, vprintf, vsprintf, vswprintf, vwprintf, wcscat, wcschr, wcscmp, wcscoll, wcscpy, wcscspn, wcsftime, wcslen, wcsncat, wcsncmp, wcsncpy, wcspbrk, wcsrchr, wcsspn, wcsstr, wcstod, wcstok, wcstol, wcstombs, wcstoul, wcsxfrm, wctomb, wprintf, wscanf
 
rapport pour C:\WINDOWS\system32\drivers\MobiCap.sys 
Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.10.3.2 2008.10.03 - 
AntiVir 7.8.1.34 2008.10.04 - 
Authentium 5.1.0.4 2008.10.05 - 
Avast 4.8.1248.0 2008.10.04 - 
AVG 8.0.0.161 2008.10.05 - 
BitDefender 7.2 2008.10.05 - 
CAT-QuickHeal 9.50 2008.10.04 - 
ClamAV 0.93.1 2008.10.05 - 
DrWeb 4.44.0.09170 2008.10.05 - 
eSafe 7.0.17.0 2008.10.05 - 
eTrust-Vet 31.6.6129 2008.10.04 - 
Ewido 4.0 2008.10.05 - 
F-Prot 4.4.4.56 2008.10.05 - 
F-Secure 8.0.14332.0 2008.10.05 - 
Fortinet 3.113.0.0 2008.10.04 - 
GData 19 2008.10.05 - 
Ikarus T3.1.1.34.0 2008.10.05 - 
K7AntiVirus 7.10.484 2008.10.04 - 
Kaspersky 7.0.0.125 2008.10.05 - 
McAfee 5398 2008.10.04 - 
Microsoft 1.4005 2008.10.05 - 
NOD32 3495 2008.10.04 - 
Norman 5.80.02 2008.10.03 - 
Panda 9.0.0.4 2008.10.05 - 
PCTools 4.4.2.0 2008.10.05 - 
Prevx1 V2 2008.10.05 - 
Rising 20.63.62.00 2008.09.28 - 
SecureWeb-Gateway 6.7.6 2008.10.05 - 
Sophos 4.34.0 2008.10.05 - 
Sunbelt 3.1.1675.1 2008.09.27 - 
Symantec 10 2008.10.05 - 
TheHacker 6.3.1.0.101 2008.10.04 - 
TrendMicro 8.700.0.1004 2008.10.03 - 
VBA32 3.12.8.6 2008.10.05 - 
ViRobot 2008.10.4.1406 2008.10.04 - 
VirusBuster 4.5.11.0 2008.10.05 - 
Information additionnelle 
File size: 19968 bytes 
MD5...: 69562ddfe50f8318b451719ca6c43e0e 
SHA1..: 011d400d65959236b7276683cfac6161a413ba10 
SHA256: 7c98b03d0040439f1c0d72d230f5d674f29ab82474a6dce9fc687819b2c41921 
SHA512: f0983b95ce7baf280ac0441f532bef592830192e610fd731a263cca92e73e3a9
bf7eb6bea69392f31287da63a44d8aca0a03c5d0d1a1c6df9ce28c166fbaf3cf 
PEiD..: - 
TrID..: File type identification
Win16/32 Executable Delphi generic (25.4%)
Clipper DOS Executable (24.8%)
Generic Win/DOS Executable (24.6%)
DOS Executable Generic (24.6%)
VXD Driver (0.3%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x14485
timedatestamp.....: 0x46e1150e (Fri Sep 07 09:08:30 2007)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x2d14 0x2d80 6.41 2290b8e69c0238819c6d89af5dc2555e
.rdata 0x3200 0x5b0 0x600 2.73 e902b50f0bbf54a01870feb8e08f7ef9
.data 0x3800 0xad8 0xb00 3.08 2abbac4e611e2c0064f92eb24ef5c898
PAGECONS 0x4300 0x170 0x180 5.76 0d55d193dd195ac2843ec2c4a5935940
INIT 0x4480 0x2f0 0x300 5.07 2417f309a120c69b20e079115a7d418d
.rsrc 0x4780 0x3e8 0x400 3.40 b27d2d3715d012938fdecca5c978e7d0
.reloc 0x4b80 0x230 0x280 5.46 4d76c45dbedfa8a8ffd39074c4b36ac5

( 3 imports ) 
> HAL.DLL: KeGetCurrentIrql, KfAcquireSpinLock, KfReleaseSpinLock
> NTOSKRNL.EXE: KeInitializeSpinLock, KeRestoreFloatingPointState, KeSaveFloatingPointState, KeTickCount, ExAllocatePoolWithTag, RtlCompareMemory, ExFreePool
> STREAM.SYS: StreamClassDeviceNotification, StreamClassGetDmaBuffer, StreamClassRegisterAdapter, StreamClassStreamNotification, StreamClassQueryMasterClockSync, StreamClassScheduleTimer, StreamClassRegisterFilterWithNoKSPins, StreamClassGetPhysicalAddress

( 0 exports )  


voila j'ai fini, il n'y a que le premier qui ne marche pas (j'ai meme été le chercher directement dans le dossier plutot que de copier le nom, mais ca na rien changé)

sKe69 · Answer

Bien ...

1- Télécharges OTMoveIt (de Old_Timer) sur ton Bureau. 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
ou http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

Déconnectes toi et fermes toute tes applications en cours .
 
cliques double sur OTMoveIt.exe pour le lancer. 
copies ce qui se trouve en citation ci-dessous,
 
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 

et colles le dans le cadre de gauche de OTMoveIt2 : 
Paste standard List of Files/Folders to be moved.
 
cliques sur MoveIt! pour lancer la suppression. 
le résultat apparaîtra dans le cadre Results.
 
cliques sur Exit pour fermer. 
--->postes le rapport situé dans le dossier " C:\OTMoveIt\MovedFiles."  ( c'est un .log )

Note : il te sera peut-être demandé de redémarrer le pc pour achever la suppression. 
si c'est le cas acceptes par "Yes".


2- Télécharges GenProc  (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) :
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip 

!!Déconnectes toi et fermes tes application en cours !!

Dézippes (=extraire tout) le contenu de ce que tu viens de télécharger sur ton bureau .  

Ouvres le dossier Genproc :
double-cliques sur GenProc.bat et laisses faire ...

Une fois terminé, postes le contenu du rapport qui s'ouvre ... 

Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
 
IMPORTANT : postes le rapport et ne fait rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .

diddy2703 · Answer

rapport OTmovit :
C:\WINDOWS\system32\drivers\lvuvc.hs moved successfully.
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10052008_182826

rapport genproc:
GenProc 2.114 [1] 05/10/2008 - Windows XP : Aucune infection caractéristique trouvée .

sKe69 · Answer

bien ... 

dis moi comment va le PC ... encore des soucis ?

Puis fais ce qui suit dans l'ordre :

1-Télécharges ToolsCleaner (de A.Rothstein) sur ton Bureau. 
http://pc-system.fr/

Déconnectes toi et fermes bien toutes tes applications en cours .

Lances le . 
*Cliques sur Recherche et laisses le scan se terminer (cela peut être long). 
*Cliques sur Suppression pour finaliser. 
*Tu peux, si tu le souhaites, te servir des Options facultatives 
*Cliques sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
--> Postes ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt . 

Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection .
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolscleaner2 n'a pas supprimé . 

( gardes CCleaner et Malwarebytes : très utiles ! )


2- Refais un coup de CCleaner ( registre compris ) .


3- Retélécharges et réinstalles hijackthis ( car supprimé par Toolscleaner2 ) ,

Télécharges et installes le logiciel HijackThis : 

ici ftp://ftp.commentcamarche.com/download/HJTInstall.exe 
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

-> Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation . 
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge . 
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme : 
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

( ne fais pas de scan pour le momment ) 


4- Purge de la restauration système 
*Désactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK 
--->Redémarres ton PC 
*Réactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK 
--->Redémarres ton PC
( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).


5- Fais ce scan en ligne pour vérifier :
 
Fais un scan en ligne avec Kaspersky : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
- Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >. 
Le scan ne marche que sous Internet Explorer(et pas sous firefox ou autre...). 
- On va te demander de télécharger un contôle active x, accepte . 
- Dans le menu Choisissez la cible de l'analyse, sélectionne Poste de travail. Le scan va commencer. 
- Sauvegardes le rapport qui sera généré, puis copies/colles le dans ta prochaine réponse pour analyse et attends la suite ... 

--> tuto : 
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566

NOTE : 
*Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.

*S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : http://www.inoculer.com/activex.php3 
Rappel : le scan est à faire sous Internet Explorer !

Infection virtumonde/m64, nouveau post

13 réponses

Discussions similaires

Newsletters