Surdose de virus

killmoulie -  
 archet9 -
Bonjour,
j'ai attraper un virus vraiment agrressif et il bouffe totalement mon ordinateur et il me bloque l'accès au panneau de configuration et au registre.

voici mon rapport hijackthis et kaspersky en espérant que sa va aider
p.s : Malware Defender, Protect Your Privacy et System Error Fixer sont des programme qui ce sont ajouter et meme en les supprimant revienne en boucle ( et je peut plus aller sur mon c:)

RAPPORT KASPERSKY:
File name / Threat name / Threats count
winlogon.exe\hgGyawuV.dll/winlogon.exe\hgGyawuV.dll Infected: Trojan.Win32.Monderb.gjo 1
C:\Documents and Settings\Administrateur\sccs.exe/C:\Documents and Settings\Administrateur\sccs.exe Infected: Trojan-Downloader.Win32.Small.addd 1
C:\Documents and Settings\Administrateur\css.exe/C:\Documents and Settings\Administrateur\css.exe Infected: Trojan-Clicker.Win32.Delf.ayu 1
C:\Program Files\PCHealthCenter\1.exe/C:\Program Files\PCHealthCenter\1.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\Program Files\PCHealthCenter\2.exe/C:\Program Files\PCHealthCenter\2.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\Program Files\PCHealthCenter\3.exe/C:\Program Files\PCHealthCenter\3.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\Program Files\PCHealthCenter\4.exe/C:\Program Files\PCHealthCenter\4.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\Program Files\MicroAV\MicroAV.exe//PE_Patch/C:\Program Files\MicroAV\MicroAV.exe//PE_Patch Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.em 1
C:\Program Files\PCHealthCenter\7.exe/C:\Program Files\PCHealthCenter\7.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\Documents and Settings\Administrateur\css.exe Infected: Trojan-Clicker.Win32.Delf.ayu 1
C:\Documents and Settings\Administrateur\Local Settings\Temp\pwrmgr.exe Infected: Backdoor.Win32.Frauder.kx 6
C:\Documents and Settings\Administrateur\Local Settings\Temp\pwrmgr.exe Infected: not-a-virus:FraudTool.Win32.MSAntivirus.av 1
C:\Documents and Settings\Administrateur\Local Settings\Temp\pwrmgr.exe Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.em 1
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QNV4XZ8L\Uninstaller[1].exe Infected: Backdoor.Win32.Frauder.kx 6
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QNV4XZ8L\Uninstaller[1].exe Infected: not-a-virus:FraudTool.Win32.MSAntivirus.av 1
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QNV4XZ8L\Uninstaller[1].exe Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.em 1
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\XT7RY0EF\cstuff[1].ico Infected: Trojan-Clicker.Win32.Delf.ayu 1
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\XT7RY0EF\scom[1].ico Infected: Trojan-Downloader.Win32.Small.addd 1
C:\Documents and Settings\Administrateur\Mes documents\Downloads\converter\Cavalera Conspiracy - Inflikted (2008).wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Fraps 2.9.4 Retail + Keygen\Fraps setup.exe Infected: Trojan-Downloader.Win32.Agent.agnb 1
C:\Documents and Settings\Administrateur\Mes documents\LimeWire\Incomplete\T-460090-we will rock you pink chick teaches another girl how to fist her (very hot).mpg Infected: Trojan-Downloader.WMA.GetCodec.e 1
C:\Documents and Settings\Administrateur\Mes documents\LimeWire\Incomplete\T-5745425-riders on sotrm door.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\Nouveau dossier\themehostpital\themehostpital.iso Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\Administrateur\sccs.exe Infected: Trojan-Downloader.Win32.Small.addd 1
C:\Program Files\MicroAV\MicroAV.cpl Infected: not-a-virus:FraudTool.Win32.MSAntivirus.av 1
C:\Program Files\MicroAV\MicroAV.exe Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.em 1
C:\Program Files\PCHealthCenter\0.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\Program Files\PCHealthCenter\1.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\Program Files\PCHealthCenter\2.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\Program Files\PCHealthCenter\3.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\Program Files\PCHealthCenter\4.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\Program Files\PCHealthCenter\5.exe Infected: not-a-virus:FraudTool.Win32.MSAntivirus.av 1
C:\Program Files\PCHealthCenter\5.exe Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.em 1
C:\Program Files\PCHealthCenter\7.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\WINDOWS\system32\28463\AQFX.006 Infected: not-a-virus:Monitor.Win32.Ardamax.jk 1
C:\WINDOWS\system32\28463\AQFX.007 Infected: not-a-virus:Monitor.Win32.Ardamax.o 1
C:\WINDOWS\system32\MicroAV.cpl Infected: not-a-virus:FraudTool.Win32.MSAntivirus.av 1
C:\WINDOWS\system32\Sys\TND.006 Infected: not-a-virus:Monitor.Win32.Ardamax.24 1
C:\WINDOWS\system32\Sys\TND.007 Infected: not-a-virus:Monitor.Win32.Ardamax.24 1
C:\WINDOWS\system32\Sys\TND.exe Infected: not-a-virus:Monitor.Win32.Ardamax.24 1
C:\WINDOWS\system32\YUR30A.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\WINDOWS\system32\YUR30B.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\WINDOWS\system32\YUR30C.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\WINDOWS\system32\YUR30D.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\WINDOWS\system32\YUR313.exe Infected: Backdoor.Win32.Frauder.kx 1
C:\x Infected: Backdoor.Win32.Frauder.kx 1

ET RAPPORT HIJACKTHIS:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\Reclusa\razerhid.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Documents and Settings\Administrateur\sccs.exe
C:\Documents and Settings\Administrateur\css.exe
C:\Windows\system32\YUR4A.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\Reclusa\razertra.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Sccs] C:\Documents and Settings\Administrateur\sccs.exe
O4 - HKLM\..\Run: [Css] C:\Documents and Settings\Administrateur\css.exe
O4 - HKLM\..\Run: [\YUR1F.exe] C:\Windows\system32\YUR1F.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [\YUR4A.exe] C:\Windows\system32\YUR4A.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [\YUR1F.exe] C:\Windows\system32\YUR1F.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://ma-config.com/activex/hardwaredetection_3_0_3_1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1221335082131&h=b6d0bc48c67cc4bc45ee4618ca4fb756/&filename=jinstall-6u7-windows-i586-jc.cab
O18 - Protocol: bw+0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: qmafxprs - {E93EA581-4811-45B6-B6DB-29369EF776B5} - C:\WINDOWS\qmafxprs.dll
O21 - SSODL: lfstbwvd - {E055AA7E-1D9E-4071-B2E1-07B9BD11FDB7} - C:\WINDOWS\lfstbwvd.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 18955 bytes

un gros aide desair apprécier merci.
Configuration: Windows XP
Internet Explorer 7.0

7 réponses

  1. killmoulie
     
    message pour shion-ares:

    mon rapport:

    ComboFix 08-10-08.02 - Administrateur 2008-10-08 19:05:02.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2691 [GMT -4:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\MicroAV
    C:\Program Files\MicroAV\MicroAV.cpl
    C:\Program Files\MicroAV\MicroAV.exe
    C:\Program Files\MicroAV\MicroAV.ooo
    C:\Program Files\MicroAV\MicroAV0.dat
    C:\Program Files\MicroAV\MicroAV1.dat
    C:\Program Files\PCHealthCenter
    C:\Program Files\PCHealthCenter\[u]0[/u].exe
    C:\Program Files\PCHealthCenter\[u]0[/u].gif
    C:\Program Files\PCHealthCenter\1.exe
    C:\Program Files\PCHealthCenter\1.gif
    C:\Program Files\PCHealthCenter\1.ico
    C:\Program Files\PCHealthCenter\2.exe
    C:\Program Files\PCHealthCenter\2.gif
    C:\Program Files\PCHealthCenter\2.ico
    C:\Program Files\PCHealthCenter\3.exe
    C:\Program Files\PCHealthCenter\3.gif
    C:\Program Files\PCHealthCenter\4.exe
    C:\Program Files\PCHealthCenter\5.exe
    C:\Program Files\PCHealthCenter\7.exe
    C:\Program Files\PCHealthCenter\sc.html
    C:\WINDOWS\epab.exe
    C:\WINDOWS\lfstbwvd.dll
    C:\WINDOWS\olnmraew.dll
    C:\WINDOWS\qmafxprs.dll
    C:\WINDOWS\system32\1.ico
    C:\WINDOWS\system32\2.ico
    C:\WINDOWS\system32\28463
    C:\WINDOWS\system32\28463\AKV.exe
    C:\WINDOWS\system32\28463\AQFX.001
    C:\WINDOWS\system32\28463\AQFX.002
    C:\WINDOWS\system32\28463\AQFX.006
    C:\WINDOWS\system32\28463\AQFX.007
    C:\WINDOWS\system32\28463\AQFX.exe
    C:\WINDOWS\system32\AutoRun.inf
    C:\WINDOWS\system32\awtqNFWo.dll
    C:\WINDOWS\system32\del.bat
    C:\WINDOWS\system32\hgGyawuV.dll
    C:\WINDOWS\system32\mlJdayax.dll
    C:\WINDOWS\system32\xayadJlm.ini
    C:\WINDOWS\system32\xayadJlm.ini2
    C:\WINDOWS\vortsgbqnqm.dll
    C:\x

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-08 au 2008-10-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-08 05:41 . 2008-10-07 08:14 74,752 --a------ C:\WINDOWS\system32\YUR4A.exe
    2008-10-08 05:40 . 2008-10-08 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-10-08 05:25 . 2008-10-08 05:25 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-08 05:21 . 2008-10-07 08:14 24,064 --a------ C:\WINDOWS\system32\YURA.exe
    2008-10-08 02:27 . 2008-10-07 08:14 167,424 --a------ C:\WINDOWS\system32\MicroAV.cpl
    2008-10-08 02:27 . 2008-10-08 00:16 86,016 --a------ C:\WINDOWS\qkeftmxn.exe
    2008-10-08 02:19 . 2008-10-08 02:19 <REP> d-------- C:\Program Files\Microsoft Works
    2008-10-08 02:17 . 2008-10-08 02:17 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-10-08 02:16 . 2008-10-08 02:16 <REP> dr-h----- C:\MSOCache
    2008-10-08 02:16 . 2008-10-08 05:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-08 00:48 . 2008-10-08 00:48 <REP> d-------- C:\Program Files\EtiketaGoGo
    2008-10-08 00:48 . 1998-07-13 00:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
    2008-10-06 23:18 . 2008-10-07 01:15 <REP> d-------- C:\Program Files\WowCartographe
    2008-10-06 20:49 . 2008-10-06 20:49 <REP> d-------- C:\Program Files\Creative
    2008-10-06 20:49 . 2008-10-08 02:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
    2008-10-06 20:49 . 2006-10-06 14:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
    2008-10-06 20:49 . 1999-12-13 09:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
    2008-10-06 20:49 . 1999-11-18 09:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
    2008-10-06 07:46 . 2008-10-06 07:46 <REP> d-------- C:\Logs
    2008-10-06 02:07 . 2008-10-06 02:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Download Manager
    2008-10-06 01:58 . 2008-10-06 01:58 <REP> d-------- C:\Program Files\Jasc Software Inc
    2008-10-06 01:58 . 2008-10-06 01:59 <REP> d-------- C:\Program Files\Fichiers communs\Jasc Software Inc
    2008-10-06 01:58 . 2008-10-06 01:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Jasc Software Inc
    2008-10-06 01:41 . 2008-10-06 01:41 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2008-10-06 01:39 . 2008-10-06 01:39 <REP> d-------- C:\Program Files\Corel
    2008-10-06 01:00 . 2008-10-06 01:03 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-10-05 22:25 . 2008-10-05 22:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acreon
    2008-10-05 22:16 . 2008-10-05 22:16 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2008-10-05 22:16 . 2008-10-07 00:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\teamspeak2
    2008-10-05 22:16 . 2008-10-05 22:16 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
    2008-10-05 21:11 . 2008-10-06 08:26 <REP> d-------- C:\Program Files\World of Warcraft
    2008-10-05 21:11 . 2008-10-05 21:11 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-10-05 15:47 . 2008-10-05 15:47 479,232 ---hs---- C:\Documents and Settings\Administrateur\css.exe
    2008-10-05 15:47 . 2008-10-05 15:47 103,936 ---hs---- C:\Documents and Settings\Administrateur\sccs.exe
    2008-10-05 14:58 . 2008-10-05 14:58 <REP> d-------- C:\Fraps
    2008-10-04 21:06 . 2008-10-04 21:06 <REP> d--h----- C:\WINDOWS\PIF
    2008-10-02 21:14 . 2008-10-02 21:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
    2008-10-02 21:13 . 2008-10-02 21:13 <REP> d-------- C:\Program Files\VideoLAN
    2008-10-01 22:11 . 2008-10-01 22:11 <REP> d-------- C:\Goodok
    2008-10-01 22:05 . 2008-10-01 22:08 <REP> d-------- C:\Program Files\GoodOk Mp3 Amr Ogg AAC M4V Converter
    2008-10-01 22:05 . 2008-10-01 22:05 34 --ah----- C:\WINDOWS\system32\VideoConverter_sysquict.dat
    2008-10-01 21:55 . 2008-10-01 22:05 <REP> d-------- C:\Program Files\M4A to MP3 Converter
    2008-09-30 09:14 . 2008-04-13 19:33 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-09-28 19:09 . 2008-09-30 09:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
    2008-09-28 19:00 . 2008-10-05 14:46 <REP> d-------- C:\Program Files\DivX
    2008-09-28 15:28 . 2008-09-28 15:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Games
    2008-09-28 15:27 . 2008-09-28 15:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-09-28 15:26 . 2008-09-28 15:26 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
    2008-09-28 15:26 . 2008-09-28 15:26 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
    2008-09-26 07:47 . 2008-09-26 07:47 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-09-26 07:47 . 2008-09-26 07:47 283,648 --a------ C:\WINDOWS\uninst.exe
    2008-09-22 17:03 . 2008-09-22 17:03 <REP> d-------- C:\swsetup
    2008-09-20 00:02 . 2008-09-28 18:45 <REP> d-------- C:\Program Files\Nitto 1320 Legends
    2008-09-15 20:12 . 2008-09-15 20:12 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
    2008-09-15 20:11 . 2008-09-15 20:11 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-09-13 15:47 . 2008-10-05 18:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\LimeWire
    2008-09-13 15:45 . 2008-09-13 15:45 <REP> d-------- C:\WINDOWS\Sun
    2008-09-13 15:45 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-09-13 15:44 . 2008-09-13 15:45 <REP> d-------- C:\Program Files\Java
    2008-09-13 15:43 . 2008-09-13 15:43 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-09-13 15:41 . 2008-09-13 15:42 <REP> d-------- C:\Program Files\LimeWire
    2008-09-11 17:15 . 2008-09-11 17:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
    2008-09-11 17:15 . 2008-09-11 17:15 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-09-11 17:14 . 2008-10-05 14:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-09-10 17:58 . 2008-09-10 17:58 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-09-10 17:58 . 2008-09-10 18:11 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-09-10 17:58 . 2008-09-10 17:58 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-09-10 17:57 . 2008-09-12 16:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-09-09 21:54 . 2008-10-05 14:47 <REP> d-------- C:\Program Files\ma-config.com
    2008-09-09 21:54 . 2008-10-05 14:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-09-09 20:37 . 2008-09-09 20:45 <REP> d-------- C:\Program Files\freshney.org
    2008-09-09 20:27 . 2008-09-09 20:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
    2008-09-09 20:12 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl
    2008-09-08 19:09 . 2008-09-25 20:10 <REP> d-------- C:\Program Files\mIRC
    2008-09-08 19:09 . 2008-09-29 19:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\mIRC
    2008-09-08 17:22 . 2008-09-08 17:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FastStone
    2008-09-08 07:56 . 2008-10-05 15:45 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-08 07:56 . 2008-09-10 18:08 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-07 00:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-06 00:58 --------- d-----w C:\Program Files\Steam
    2008-10-05 23:32 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
    2008-10-05 18:45 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-10-05 18:33 --------- d-----w C:\Program Files\Diablo II
    2008-10-05 17:32 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-28 19:15 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-09-26 11:53 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
    2008-09-24 00:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ventrilo
    2008-09-10 00:36 --------- d-----w C:\Program Files\MagicISO
    2008-09-10 00:31 --------- d-----w C:\Program Files\Windows Live
    2008-09-10 00:27 --------- d-----w C:\Program Files\OpenOffice.org 2.2
    2008-09-10 00:26 --------- d-----w C:\Program Files\CyberLink
    2008-09-07 23:53 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-09-07 23:45 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
    2008-09-07 23:45 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
    2008-09-07 23:45 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
    2008-09-07 06:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-07 05:31 --------- d-----w C:\Program Files\NOS
    2008-09-07 05:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-09-07 05:24 --------- d-----w C:\Program Files\Google
    2008-09-06 07:00 --------- d-----w C:\Program Files\MSXML 4.0
    2008-09-05 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-09-04 23:34 --------- d-----w C:\Program Files\Bonjour
    2008-09-04 23:31 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-09-04 23:00 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-09-04 23:00 --------- d-----w C:\Program Files\Fichiers communs\HP
    2008-09-04 23:00 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
    2008-09-04 22:59 --------- d-----w C:\Program Files\HP
    2008-09-04 22:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
    2008-09-04 22:55 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Logitech
    2008-09-04 22:53 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
    2008-09-04 22:53 --------- d-----w C:\Program Files\Logitech
    2008-09-04 22:53 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-09-04 22:51 --------- d-----w C:\Program Files\Razer
    2008-09-04 22:49 --------- d-----w C:\Program Files\Microsoft LifeChat
    2008-09-04 22:31 --------- d-----w C:\Program Files\Ventrilo
    2008-09-04 22:30 --------- d-----w C:\Program Files\Smart Projects
    2008-09-04 22:17 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-04 22:16 --------- d-----w C:\Program Files\uTorrent
    2008-09-04 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-04 19:29 --------- d-----w C:\Program Files\DreamCatcher
    2008-08-20 19:31 --------- d-----w C:\Program Files\Analog Devices
    2008-08-20 19:25 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
    2008-08-20 17:29 --------- d-----w C:\Program Files\microsoft frontpage
    2008-08-20 17:27 --------- d-----w C:\Program Files\Services en ligne
    2008-07-31 14:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
    2008-07-31 14:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
    2008-07-31 14:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
    2008-07-30 00:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-16 20:02 1,571,840 ----a-w C:\WINDOWS\system32\sfcfiles.dll
    2008-07-16 20:01 58,880 ----a-w C:\WINDOWS\system32\dmutil.dll
    2008-07-16 20:01 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
    2008-07-16 20:01 483,840 ----a-w C:\WINDOWS\system32\wzcsvc.dll
    2008-07-16 20:01 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
    2008-07-16 20:01 35,328 ----a-w C:\WINDOWS\system32\pid.dll
    2008-07-16 20:01 20,992 ----a-w C:\WINDOWS\system32\hid.dll
    2008-07-16 20:01 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-07-16 20:01 16,896 ----a-w C:\WINDOWS\system32\msyuv.dll
    2008-07-16 19:55 1,013,248 ----a-w C:\WINDOWS\system32\syssetup.dll
    2008-07-12 12:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
    2008-07-12 12:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
    2008-07-12 12:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-09-04 32768]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-11 68856]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
    "\YUR2.exe"="C:\Windows\system32\YUR2.exe" [2008-10-07 74752]
    "\YUR3.exe"="C:\Windows\system32\YUR3.exe" [2008-10-07 25088]
    "\YUR4.exe"="C:\Windows\system32\YUR4.exe" [2008-10-07 25088]
    "\YUR5.exe"="C:\Windows\system32\YUR5.exe" [2008-10-07 24064]
    "\YUR6.exe"="C:\Windows\system32\YUR6.exe" [2008-10-07 24064]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
    "Reclusa"="C:\Program Files\Razer\Reclusa\razerhid.exe" [2007-03-07 167936]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Sccs"="C:\Documents and Settings\Administrateur\sccs.exe" [2008-10-05 103936]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
    "\YUR4A.exe"="C:\Windows\system32\YUR4A.exe" [2008-10-07 74752]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
    "\YUR2.exe"="C:\Windows\system32\YUR2.exe" [2008-10-07 74752]
    "\YUR3.exe"="C:\Windows\system32\YUR3.exe" [2008-10-07 25088]
    "\YUR4.exe"="C:\Windows\system32\YUR4.exe" [2008-10-07 25088]
    "\YUR5.exe"="C:\Windows\system32\YUR5.exe" [2008-10-07 24064]
    "\YUR6.exe"="C:\Windows\system32\YUR6.exe" [2008-10-07 24064]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-09-04 450560]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-09-04 434176]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\killmoulie\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\french\\setup.exe"=
    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

    R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
    R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2006-07-28 68736]
    R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2007-08-10 102400]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
    R3 RecFltr;Reclusa Keyboard;C:\WINDOWS\system32\Drivers\RecFltr.sys [2007-01-18 41984]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{46B95367-6BA4-4137-B830-53B1FF284056} - C:\WINDOWS\system32\hgGyawuV.dll
    BHO-{98EE2CB9-193C-4CDF-89F1-F8E228295B4B} - C:\WINDOWS\vortsgbqnqm.dll
    BHO-{E078B0C0-3ED9-4032-9C08-B9DE06EF5410} - C:\WINDOWS\system32\mlJdayax.dll
    HKCU-Run-\YUR1F.exe - C:\Windows\system32\YUR1F.exe
    HKCU-Run-\YUR17.exe - C:\Windows\system32\YUR17.exe
    HKLM-Run-\YUR1F.exe - C:\Windows\system32\YUR1F.exe
    HKLM-Run-\YUR17.exe - C:\Windows\system32\YUR17.exe
    ShellExecuteHooks-{46B95367-6BA4-4137-B830-53B1FF284056} - C:\WINDOWS\system32\hgGyawuV.dll
    SSODL-qmafxprs-{E93EA581-4811-45B6-B6DB-29369EF776B5} - C:\WINDOWS\qmafxprs.dll
    SSODL-lfstbwvd-{E055AA7E-1D9E-4071-B2E1-07B9BD11FDB7} - C:\WINDOWS\lfstbwvd.dll

    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - %~$path:i

    O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
    C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.inf
    C:\WINDOWS\Downloaded Program Files\Manager.exe
    C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.ocx

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://ma-config.com/activex/hardwaredetection_3_0_3_1.cab
    C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-08 19:12:11
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    C:\WINDOWS\system32\YUR2.exe 74752 bytes executable
    C:\WINDOWS\system32\YUR3.exe 25088 bytes executable
    C:\WINDOWS\system32\YUR4.exe 25088 bytes executable
    C:\WINDOWS\system32\YUR5.exe 24064 bytes executable
    C:\WINDOWS\system32\YUR6.exe 24064 bytes executable

    Scan terminé avec succès
    Fichiers cachés: 5

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Razer\Reclusa\razertra.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\PCHealthCenter\[u]0[/u].exe
    C:\Program Files\PCHealthCenter\1.exe
    C:\Program Files\PCHealthCenter\[u]0[/u].exe
    C:\Program Files\PCHealthCenter\2.exe
    C:\Program Files\PCHealthCenter\3.exe
    C:\Program Files\PCHealthCenter\4.exe
    C:\Program Files\MicroAV\MicroAV.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-08 19:25:49 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-08 23:25:18

    Avant-CF: 107 463 786 496 octets libres
    Après-CF: 108,739,788,800 octets libres

    332 --- E O F --- 2008-10-08 07:04:39
    0
  2. killmoulie
     
    et pour archet 9 :

    mon rapport:

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1244
    Windows 5.1.2600 Service Pack 3

    2008-10-08 20:30:32
    mbam-log-2008-10-08 (20-30-27).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 117944
    Temps écoulé: 47 minute(s), 9 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 12
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 65

    Processus mémoire infecté(s):
    C:\Documents and Settings\Administrateur\sccs.exe (Trojan.Agent) -> No action taken.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\olnmraew.blke (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\olnmraew.toolbar.1 (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sccs (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4a.exe (Trojan.FakeAlert) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76413-641-0086403-23126) -> No action taken.

    Dossier(s) infecté(s):
    C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.

    Fichier(s) infecté(s):
    C:\Documents and Settings\Administrateur\sccs.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\YUR2.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\YUR3.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\YUR4.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\YUR5.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\YUR6.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\YUR4A.exe (Trojan.FakeAlert) -> No action taken.
    C:\x (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\PCHealthCenter\1.exe (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\PCHealthCenter\2.exe (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\PCHealthCenter\5.exe (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\PCHealthCenter\7.exe (Trojan.FakeAlert) -> No action taken.
    C:\QooBox\Quarantine\C\x.vir (Trojan.FakeAlert) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\0.exe.vir (Trojan.FakeAlert) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\1.exe.vir (Trojan.FakeAlert) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\2.exe.vir (Trojan.FakeAlert) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\3.exe.vir (Trojan.FakeAlert) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\4.exe.vir (Trojan.FakeAlert) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir (Trojan.FakeAlert) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\7.exe.vir (Trojan.FakeAlert) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\epab.exe.vir (Trojan.FakeAlert) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\qmafxprs.dll.vir (Trojan.Zlob) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\awtqNFWo.dll.vir (Trojan.Vundo) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\hgGyawuV.dll.vir (Trojan.Vundo) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\mlJdayax.dll.vir (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP72\A0013900.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP72\A0013901.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP72\A0013902.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP72\A0013903.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP72\A0013904.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP72\A0013905.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP72\A0013906.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP72\A0013907.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP72\A0013908.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP74\A0014900.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015944.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015913.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015914.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015916.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015918.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015919.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015920.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015921.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015924.dll (Trojan.Zlob) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015931.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015933.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015934.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015935.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{6C748EA0-A256-419D-9E64-5D6146BF5196}\RP76\A0015936.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\YURA.exe (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
    C:\WINDOWS\system32\1.ico (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\2.ico (Malware.Trace) -> No action taken.
    C:\Documents and Settings\Administrateur\css.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\qkeftmxn.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\MicroAV.cpl (Rogue.MicroAntivirus) -> No action taken.
    0
  3. killmoulie
     
    et voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:24, on 2008-10-09
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Razer\Reclusa\razerhid.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Razer\Reclusa\razertra.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://ma-config.com/activex/hardwaredetection_3_0_3_1.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1221335082131&h=b6d0bc48c67cc4bc45ee4618ca4fb756/&filename=jinstall-6u7-windows-i586-jc.cab
    O18 - Protocol: bw+0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {D68A5E31-6D2C-430C-87AC-4B715C80E778} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    0
  4. archet9
     
    bjr
    Fais un scan avec cet antispyware :

    Telecharge malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.
    -1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    bonjour

    A LIRE JUSQU'EN BAS

    Télécharges ComboFix à partir d'un de ces liens :
    En premier
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

    A lire
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Et important, enregistre le sur le bureau.

    Avant d'utiliser ComboFix :

    ? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    ? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    ? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    -1
  7. Utilisateur anonyme
     
    bonjour

    relance MBAM va dans quarantaine et supprime tout

    ensuite reposte un log hijackthis stp
    -1
    1. archet9
       
      bjr a vous....

      si je peux me permettre:

      rien n a ete mis en quarentaine ds malwarebytes...
      NO ACTION TAKEN

      a+
      -1
  8. Utilisateur anonyme
     
    ceci
    C:\Program Files\Logitech\Desktop Messenger tu peux supprimer via ajout suppression de programme cela ne sert a rien
    -1