Infections multiple
Résolu/Fermé
fado97
Messages postés
110
Date d'inscription
mercredi 9 janvier 2008
Statut
Membre
Dernière intervention
23 avril 2016
-
13 oct. 2008 à 15:39
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016 - 19 oct. 2008 à 01:56
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016 - 19 oct. 2008 à 01:56
A voir également:
- Infections multiple
- Paris multiple 2/6 explication ✓ - Forum Loisirs / Divertissements
- Choix multiple excel - Guide
- Copier coller multiple - Guide
- Ecran multiple pc - Guide
- Paris multiple 2/5 explication ✓ - Forum Loisirs / Divertissements
129 réponses
fado97
Messages postés
110
Date d'inscription
mercredi 9 janvier 2008
Statut
Membre
Dernière intervention
23 avril 2016
13 oct. 2008 à 23:00
13 oct. 2008 à 23:00
Voici le log de Malwarebytes (je sais pas si c'est normal qu'il ai "no action taken pour chaque élément mais j'ai bien fait supprimer comme conseillé):
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1266
Windows 5.1.2600 Service Pack 3
13/10/2008 22:52:00
mbam-log-2008-10-13 (22-51-54).txt
Type de recherche: Examen complet (C:\|E:\|G:\|)
Eléments examinés: 222012
Temps écoulé: 42 minute(s), 11 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 52
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 109
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\jkklIbbb.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jsd72hf4t.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xggwfe.dll (Trojan.Vundo) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b32ca801-438d-43d5-b3c6-7c60a18b37aa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b32ca801-438d-43d5-b3c6-7c60a18b37aa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{476EC286-BF47-D98D-6C8B-052C2888455E} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{af4261c2-0754-4ae6-895b-295be62dc2b7} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\15954c60 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\15954c60 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\15954c60 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\49cfd64 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\49cfd64 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\4b5e2551 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4b5e2551 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\8443f9d6 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\8443f9d6 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\8443f9d6 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\a150dc56 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a150dc56 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\b5837286 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\b5837286 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b5837286 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\b97207a1 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b97207a1 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mabidwe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mabidwe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\noytcyr (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\noytcyr (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noytcyr (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\roytctm (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\roytctm (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roytctm (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\soxpeca (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\soxpeca (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdydowkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\tdydowkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdydowkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wsldoekd (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wsldoekd (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsldoekd (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfmons (Trojan.Downloader) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7c1cd381 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\comen (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\user16 (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hlpsrvstr (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnskdfmf9eldfd (Trojan.Clicker) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jkklibbb -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkklibbb -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\jkklIbbb.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bbbIlkkj.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bbbIlkkj.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\oeaysyat.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\taysyaeo.ini (Trojan.Vundo.H) -> No action taken.
C:\Program Files\pkjjpce\ComEn.dll (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\system32\winhlp.exe (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\system32\fspsbqvk.exe (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\system32\jsd72hf4t.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temp\csrssc.exe (Trojan.Clicker) -> No action taken.
C:\d3.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temp\csrssc.exe (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96CTSMBE\nd82m0[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ET108QE3\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\GJ6PO5Q1\upd105320[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temp\1312164208.exe (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\707R4K3B\sa2009[1].exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\PPIW0J6K\asuper1[1].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\PPIW0J6K\svbur[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\PPIW0J6K\xqaab[1].txt (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\SN8FTDSV\asuper2[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\SN8FTDSV\rolli[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\SN8FTDSV\slmmznaobp[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\WSMDR2R9\asuper3[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\WSMDR2R9\asuper[1].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\WSMDR2R9\buerrbspcd[1].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\WSMDR2R9\iscpmmaa[1].htm (Trojan.ErtFor) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MNIZGZIZ\w32tms[1].exe (Trojan.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\serial.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005047.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005048.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005049.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005050.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005052.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005053.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005054.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005060.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005061.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005066.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005067.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005068.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005110.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005165.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005168.exe (Trojan.Clicker) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005169.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005170.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005171.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005173.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005175.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005205.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005209.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005230.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005248.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005255.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005256.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005261.exe (Trojan.Ertfor) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005271.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005272.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\aWOETjKe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\aWOhICVl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byXOhfeB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byxWoMfF.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbXpQjii.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbxXNEvs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ddcArqol.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dDspPffD.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\efcYRHBQ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fccaWopm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gEWOfcay.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ifdbileq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jKAstTnO.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jkkKBTNf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\khfDwtqQ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kurfam.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJBqNfg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJDSIaY.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnkjKAR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnkkjKC.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmNEVLfg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmnNGWop.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qoMeCrsS.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqRHbXpq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqOIYOI.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tmp0_636703846551.bk (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tuvuTlKB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uvoburqg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtULDwVo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUnomKc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xggwfe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxyYOHww.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\drivers\15954c60.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\49cfd64.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\4b5e2551.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\8443f9d6.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\9c468072.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\a150dc56.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\b5837286.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\b97207a1.sys (Rootkit.Agent) -> No action taken.
C:\_OTMoveIt\MovedFiles\10132008_193123\DOCUME~1\Asus\LOCALS~1\Temp\csrssc.exe (Trojan.Clicker) -> No action taken.
C:\_OTMoveIt\MovedFiles\10132008_193123\DOCUME~1\Asus\LOCALS~1\Temp\winlogen.exe (Trojan.Ertfor) -> No action taken.
G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\noytcyr.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\roytctm.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdydowkc.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsldoekd.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drmgs.sys (Rootkit.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1266
Windows 5.1.2600 Service Pack 3
13/10/2008 22:52:00
mbam-log-2008-10-13 (22-51-54).txt
Type de recherche: Examen complet (C:\|E:\|G:\|)
Eléments examinés: 222012
Temps écoulé: 42 minute(s), 11 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 52
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 109
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\jkklIbbb.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jsd72hf4t.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xggwfe.dll (Trojan.Vundo) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b32ca801-438d-43d5-b3c6-7c60a18b37aa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b32ca801-438d-43d5-b3c6-7c60a18b37aa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{476EC286-BF47-D98D-6C8B-052C2888455E} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{af4261c2-0754-4ae6-895b-295be62dc2b7} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\15954c60 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\15954c60 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\15954c60 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\49cfd64 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\49cfd64 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\4b5e2551 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4b5e2551 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\8443f9d6 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\8443f9d6 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\8443f9d6 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\a150dc56 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a150dc56 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\b5837286 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\b5837286 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b5837286 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\b97207a1 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b97207a1 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mabidwe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mabidwe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\noytcyr (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\noytcyr (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noytcyr (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\roytctm (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\roytctm (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roytctm (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\soxpeca (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\soxpeca (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdydowkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\tdydowkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdydowkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wsldoekd (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wsldoekd (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsldoekd (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfmons (Trojan.Downloader) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7c1cd381 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\comen (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\user16 (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hlpsrvstr (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnskdfmf9eldfd (Trojan.Clicker) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jkklibbb -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkklibbb -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\jkklIbbb.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bbbIlkkj.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bbbIlkkj.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\oeaysyat.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\taysyaeo.ini (Trojan.Vundo.H) -> No action taken.
C:\Program Files\pkjjpce\ComEn.dll (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\system32\winhlp.exe (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\system32\fspsbqvk.exe (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\system32\jsd72hf4t.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temp\csrssc.exe (Trojan.Clicker) -> No action taken.
C:\d3.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temp\csrssc.exe (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96CTSMBE\nd82m0[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ET108QE3\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\GJ6PO5Q1\upd105320[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temp\1312164208.exe (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\707R4K3B\sa2009[1].exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\PPIW0J6K\asuper1[1].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\PPIW0J6K\svbur[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\PPIW0J6K\xqaab[1].txt (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\SN8FTDSV\asuper2[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\SN8FTDSV\rolli[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\SN8FTDSV\slmmznaobp[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\WSMDR2R9\asuper3[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\WSMDR2R9\asuper[1].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\WSMDR2R9\buerrbspcd[1].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\WSMDR2R9\iscpmmaa[1].htm (Trojan.ErtFor) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MNIZGZIZ\w32tms[1].exe (Trojan.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\serial.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005047.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005048.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005049.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005050.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005052.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005053.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005054.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005060.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005061.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005066.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005067.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005068.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005110.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005165.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005168.exe (Trojan.Clicker) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005169.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005170.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005171.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005173.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005175.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005205.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005209.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005230.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005248.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005255.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005256.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005261.exe (Trojan.Ertfor) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005271.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005272.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\aWOETjKe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\aWOhICVl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byXOhfeB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byxWoMfF.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbXpQjii.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbxXNEvs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ddcArqol.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dDspPffD.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\efcYRHBQ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fccaWopm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gEWOfcay.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ifdbileq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jKAstTnO.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jkkKBTNf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\khfDwtqQ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kurfam.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJBqNfg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJDSIaY.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnkjKAR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnkkjKC.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmNEVLfg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmnNGWop.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qoMeCrsS.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqRHbXpq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqOIYOI.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tmp0_636703846551.bk (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tuvuTlKB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uvoburqg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtULDwVo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUnomKc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xggwfe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxyYOHww.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\drivers\15954c60.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\49cfd64.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\4b5e2551.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\8443f9d6.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\9c468072.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\a150dc56.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\b5837286.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\b97207a1.sys (Rootkit.Agent) -> No action taken.
C:\_OTMoveIt\MovedFiles\10132008_193123\DOCUME~1\Asus\LOCALS~1\Temp\csrssc.exe (Trojan.Clicker) -> No action taken.
C:\_OTMoveIt\MovedFiles\10132008_193123\DOCUME~1\Asus\LOCALS~1\Temp\winlogen.exe (Trojan.Ertfor) -> No action taken.
G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\noytcyr.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\roytctm.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdydowkc.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsldoekd.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drmgs.sys (Rootkit.Agent) -> No action taken.
fado97
Messages postés
110
Date d'inscription
mercredi 9 janvier 2008
Statut
Membre
Dernière intervention
23 avril 2016
13 oct. 2008 à 23:01
13 oct. 2008 à 23:01
Et voici le log Hijackthis en mode normal:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:34, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\vc9secs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Virtual CD v9\System\VC9Play.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Virtual CD v9\System\VC9Tray.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [VC9Player] C:\Program Files\Virtual CD v9\System\VC9Play.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Star Wars Empire at War Forces of Corruption
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" /tray
O4 - HKCU\..\Run: [WindowsAPI32] C:\rmxgdx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: xggwfe.dll
O20 - Winlogon Notify: jyzmii - jyzmii.dll (file missing)
O20 - Winlogon Notify: xsrbgna - xsrbgna.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\vc9secs.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:34, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\vc9secs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Virtual CD v9\System\VC9Play.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Virtual CD v9\System\VC9Tray.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [VC9Player] C:\Program Files\Virtual CD v9\System\VC9Play.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Star Wars Empire at War Forces of Corruption
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" /tray
O4 - HKCU\..\Run: [WindowsAPI32] C:\rmxgdx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: xggwfe.dll
O20 - Winlogon Notify: jyzmii - jyzmii.dll (file missing)
O20 - Winlogon Notify: xsrbgna - xsrbgna.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\vc9secs.exe
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
464
13 oct. 2008 à 23:05
13 oct. 2008 à 23:05
No action taken
Ouvres Malwarebytes et va sur l'onglet " quarantaine " : supprimes tout ce qui s'y trouve !
Edite :
1- refais un coup de CCleaner ( registre compris ) .
2- fais exactement ceci :
Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! Déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENSES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
double-cliques sur l'icône "combofix.exe" pour lancer l'outil .
Appuyes sur la touche Y (Yes) pour démarrer le scan .
Notes importantes :
-> n'utilises pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisses le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : cliques sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )
Le rapport sera crée dans: C:\Combofix.txt
Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...
Ouvres Malwarebytes et va sur l'onglet " quarantaine " : supprimes tout ce qui s'y trouve !
Edite :
1- refais un coup de CCleaner ( registre compris ) .
2- fais exactement ceci :
Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! Déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENSES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
double-cliques sur l'icône "combofix.exe" pour lancer l'outil .
Appuyes sur la touche Y (Yes) pour démarrer le scan .
Notes importantes :
-> n'utilises pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisses le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : cliques sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )
Le rapport sera crée dans: C:\Combofix.txt
Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...
fado97
Messages postés
110
Date d'inscription
mercredi 9 janvier 2008
Statut
Membre
Dernière intervention
23 avril 2016
13 oct. 2008 à 23:08
13 oct. 2008 à 23:08
Rapport Combofix:
ComboFix 08-10-12.01 - Asus 2008-10-13 23:13:46.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1542 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Asus\Bureau\Telechargements\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
C:\WINDOWS\Install.txt
C:\WINDOWS\system32\gebARIcC.dll
C:\WINDOWS\system32\gifujndw.ini
C:\WINDOWS\system32\iifcBTJc.dll
C:\WINDOWS\system32\iiFwTKeD.dll
C:\WINDOWS\system32\Install.txt
C:\WINDOWS\system32\oduxftw.sys
C:\WINDOWS\system32\opnLeCTj.dll
C:\WINDOWS\system32\opnlJdaA.dll
C:\WINDOWS\system32\opnlKAsT.dll
C:\WINDOWS\system32\pmnoLecY.dll
C:\WINDOWS\system32\qommKebY.dll
C:\WINDOWS\system32\tmp0_147740624510.bk
C:\WINDOWS\system32\tmp0_192009256388.bk
C:\WINDOWS\system32\tmp0_426081686687.bk
C:\WINDOWS\system32\tmp0_55008162503.bk
C:\WINDOWS\system32\tmp0_620910439848.bk
C:\WINDOWS\system32\tmp0_787139747272.bk
C:\WINDOWS\system32\tmp3_691029771265.bk
C:\WINDOWS\system32\tpszxyd.sys
C:\WINDOWS\system32\wvUnnKaW.dll
C:\WINDOWS\system32\xxYpPIaB.dll
G:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFISICX
-------\Legacy_MABIDWE
-------\Legacy_NOBICYT
-------\Legacy_NOXTCYR
-------\Legacy_NOYTCYR
-------\Legacy_PERFMONS
-------\Legacy_ROXTCTM
-------\Legacy_ROYTCTM
-------\Legacy_SOBICYT
-------\Legacy_SOTPECA
-------\Legacy_SOXPECA
-------\Legacy_TDYDOWKC
-------\Legacy_WSLDOEKD
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.
2008-10-13 22:07 . 2008-10-13 22:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 22:07 . 2008-10-13 22:07 <REP> d-------- C:\Documents and Settings\Asus\Application Data\Malwarebytes
2008-10-13 22:07 . 2008-10-13 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 22:07 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 22:07 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 20:52 . 2008-10-13 20:52 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-13 20:48 . 2008-10-13 20:48 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-13 20:38 . 2008-10-13 21:14 <REP> d-------- C:\SDFix
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\_OTMoveIt
2008-10-13 18:44 . 2008-10-13 18:44 35,840 --a------ C:\WINDOWS\system32\rqrpnMEx.dll
2008-10-13 18:44 . 2008-10-13 18:44 35,840 --a------ C:\WINDOWS\system32\iiFWnNDs.dll
2008-10-13 18:43 . 2008-10-13 18:43 35,840 --a------ C:\WINDOWS\system32\pmnkkHxv.dll
2008-10-13 18:43 . 2008-10-13 18:43 35,840 --a------ C:\WINDOWS\system32\mljJDUnK.dll
2008-10-13 18:42 . 2008-10-13 18:42 35,840 --a------ C:\WINDOWS\system32\iiFyWolK.dll
2008-10-13 18:42 . 2008-10-13 18:42 35,840 --a------ C:\WINDOWS\system32\fccbayyw.dll
2008-10-13 18:17 . 2008-10-13 19:49 <REP> d-------- C:\Lop SD
2008-10-13 16:43 . 2008-10-13 19:20 4,308 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 15:49 . 2008-10-13 15:49 <REP> d-------- C:\Program Files\Trend Micro
2008-10-13 14:23 . 2008-10-13 19:12 45,056 --a------ C:\rmxgdx.exe
2008-10-13 06:46 . 2008-10-13 14:37 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-13 06:35 . 2008-10-13 06:35 <REP> d-------- C:\VundoFix Backups
2008-10-13 02:19 . 2008-10-13 06:06 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-12 23:21 . 2008-03-26 13:01 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-12 23:21 . 2008-03-26 13:01 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-12 23:21 . 2008-03-26 17:07 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-12 23:21 . 2008-03-26 13:01 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-12 23:21 . 2008-03-26 13:01 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-12 23:21 . 2008-03-26 13:01 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-10-12 23:21 . 2008-10-13 06:50 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-12 23:21 . 2008-10-12 23:37 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-12 22:54 . 2008-10-13 22:52 <REP> d-------- C:\Program Files\pkjjpce
2008-10-12 22:54 . 2008-10-12 22:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ijqtyben
2008-10-12 22:53 . 2008-10-12 22:53 <REP> d-------- C:\Documents and Settings\Asus\Application Data\5
2008-10-12 22:53 . 2008-10-12 22:53 40,960 --a------ C:\siggjefi.exe
2008-10-12 22:53 . 2008-10-13 20:34 2,933 --a------ C:\Documents and Settings\Asus\iuns.exe
2008-10-12 14:30 . 2008-10-12 14:30 96 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-10-12 11:30 . 2008-10-12 23:23 <REP> d-------- C:\Program Files\alaplaya
2008-10-10 11:24 . 2006-11-29 19:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-10 11:24 . 2006-09-28 22:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-10-10 11:15 . 2008-10-10 11:15 <REP> d-------- C:\Program Files\Lighthouse Interactive
2008-10-06 00:53 . 2008-10-06 00:53 <REP> d-------- C:\Program Files\LucasArts
2008-10-03 09:15 . 2008-10-03 10:12 <REP> d-------- C:\Program Files\Reaxxion
2008-09-28 18:05 . 2008-09-28 18:05 <REP> d-------- C:\Program Files\Koei
2008-09-28 15:27 . 2008-09-28 15:35 <REP> d-------- C:\Program Files\Virtual Villagers The Secret City
2008-09-28 15:27 . 2008-09-28 15:27 <REP> d-------- C:\Program Files\ReflexiveArcade
2008-09-14 00:36 . 2008-09-14 00:36 <REP> d-------- C:\Program Files\Orange HSS
2008-09-13 15:51 . 2006-08-27 16:00 285,184 --a------ C:\Program Files\shell32.exe
2008-09-13 15:50 . 2008-09-13 15:50 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 17:06 90,112 ----a-w C:\WINDOWS\DUMP6b3d.tmp
2008-10-12 21:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-12 21:23 --------- d-----w C:\Program Files\Foxmail
2008-10-12 20:43 --------- d-----w C:\Program Files\eMule
2008-10-11 19:52 --------- d-----w C:\Program Files\Player Metaboli
2008-10-11 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Exetender
2008-10-10 03:35 --------- d-----w C:\Documents and Settings\Asus\Application Data\Azureus
2008-10-06 12:42 --------- d-----w C:\Documents and Settings\Asus\Application Data\Petroglyph
2008-10-01 06:11 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2008-09-27 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-09-11 05:08 --------- d-----w C:\Documents and Settings\Asus\Application Data\Leadertech
2008-09-11 05:07 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-09-11 05:06 --------- d-----w C:\Program Files\Logitech
2008-09-10 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 12:17 --------- d-----w C:\Program Files\Codemasters
2008-09-08 05:47 --------- d-----w C:\Program Files\Stardock
2008-09-08 05:47 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2008-09-05 23:23 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-03 23:52 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-03 11:00 --------- d-----w C:\Program Files\Anno 1701
2008-09-03 08:22 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-09-03 08:22 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-29 19:21 --------- d-----w C:\Documents and Settings\Asus\Application Data\dvdcss
2008-08-29 08:42 --------- d-----w C:\Program Files\VUGames
2008-08-28 20:56 --------- d-----w C:\Program Files\directx
2008-08-28 20:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-27 08:22 --------- d-----w C:\Program Files\Firaxis Games
2008-08-26 15:55 --------- d-----w C:\Program Files\Vuze
2008-08-26 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-24 22:41 --------- d-----w C:\Documents and Settings\Asus\Application Data\Babylon
2008-08-24 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-08-21 08:47 --------- d-----w C:\Program Files\VideoLAN
2008-08-21 08:46 --------- d-----w C:\Documents and Settings\Asus\Application Data\vlc
2008-08-19 14:35 --------- d-----w C:\Documents and Settings\Asus\Application Data\Stardock
2008-08-19 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Stardock
2008-08-19 08:26 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{3ADC3395-6379-4C95-9292-30A373AC55BC}
2008-08-19 08:22 --------- d-----w C:\Program Files\Kalypso
2008-08-18 22:16 --------- d-----w C:\Program Files\Lavasoft
2008-08-18 22:15 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-18 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 15:36 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-14 22:09 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-08-14 22:05 --------- d-----w C:\Program Files\Java
2008-04-10 00:22 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2008-04-10 00:20 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2008-04-10 00:12 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-08-27 14:38 1,015,973 --sha-r C:\Program Files\serial.tde
2006-08-27 14:19 56,239 ----a-w C:\Program Files\svchosts.tbe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFre1.dll" [2008-04-10 1470488]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFre1.dll" [2008-04-10 1470488]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-03-29 36864]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Orange Desktop Search"="C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" [2007-01-17 4938016]
"WindowsAPI32"="C:\rmxgdx.exe" [2008-10-13 45056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"I downloaded pirated Software from P2P"="Star Wars Empire at War Forces of Corruption" [X]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 1953792]
"VC9Player"="C:\Program Files\Virtual CD v9\System\VC9Play.exe" [2007-12-03 202048]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-06-29 2512128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Fichiers communs\logishrd\WUApp32.exe" [2008-02-01 439568]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-03-29 196608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xggwfe.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winax77.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winbp55.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Wanadoo Edition\\Digital Reality\\Haegemonia\\_HGM.TMP"=
"C:\\Program Files\\Wanadoo Edition\\Digital Reality\\Haegemonia - The Solon Heritage\\HGMA.EXE"=
"C:\\Program Files\\Kalypso\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Anno 1701\\Anno1701.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"C:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
"C:\\rmxgdx.exe"=
R1 vdrv9000;vdrv9000;C:\WINDOWS\system32\DRIVERS\vdrv9000.sys [2007-11-14 113168]
R2 VC9SecS;Virtual CD v9 Management Service;C:\Program Files\Virtual CD v9\System\vc9secs.exe [2007-12-03 132416]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
S3 HH9Help.sys;HH9Help.sys;C:\WINDOWS\system32\drivers\HH9Help.sys [2006-09-20 11392]
S3 winax77;winax77;C:\WINDOWS\System32\drivers\Winax77.sys [ ]
S3 winbp55;winbp55;C:\WINDOWS\System32\drivers\Winbp55.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{744d643e-6714-11dd-a772-001d60ea6e54}]
\Shell\AutoRun\command - 3o.exe
\Shell\explore\Command - 3o.exe
\Shell\open\Command - 3o.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
Notify-jyzmii - jyzmii.dll
Notify-xsrbgna - xsrbgna.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Asus\Application Data\Mozilla\Firefox\Profiles\n9hvq2du.default\
FF -: plugin - C:\Documents and Settings\Asus\Application Data\Mozilla\Firefox\Profiles\n9hvq2du.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 23:18:23
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\controlset003\Services\vdrv9000]
"ImagePath"="system32\DRIVERS\vdrv9000.sys"
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Virtual CD v9\System\vc9tray.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 23:22:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 21:22:50
Avant-CF: 49 227 608 064 octets libres
Après-CF: 49,131,536,384 octets libres
270 --- E O F --- 2008-09-10 08:56:28
ComboFix 08-10-12.01 - Asus 2008-10-13 23:13:46.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1542 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Asus\Bureau\Telechargements\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
C:\WINDOWS\Install.txt
C:\WINDOWS\system32\gebARIcC.dll
C:\WINDOWS\system32\gifujndw.ini
C:\WINDOWS\system32\iifcBTJc.dll
C:\WINDOWS\system32\iiFwTKeD.dll
C:\WINDOWS\system32\Install.txt
C:\WINDOWS\system32\oduxftw.sys
C:\WINDOWS\system32\opnLeCTj.dll
C:\WINDOWS\system32\opnlJdaA.dll
C:\WINDOWS\system32\opnlKAsT.dll
C:\WINDOWS\system32\pmnoLecY.dll
C:\WINDOWS\system32\qommKebY.dll
C:\WINDOWS\system32\tmp0_147740624510.bk
C:\WINDOWS\system32\tmp0_192009256388.bk
C:\WINDOWS\system32\tmp0_426081686687.bk
C:\WINDOWS\system32\tmp0_55008162503.bk
C:\WINDOWS\system32\tmp0_620910439848.bk
C:\WINDOWS\system32\tmp0_787139747272.bk
C:\WINDOWS\system32\tmp3_691029771265.bk
C:\WINDOWS\system32\tpszxyd.sys
C:\WINDOWS\system32\wvUnnKaW.dll
C:\WINDOWS\system32\xxYpPIaB.dll
G:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFISICX
-------\Legacy_MABIDWE
-------\Legacy_NOBICYT
-------\Legacy_NOXTCYR
-------\Legacy_NOYTCYR
-------\Legacy_PERFMONS
-------\Legacy_ROXTCTM
-------\Legacy_ROYTCTM
-------\Legacy_SOBICYT
-------\Legacy_SOTPECA
-------\Legacy_SOXPECA
-------\Legacy_TDYDOWKC
-------\Legacy_WSLDOEKD
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.
2008-10-13 22:07 . 2008-10-13 22:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 22:07 . 2008-10-13 22:07 <REP> d-------- C:\Documents and Settings\Asus\Application Data\Malwarebytes
2008-10-13 22:07 . 2008-10-13 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 22:07 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 22:07 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 20:52 . 2008-10-13 20:52 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-13 20:48 . 2008-10-13 20:48 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-13 20:38 . 2008-10-13 21:14 <REP> d-------- C:\SDFix
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\_OTMoveIt
2008-10-13 18:44 . 2008-10-13 18:44 35,840 --a------ C:\WINDOWS\system32\rqrpnMEx.dll
2008-10-13 18:44 . 2008-10-13 18:44 35,840 --a------ C:\WINDOWS\system32\iiFWnNDs.dll
2008-10-13 18:43 . 2008-10-13 18:43 35,840 --a------ C:\WINDOWS\system32\pmnkkHxv.dll
2008-10-13 18:43 . 2008-10-13 18:43 35,840 --a------ C:\WINDOWS\system32\mljJDUnK.dll
2008-10-13 18:42 . 2008-10-13 18:42 35,840 --a------ C:\WINDOWS\system32\iiFyWolK.dll
2008-10-13 18:42 . 2008-10-13 18:42 35,840 --a------ C:\WINDOWS\system32\fccbayyw.dll
2008-10-13 18:17 . 2008-10-13 19:49 <REP> d-------- C:\Lop SD
2008-10-13 16:43 . 2008-10-13 19:20 4,308 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 15:49 . 2008-10-13 15:49 <REP> d-------- C:\Program Files\Trend Micro
2008-10-13 14:23 . 2008-10-13 19:12 45,056 --a------ C:\rmxgdx.exe
2008-10-13 06:46 . 2008-10-13 14:37 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-13 06:35 . 2008-10-13 06:35 <REP> d-------- C:\VundoFix Backups
2008-10-13 02:19 . 2008-10-13 06:06 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-12 23:21 . 2008-03-26 13:01 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-12 23:21 . 2008-03-26 13:01 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-12 23:21 . 2008-03-26 17:07 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-12 23:21 . 2008-03-26 13:01 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-12 23:21 . 2008-03-26 13:01 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-12 23:21 . 2008-03-26 13:01 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-10-12 23:21 . 2008-10-13 06:50 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-12 23:21 . 2008-10-12 23:37 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-12 22:54 . 2008-10-13 22:52 <REP> d-------- C:\Program Files\pkjjpce
2008-10-12 22:54 . 2008-10-12 22:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ijqtyben
2008-10-12 22:53 . 2008-10-12 22:53 <REP> d-------- C:\Documents and Settings\Asus\Application Data\5
2008-10-12 22:53 . 2008-10-12 22:53 40,960 --a------ C:\siggjefi.exe
2008-10-12 22:53 . 2008-10-13 20:34 2,933 --a------ C:\Documents and Settings\Asus\iuns.exe
2008-10-12 14:30 . 2008-10-12 14:30 96 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-10-12 11:30 . 2008-10-12 23:23 <REP> d-------- C:\Program Files\alaplaya
2008-10-10 11:24 . 2006-11-29 19:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-10 11:24 . 2006-09-28 22:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-10-10 11:15 . 2008-10-10 11:15 <REP> d-------- C:\Program Files\Lighthouse Interactive
2008-10-06 00:53 . 2008-10-06 00:53 <REP> d-------- C:\Program Files\LucasArts
2008-10-03 09:15 . 2008-10-03 10:12 <REP> d-------- C:\Program Files\Reaxxion
2008-09-28 18:05 . 2008-09-28 18:05 <REP> d-------- C:\Program Files\Koei
2008-09-28 15:27 . 2008-09-28 15:35 <REP> d-------- C:\Program Files\Virtual Villagers The Secret City
2008-09-28 15:27 . 2008-09-28 15:27 <REP> d-------- C:\Program Files\ReflexiveArcade
2008-09-14 00:36 . 2008-09-14 00:36 <REP> d-------- C:\Program Files\Orange HSS
2008-09-13 15:51 . 2006-08-27 16:00 285,184 --a------ C:\Program Files\shell32.exe
2008-09-13 15:50 . 2008-09-13 15:50 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 17:06 90,112 ----a-w C:\WINDOWS\DUMP6b3d.tmp
2008-10-12 21:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-12 21:23 --------- d-----w C:\Program Files\Foxmail
2008-10-12 20:43 --------- d-----w C:\Program Files\eMule
2008-10-11 19:52 --------- d-----w C:\Program Files\Player Metaboli
2008-10-11 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Exetender
2008-10-10 03:35 --------- d-----w C:\Documents and Settings\Asus\Application Data\Azureus
2008-10-06 12:42 --------- d-----w C:\Documents and Settings\Asus\Application Data\Petroglyph
2008-10-01 06:11 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2008-09-27 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-09-11 05:08 --------- d-----w C:\Documents and Settings\Asus\Application Data\Leadertech
2008-09-11 05:07 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-09-11 05:06 --------- d-----w C:\Program Files\Logitech
2008-09-10 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 12:17 --------- d-----w C:\Program Files\Codemasters
2008-09-08 05:47 --------- d-----w C:\Program Files\Stardock
2008-09-08 05:47 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2008-09-05 23:23 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-03 23:52 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-03 11:00 --------- d-----w C:\Program Files\Anno 1701
2008-09-03 08:22 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-09-03 08:22 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-29 19:21 --------- d-----w C:\Documents and Settings\Asus\Application Data\dvdcss
2008-08-29 08:42 --------- d-----w C:\Program Files\VUGames
2008-08-28 20:56 --------- d-----w C:\Program Files\directx
2008-08-28 20:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-27 08:22 --------- d-----w C:\Program Files\Firaxis Games
2008-08-26 15:55 --------- d-----w C:\Program Files\Vuze
2008-08-26 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-24 22:41 --------- d-----w C:\Documents and Settings\Asus\Application Data\Babylon
2008-08-24 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-08-21 08:47 --------- d-----w C:\Program Files\VideoLAN
2008-08-21 08:46 --------- d-----w C:\Documents and Settings\Asus\Application Data\vlc
2008-08-19 14:35 --------- d-----w C:\Documents and Settings\Asus\Application Data\Stardock
2008-08-19 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Stardock
2008-08-19 08:26 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{3ADC3395-6379-4C95-9292-30A373AC55BC}
2008-08-19 08:22 --------- d-----w C:\Program Files\Kalypso
2008-08-18 22:16 --------- d-----w C:\Program Files\Lavasoft
2008-08-18 22:15 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-18 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 15:36 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-14 22:09 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-08-14 22:05 --------- d-----w C:\Program Files\Java
2008-04-10 00:22 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2008-04-10 00:20 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2008-04-10 00:12 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-08-27 14:38 1,015,973 --sha-r C:\Program Files\serial.tde
2006-08-27 14:19 56,239 ----a-w C:\Program Files\svchosts.tbe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFre1.dll" [2008-04-10 1470488]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFre1.dll" [2008-04-10 1470488]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-03-29 36864]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Orange Desktop Search"="C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" [2007-01-17 4938016]
"WindowsAPI32"="C:\rmxgdx.exe" [2008-10-13 45056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"I downloaded pirated Software from P2P"="Star Wars Empire at War Forces of Corruption" [X]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 1953792]
"VC9Player"="C:\Program Files\Virtual CD v9\System\VC9Play.exe" [2007-12-03 202048]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-06-29 2512128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Fichiers communs\logishrd\WUApp32.exe" [2008-02-01 439568]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-03-29 196608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xggwfe.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winax77.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winbp55.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Wanadoo Edition\\Digital Reality\\Haegemonia\\_HGM.TMP"=
"C:\\Program Files\\Wanadoo Edition\\Digital Reality\\Haegemonia - The Solon Heritage\\HGMA.EXE"=
"C:\\Program Files\\Kalypso\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Anno 1701\\Anno1701.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"C:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
"C:\\rmxgdx.exe"=
R1 vdrv9000;vdrv9000;C:\WINDOWS\system32\DRIVERS\vdrv9000.sys [2007-11-14 113168]
R2 VC9SecS;Virtual CD v9 Management Service;C:\Program Files\Virtual CD v9\System\vc9secs.exe [2007-12-03 132416]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
S3 HH9Help.sys;HH9Help.sys;C:\WINDOWS\system32\drivers\HH9Help.sys [2006-09-20 11392]
S3 winax77;winax77;C:\WINDOWS\System32\drivers\Winax77.sys [ ]
S3 winbp55;winbp55;C:\WINDOWS\System32\drivers\Winbp55.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{744d643e-6714-11dd-a772-001d60ea6e54}]
\Shell\AutoRun\command - 3o.exe
\Shell\explore\Command - 3o.exe
\Shell\open\Command - 3o.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
Notify-jyzmii - jyzmii.dll
Notify-xsrbgna - xsrbgna.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Asus\Application Data\Mozilla\Firefox\Profiles\n9hvq2du.default\
FF -: plugin - C:\Documents and Settings\Asus\Application Data\Mozilla\Firefox\Profiles\n9hvq2du.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 23:18:23
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\controlset003\Services\vdrv9000]
"ImagePath"="system32\DRIVERS\vdrv9000.sys"
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Virtual CD v9\System\vc9tray.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 23:22:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 21:22:50
Avant-CF: 49 227 608 064 octets libres
Après-CF: 49,131,536,384 octets libres
270 --- E O F --- 2008-09-10 08:56:28
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
464
14 oct. 2008 à 00:15
14 oct. 2008 à 00:15
Bien ...
Avant de poursuivre , on va faire quelques vérifs :
1- Avoir accès aux fichiers cachés :
Vas dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valides la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )
=============================
2- Rends toi sur ce site :
https://www.virustotal.com/gui/
Copies ce qui suit et colles le dans l'espace pour la recherche :
C:\rmxgdx.exe
Cliques sur Send File ( = " Envoyer le fichier " ).
Un rapport va s'élaborer ligne à ligne.
Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copies le dans ta prochaine réponse ...
( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )
Fais de même pour :
C:\siggjefi.exe
C:\Documents and Settings\Asus\iuns.exe
C:\WINDOWS\system32\HsInfo.dat
C:\Program Files\serial.tde
C:\WINDOWS\system32\DRIVERS\vdrv9000.sys
C:\Program Files\svchosts.tbe
postes moi donc ces 7 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) ...
une fois ces rapports posté ( et pas avant ), fais la suite :
=====================================
3-Télécharges UsbFix de Chiquitine29 sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
! Déconnectes toi d'internet et fermes toutes applications en cours !
--> Double-cliques sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .
Branches toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .
--> Double-cliques sur le raccourci "UsbFix" qui est sur ton bureau pour lancer l'outil et laisses le travailler .
--> Le pc va redémarrer .
--> Une fois de retour à ton bureau , le rapport "UsbFix.txt" s'affiche .
Fais un copier/coller de son contenu dans ta prochaine réponse pour analyse et attends la suite ....
( Note : le rapport UsbFix.txt est sauvegardé a la racine du disque dur > C:\UsbFix.txt )
PS : Si le Bureau ne réapparait pas, presses Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
tapes explorer.exe et valides .
Avant de poursuivre , on va faire quelques vérifs :
1- Avoir accès aux fichiers cachés :
Vas dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valides la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )
=============================
2- Rends toi sur ce site :
https://www.virustotal.com/gui/
Copies ce qui suit et colles le dans l'espace pour la recherche :
C:\rmxgdx.exe
Cliques sur Send File ( = " Envoyer le fichier " ).
Un rapport va s'élaborer ligne à ligne.
Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copies le dans ta prochaine réponse ...
( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )
Fais de même pour :
C:\siggjefi.exe
C:\Documents and Settings\Asus\iuns.exe
C:\WINDOWS\system32\HsInfo.dat
C:\Program Files\serial.tde
C:\WINDOWS\system32\DRIVERS\vdrv9000.sys
C:\Program Files\svchosts.tbe
postes moi donc ces 7 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) ...
une fois ces rapports posté ( et pas avant ), fais la suite :
=====================================
3-Télécharges UsbFix de Chiquitine29 sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
! Déconnectes toi d'internet et fermes toutes applications en cours !
--> Double-cliques sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .
Branches toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .
--> Double-cliques sur le raccourci "UsbFix" qui est sur ton bureau pour lancer l'outil et laisses le travailler .
--> Le pc va redémarrer .
--> Une fois de retour à ton bureau , le rapport "UsbFix.txt" s'affiche .
Fais un copier/coller de son contenu dans ta prochaine réponse pour analyse et attends la suite ....
( Note : le rapport UsbFix.txt est sauvegardé a la racine du disque dur > C:\UsbFix.txt )
PS : Si le Bureau ne réapparait pas, presses Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
tapes explorer.exe et valides .
Salut pour suivre
bonne suite
@+
bonne suite
@+
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
464
14 oct. 2008 à 00:24
14 oct. 2008 à 00:24
Salut Chiqui ^^
sacré morceau ce cas là ...
sacré morceau ce cas là ...
fado97
Messages postés
110
Date d'inscription
mercredi 9 janvier 2008
Statut
Membre
Dernière intervention
23 avril 2016
14 oct. 2008 à 00:43
14 oct. 2008 à 00:43
Fichier rmxgdx.exe reçu le 2008.10.14 00:33:03 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 TR/Spy.Gen
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 Win32:Hupigon-LIE
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.13 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 Suspicious:W32/Malware!Gemini
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 Win32:Hupigon-LIE
Ikarus T3.1.1.34.0 2008.10.13 Trojan-Downloader.Agent.ZHO
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.13 Heur.Trojan.Generic
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 probably a variant of Win32/Genetik
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 Cloaked Malware
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 Trojan.Spy.Gen
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1719.1 2008.10.13 -
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 45056 bytes
MD5...: ec799e3eacc2b5dfe64e7f1bf58be133
SHA1..: 7462e83b8678eee27d4892ec98fc6a59f6fb61eb
SHA256: 33176491b5f860beec86550cdd2f500dcb7ef566e25bea724bcfbe9e59885fb2
SHA512: eaa64a05cf0f5b593023fc3a6c614e120691172aa978c1acfafca067a3f2db91<br>04741f80e19a70065acad5c597239caa7d2dce4d5148d9e7f7c03bd4a031d3a0
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4055e0<br>timedatestamp.....: 0x48f33352 (Mon Oct 13 11:38:58 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x7f18 0x8000 5.82 31f55d1e6b70ee399e6433a85512a033<br>.rdata 0x9000 0x8c1 0x1000 2.48 12d27ae61446d794be102e11716efc48<br>.data 0xa000 0xcc4 0x1000 4.62 6e6d10847f00143b6e2e1010f3c1d2d5<br><br>( 4 imports ) <br>> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> KERNEL32.dll: InitializeCriticalSection, CreateThread, GetCommandLineA, CreateMutexA, Sleep, GetCurrentThread, GetCurrentThreadId, GetLastError, GetVersion, GetCurrentProcess, GetTickCount, GetProcessHeap, GetCurrentProcessId, DeleteCriticalSection<br>> ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey<br>> msvcrt.dll: strlen, strcat, rand, realloc, atoi, strchr, strstr, strcpy, _snprintf, _time64, _fullpath, free, sscanf, strncpy, srand, strtok, malloc, strrchr, sprintf, exit, gmtime, strncmp, isdigit, _strrev<br><br>( 1 exports ) <br>time<br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=745237B80078EFC5B00B006B5F2ADF00D3645904
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 TR/Spy.Gen
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 Win32:Hupigon-LIE
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.13 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 Suspicious:W32/Malware!Gemini
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 Win32:Hupigon-LIE
Ikarus T3.1.1.34.0 2008.10.13 Trojan-Downloader.Agent.ZHO
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.13 Heur.Trojan.Generic
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 probably a variant of Win32/Genetik
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 Cloaked Malware
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 Trojan.Spy.Gen
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1719.1 2008.10.13 -
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 45056 bytes
MD5...: ec799e3eacc2b5dfe64e7f1bf58be133
SHA1..: 7462e83b8678eee27d4892ec98fc6a59f6fb61eb
SHA256: 33176491b5f860beec86550cdd2f500dcb7ef566e25bea724bcfbe9e59885fb2
SHA512: eaa64a05cf0f5b593023fc3a6c614e120691172aa978c1acfafca067a3f2db91<br>04741f80e19a70065acad5c597239caa7d2dce4d5148d9e7f7c03bd4a031d3a0
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4055e0<br>timedatestamp.....: 0x48f33352 (Mon Oct 13 11:38:58 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x7f18 0x8000 5.82 31f55d1e6b70ee399e6433a85512a033<br>.rdata 0x9000 0x8c1 0x1000 2.48 12d27ae61446d794be102e11716efc48<br>.data 0xa000 0xcc4 0x1000 4.62 6e6d10847f00143b6e2e1010f3c1d2d5<br><br>( 4 imports ) <br>> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> KERNEL32.dll: InitializeCriticalSection, CreateThread, GetCommandLineA, CreateMutexA, Sleep, GetCurrentThread, GetCurrentThreadId, GetLastError, GetVersion, GetCurrentProcess, GetTickCount, GetProcessHeap, GetCurrentProcessId, DeleteCriticalSection<br>> ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey<br>> msvcrt.dll: strlen, strcat, rand, realloc, atoi, strchr, strstr, strcpy, _snprintf, _time64, _fullpath, free, sscanf, strncpy, srand, strtok, malloc, strrchr, sprintf, exit, gmtime, strncmp, isdigit, _strrev<br><br>( 1 exports ) <br>time<br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=745237B80078EFC5B00B006B5F2ADF00D3645904
fado97
Messages postés
110
Date d'inscription
mercredi 9 janvier 2008
Statut
Membre
Dernière intervention
23 avril 2016
14 oct. 2008 à 00:46
14 oct. 2008 à 00:46
Fichier siggjefi.exe reçu le 2008.10.14 00:44:15 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 Win-Trojan/Downloader.27136.BZ
AntiVir 7.8.1.34 2008.10.13 TR/Small.xzz
Authentium 5.1.0.4 2008.10.13 W32/Backdoor2.CCMC
Avast 4.8.1248.0 2008.10.14 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.13 Dropper.Agent.JYC
BitDefender 7.2 2008.10.14 Dropped:Trojan.PWS.Yaludle.B
CAT-QuickHeal 9.50 2008.10.13 Trojan.Small.xyi
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 Trojan.MulDrop.18492
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 W32/Backdoor2.CCMC
F-Secure 8.0.14332.0 2008.10.13 Trojan.Win32.Small.xyi
Fortinet 3.113.0.0 2008.10.14 PossibleThreat
GData 19 2008.10.14 Dropped:Trojan.PWS.Yaludle.B
Ikarus T3.1.1.34.0 2008.10.13 PWS.Win32.Yaludle.A
K7AntiVirus 7.10.492 2008.10.13 Trojan.Win32.Small.xyi
Kaspersky 7.0.0.125 2008.10.14 Trojan.Win32.Small.xyi
McAfee 5403 2008.10.11 Generic PWS.y
Microsoft 1.4005 2008.10.14 PWS:Win32/Yaludle.A
NOD32 3519 2008.10.14 Win32/Agent.QSF
Norman 5.80.02 2008.10.13 W32/Smalltroj.HPOS
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 Trojan.Win32.Small.xyi
SecureWeb-Gateway 6.7.6 2008.10.13 Trojan.Small.xzz
Sophos 4.34.0 2008.10.13 Mal/Generic-A
Sunbelt 3.1.1719.1 2008.10.13 Trojan.Win32.Small.xyi
Symantec 10 2008.10.14 Trojan.Silentbanker
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 Trojan.Win32.Small.xyi
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 Trojan.Alureon.KY
Information additionnelle
File size: 40960 bytes
MD5...: 62f76717050fc800f1edf80b3da4f7fe
SHA1..: 709bc6b0e4433ee4b51f16e77357146d0cb5ccc4
SHA256: 437976d480fce0279e751e0b66224fe99ff2f57fdf8d152b079befcc436ba525
SHA512: 734c4459b905714054b69ece343ad623b714ae26cb9c3e14bc9ea65887c0396e<br>4d76e5569684fce007ba4c9eb0b95ef6b076c9131c07bde68805974edc92b7ed
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x401301<br>timedatestamp.....: 0x48c04424 (Thu Sep 04 20:25:08 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x4ef 0x1000 2.43 320059d191645476667fb3f626fa490e<br>.rdata 0x2000 0x132 0x1000 0.50 18b2970fb683f42c7fab952260a5bdb3<br>.data 0x3000 0x1144 0x2000 0.49 cd61d1cb35020a657fed326eb8c58a0d<br>.rsrc 0x5000 0x4a70 0x5000 5.51 6c30736fa6850217c7598c44b1dfc7ab<br><br>( 2 imports ) <br>> KERNEL32.dll: CloseHandle, WriteFile, SetFilePointer, lstrcatA, IsBadReadPtr, lstrlenA, GetProcAddress, GetModuleHandleA<br>> MSVCRT.dll: memset<br><br>( 0 exports ) <br>
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 Win-Trojan/Downloader.27136.BZ
AntiVir 7.8.1.34 2008.10.13 TR/Small.xzz
Authentium 5.1.0.4 2008.10.13 W32/Backdoor2.CCMC
Avast 4.8.1248.0 2008.10.14 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.13 Dropper.Agent.JYC
BitDefender 7.2 2008.10.14 Dropped:Trojan.PWS.Yaludle.B
CAT-QuickHeal 9.50 2008.10.13 Trojan.Small.xyi
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 Trojan.MulDrop.18492
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 W32/Backdoor2.CCMC
F-Secure 8.0.14332.0 2008.10.13 Trojan.Win32.Small.xyi
Fortinet 3.113.0.0 2008.10.14 PossibleThreat
GData 19 2008.10.14 Dropped:Trojan.PWS.Yaludle.B
Ikarus T3.1.1.34.0 2008.10.13 PWS.Win32.Yaludle.A
K7AntiVirus 7.10.492 2008.10.13 Trojan.Win32.Small.xyi
Kaspersky 7.0.0.125 2008.10.14 Trojan.Win32.Small.xyi
McAfee 5403 2008.10.11 Generic PWS.y
Microsoft 1.4005 2008.10.14 PWS:Win32/Yaludle.A
NOD32 3519 2008.10.14 Win32/Agent.QSF
Norman 5.80.02 2008.10.13 W32/Smalltroj.HPOS
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 Trojan.Win32.Small.xyi
SecureWeb-Gateway 6.7.6 2008.10.13 Trojan.Small.xzz
Sophos 4.34.0 2008.10.13 Mal/Generic-A
Sunbelt 3.1.1719.1 2008.10.13 Trojan.Win32.Small.xyi
Symantec 10 2008.10.14 Trojan.Silentbanker
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 Trojan.Win32.Small.xyi
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 Trojan.Alureon.KY
Information additionnelle
File size: 40960 bytes
MD5...: 62f76717050fc800f1edf80b3da4f7fe
SHA1..: 709bc6b0e4433ee4b51f16e77357146d0cb5ccc4
SHA256: 437976d480fce0279e751e0b66224fe99ff2f57fdf8d152b079befcc436ba525
SHA512: 734c4459b905714054b69ece343ad623b714ae26cb9c3e14bc9ea65887c0396e<br>4d76e5569684fce007ba4c9eb0b95ef6b076c9131c07bde68805974edc92b7ed
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x401301<br>timedatestamp.....: 0x48c04424 (Thu Sep 04 20:25:08 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x4ef 0x1000 2.43 320059d191645476667fb3f626fa490e<br>.rdata 0x2000 0x132 0x1000 0.50 18b2970fb683f42c7fab952260a5bdb3<br>.data 0x3000 0x1144 0x2000 0.49 cd61d1cb35020a657fed326eb8c58a0d<br>.rsrc 0x5000 0x4a70 0x5000 5.51 6c30736fa6850217c7598c44b1dfc7ab<br><br>( 2 imports ) <br>> KERNEL32.dll: CloseHandle, WriteFile, SetFilePointer, lstrcatA, IsBadReadPtr, lstrlenA, GetProcAddress, GetModuleHandleA<br>> MSVCRT.dll: memset<br><br>( 0 exports ) <br>
fado97
Messages postés
110
Date d'inscription
mercredi 9 janvier 2008
Statut
Membre
Dernière intervention
23 avril 2016
14 oct. 2008 à 00:49
14 oct. 2008 à 00:49
Fichier iuns.exe reçu le 2008.10.14 00:47:04 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 TR/Dldr.Small.DDT.1
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 Win32:Small-LLZ
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 BehavesLike:Trojan.Downloader
CAT-QuickHeal 9.50 2008.10.13 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.10.13 Trojan.OnlineGames-1517
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 Suspicious File
eTrust-Vet 31.6.6146 2008.10.13 Win32/Harnig!generic
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 Trojan-Downloader.Win32.Harnig.dr
Fortinet 3.113.0.0 2008.10.14 W32/Small.DRU!tr.dldr
GData 19 2008.10.14 Win32:Small-LLZ
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 Trojan-Downloader.Win32.Harnig.dr
Kaspersky 7.0.0.125 2008.10.14 Trojan-Downloader.Win32.Harnig.dr
McAfee 5403 2008.10.11 Generic Downloader.x
Microsoft 1.4005 2008.10.14 TrojanDownloader:Win32/Harnig.gen!L
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 W32/Packed_FSG.D
Panda 9.0.0.4 2008.10.13 Adware/Secure32
PCTools 4.4.2.0 2008.10.13 Packed/FSG
Prevx1 V2 2008.10.14 Cloaked Malware
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 Trojan.Dldr.Small.DDT.1
Sophos 4.34.0 2008.10.13 Mal/Packer
Sunbelt 3.1.1719.1 2008.10.13 Trojan.Unidentified.Gen.FN
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 PAK_Generic.001
VBA32 3.12.8.6 2008.10.13 suspected of Win32.Trojan.Downloader (http://...)
ViRobot 2008.10.13.1417 2008.10.13 Trojan.Win32.Downloader.2933
VirusBuster 4.5.11.0 2008.10.13 Packed/FSG
Information additionnelle
File size: 2933 bytes
MD5...: c35939f1adc5105519d7a50e13b09116
SHA1..: 8f57567543b225e99dca1a0eb3882ed1e37e6898
SHA256: b4f6f4dd372c20fda444897cd0a2bdb53a56c5361bb758057cd944c5a9becaf7
SHA512: 16c37b03f2184e1c9e8dcb419711d0cb10038451ecdcf804f7f2c5a4c0f3e81b<br>d094e6829cee9b2dd28ae5c001865d926751a6a3a272c5ad36fe6718d4ee71e3
PEiD..: FSG v2.0 -> bart/xt
TrID..: File type identification<br>Win32 Executable Generic (67.9%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Targa bitmap (Original TGA Format) (0.0%)<br>MS Flight Simulator Aircraft Performance Info (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x400154<br>timedatestamp.....: 0x21475346 (Fri Sep 11 01:35:02 1987)<br>machinetype.......: 0x14c (I386)<br><br>( 2 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br> 0x1000 0x3000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br> 0x4000 0x1000 0x975 7.74 a1be49c9cbad0169230eaf94ef69d81a<br><br>( 1 imports ) <br>> KERNEL32.dll: LoadLibraryA, GetProcAddress<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=CAE6D5EB75FF245C0B950028AA23CD00B79BCD14
packers (Kaspersky): FSG
packers (Avast): FSG
packers (F-Prot): FSG
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 TR/Dldr.Small.DDT.1
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 Win32:Small-LLZ
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 BehavesLike:Trojan.Downloader
CAT-QuickHeal 9.50 2008.10.13 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.10.13 Trojan.OnlineGames-1517
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 Suspicious File
eTrust-Vet 31.6.6146 2008.10.13 Win32/Harnig!generic
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 Trojan-Downloader.Win32.Harnig.dr
Fortinet 3.113.0.0 2008.10.14 W32/Small.DRU!tr.dldr
GData 19 2008.10.14 Win32:Small-LLZ
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 Trojan-Downloader.Win32.Harnig.dr
Kaspersky 7.0.0.125 2008.10.14 Trojan-Downloader.Win32.Harnig.dr
McAfee 5403 2008.10.11 Generic Downloader.x
Microsoft 1.4005 2008.10.14 TrojanDownloader:Win32/Harnig.gen!L
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 W32/Packed_FSG.D
Panda 9.0.0.4 2008.10.13 Adware/Secure32
PCTools 4.4.2.0 2008.10.13 Packed/FSG
Prevx1 V2 2008.10.14 Cloaked Malware
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 Trojan.Dldr.Small.DDT.1
Sophos 4.34.0 2008.10.13 Mal/Packer
Sunbelt 3.1.1719.1 2008.10.13 Trojan.Unidentified.Gen.FN
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 PAK_Generic.001
VBA32 3.12.8.6 2008.10.13 suspected of Win32.Trojan.Downloader (http://...)
ViRobot 2008.10.13.1417 2008.10.13 Trojan.Win32.Downloader.2933
VirusBuster 4.5.11.0 2008.10.13 Packed/FSG
Information additionnelle
File size: 2933 bytes
MD5...: c35939f1adc5105519d7a50e13b09116
SHA1..: 8f57567543b225e99dca1a0eb3882ed1e37e6898
SHA256: b4f6f4dd372c20fda444897cd0a2bdb53a56c5361bb758057cd944c5a9becaf7
SHA512: 16c37b03f2184e1c9e8dcb419711d0cb10038451ecdcf804f7f2c5a4c0f3e81b<br>d094e6829cee9b2dd28ae5c001865d926751a6a3a272c5ad36fe6718d4ee71e3
PEiD..: FSG v2.0 -> bart/xt
TrID..: File type identification<br>Win32 Executable Generic (67.9%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Targa bitmap (Original TGA Format) (0.0%)<br>MS Flight Simulator Aircraft Performance Info (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x400154<br>timedatestamp.....: 0x21475346 (Fri Sep 11 01:35:02 1987)<br>machinetype.......: 0x14c (I386)<br><br>( 2 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br> 0x1000 0x3000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br> 0x4000 0x1000 0x975 7.74 a1be49c9cbad0169230eaf94ef69d81a<br><br>( 1 imports ) <br>> KERNEL32.dll: LoadLibraryA, GetProcAddress<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=CAE6D5EB75FF245C0B950028AA23CD00B79BCD14
packers (Kaspersky): FSG
packers (Avast): FSG
packers (F-Prot): FSG
fado97
Messages postés
110
Date d'inscription
mercredi 9 janvier 2008
Statut
Membre
Dernière intervention
23 avril 2016
14 oct. 2008 à 00:56
14 oct. 2008 à 00:56
Fichier HsInfo.dat reçu le 2008.10.14 00:53:03 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 -
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 -
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 -
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.14 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 -
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1719.1 2008.10.13 -
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 96 bytes
MD5...: c5e84d7f42b8983f76810cdc74a041a9
SHA1..: 3019ae15ffb4ab7aacc7b2a041f09a28433190fe
SHA256: 05a580d6147820b08f0303b7d4155570539cf254bcbf144eadb77feaa9a19dbc
SHA512: 69b996a58dd1e6b6782a0ef919c2f60506e23b769852d1eccf7497c610375c40<br>98c89cd75b45c88ff25ddc49af36562999c9e4348a3c43c415c65b68283fe290
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 -
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 -
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 -
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.14 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 -
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1719.1 2008.10.13 -
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 96 bytes
MD5...: c5e84d7f42b8983f76810cdc74a041a9
SHA1..: 3019ae15ffb4ab7aacc7b2a041f09a28433190fe
SHA256: 05a580d6147820b08f0303b7d4155570539cf254bcbf144eadb77feaa9a19dbc
SHA512: 69b996a58dd1e6b6782a0ef919c2f60506e23b769852d1eccf7497c610375c40<br>98c89cd75b45c88ff25ddc49af36562999c9e4348a3c43c415c65b68283fe290
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
fado97
Messages postés
110
Date d'inscription
mercredi 9 janvier 2008
Statut
Membre
Dernière intervention
23 avril 2016
14 oct. 2008 à 01:02
14 oct. 2008 à 01:02
Fichier serial.tde reçu le 2008.10.14 01:00:16 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 -
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 Win32:Peerad
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 -
Fortinet 3.113.0.0 2008.10.14 W32/Small.DUI!tr.dldr
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.14 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 -
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1722.1 2008.10.14 <Encrypted Archive>
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 1015973 bytes
MD5...: 13a3adb2352d6f37813e928f41ee1973
SHA1..: 6b239862ad08271f78749499cbad5dbbf236b34d
SHA256: 1273467394eb4b395b171b26901da5d223478f139fb344b88109e0fd0170ff93
SHA512: a4cd3b4cfd3e1317f97abdf1023a596c0a67b7e29494d79b4be1dae3743c3176<br>5a1cce9a175e49762bd99a4b57af6eb149f37198f823dc60cc01f290eb2b062a
PEiD..: -
TrID..: File type identification<br>ZIP compressed archive (100.0%)
PEInfo: -
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 -
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 Win32:Peerad
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 -
Fortinet 3.113.0.0 2008.10.14 W32/Small.DUI!tr.dldr
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.14 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 -
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1722.1 2008.10.14 <Encrypted Archive>
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 1015973 bytes
MD5...: 13a3adb2352d6f37813e928f41ee1973
SHA1..: 6b239862ad08271f78749499cbad5dbbf236b34d
SHA256: 1273467394eb4b395b171b26901da5d223478f139fb344b88109e0fd0170ff93
SHA512: a4cd3b4cfd3e1317f97abdf1023a596c0a67b7e29494d79b4be1dae3743c3176<br>5a1cce9a175e49762bd99a4b57af6eb149f37198f823dc60cc01f290eb2b062a
PEiD..: -
TrID..: File type identification<br>ZIP compressed archive (100.0%)
PEInfo: -
fado97
Messages postés
110
Date d'inscription
mercredi 9 janvier 2008
Statut
Membre
Dernière intervention
23 avril 2016
14 oct. 2008 à 01:05
14 oct. 2008 à 01:05
Fichier vdrv9000.sys reçu le 2008.10.14 01:03:10 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 -
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 -
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 -
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.14 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 -
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1722.1 2008.10.14 -
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 113168 bytes
MD5...: 20afd8210dc2b83aab0d46886bc701f6
SHA1..: 8b7766dda270995c4acd5707953c246f7ab86863
SHA256: 65cfea699b222d6781ed4535b338a698c586a7fe5346432d7a1884c4ef76f19a
SHA512: 71c8a1926b022e424c3189320b43a934edb98eb0cf03c0d710126005373a2e4f<br>5b0a782127bd6408c3a5ee4f528eb8f7add41b3068964a7f4c430d935ae3cdc8
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (87.2%)<br>Win32 Executable Generic (8.6%)<br>Generic Win/DOS Executable (2.0%)<br>DOS Executable Generic (2.0%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2c005<br>timedatestamp.....: 0x4732c30a (Thu Nov 08 08:04:26 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x141d7 0x14200 6.68 3a7e8c10ca686c51a3105a804cafefc3<br>.rdata 0x16000 0x5fc 0x600 3.94 f808860965118e0aa996e81c07b13c77<br>.data 0x17000 0x40f0 0x3c00 6.08 f769908b5b339f5b15391824a5a98d44<br>INIT 0x1c000 0x686 0x800 4.96 fe06796734bd6b27bcfc64ae6da1a9c1<br>.rsrc 0x1d000 0x3d8 0x400 3.24 bc87b2de1a1e762f96b2401e5c457f39<br>.reloc 0x1e000 0xa3e 0xc00 5.83 768886b041c57371b248ab3986d0418d<br><br>( 3 imports ) <br>> ntoskrnl.exe: KeWaitForSingleObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, _alldiv, _allmul, IofCompleteRequest, memmove, ZwQuerySystemInformation, MmGetSystemRoutineAddress, RtlInitUnicodeString, InitSafeBootMode, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, ExAllocatePoolWithTag, ExFreePoolWithTag, RtlUnicodeStringToAnsiString, RtlQueryRegistryValues, PsRevertToSelf, SeImpersonateClient, ZwCreateFile, ZwReadFile, ZwClose, RtlWriteRegistryValue, ObfDereferenceObject, KeGetCurrentThread, SeCreateClientSecurity, ZwSetValueKey, KeQuerySystemTime, ZwQueryValueKey, ZwFlushKey, ZwOpenKey, ZwCreateKey, RtlAnsiStringToUnicodeString, RtlInitAnsiString, wcsrchr, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwOpenSection, ZwCreateSection, ObfReferenceObject, KeClearEvent, IoCreateSynchronizationEvent, RtlRandom, ZwFlushVirtualMemory, _allrem, ZwWriteFile, KeTickCount, KeBugCheckEx, RtlUnwind, sprintf, strrchr, PsGetCurrentProcessId, strncpy, KeSetEvent, memset, SeTokenType, memcpy<br>> HAL.dll: KeQueryPerformanceCounter, KeGetCurrentIrql<br>> SCSIPORT.SYS: ScsiPortNotification, ScsiPortInitialize, ScsiPortLogError, ScsiPortGetSrb<br><br>( 0 exports ) <br>
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 -
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 -
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 -
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.14 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 -
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1722.1 2008.10.14 -
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 113168 bytes
MD5...: 20afd8210dc2b83aab0d46886bc701f6
SHA1..: 8b7766dda270995c4acd5707953c246f7ab86863
SHA256: 65cfea699b222d6781ed4535b338a698c586a7fe5346432d7a1884c4ef76f19a
SHA512: 71c8a1926b022e424c3189320b43a934edb98eb0cf03c0d710126005373a2e4f<br>5b0a782127bd6408c3a5ee4f528eb8f7add41b3068964a7f4c430d935ae3cdc8
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (87.2%)<br>Win32 Executable Generic (8.6%)<br>Generic Win/DOS Executable (2.0%)<br>DOS Executable Generic (2.0%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2c005<br>timedatestamp.....: 0x4732c30a (Thu Nov 08 08:04:26 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x141d7 0x14200 6.68 3a7e8c10ca686c51a3105a804cafefc3<br>.rdata 0x16000 0x5fc 0x600 3.94 f808860965118e0aa996e81c07b13c77<br>.data 0x17000 0x40f0 0x3c00 6.08 f769908b5b339f5b15391824a5a98d44<br>INIT 0x1c000 0x686 0x800 4.96 fe06796734bd6b27bcfc64ae6da1a9c1<br>.rsrc 0x1d000 0x3d8 0x400 3.24 bc87b2de1a1e762f96b2401e5c457f39<br>.reloc 0x1e000 0xa3e 0xc00 5.83 768886b041c57371b248ab3986d0418d<br><br>( 3 imports ) <br>> ntoskrnl.exe: KeWaitForSingleObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, _alldiv, _allmul, IofCompleteRequest, memmove, ZwQuerySystemInformation, MmGetSystemRoutineAddress, RtlInitUnicodeString, InitSafeBootMode, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, ExAllocatePoolWithTag, ExFreePoolWithTag, RtlUnicodeStringToAnsiString, RtlQueryRegistryValues, PsRevertToSelf, SeImpersonateClient, ZwCreateFile, ZwReadFile, ZwClose, RtlWriteRegistryValue, ObfDereferenceObject, KeGetCurrentThread, SeCreateClientSecurity, ZwSetValueKey, KeQuerySystemTime, ZwQueryValueKey, ZwFlushKey, ZwOpenKey, ZwCreateKey, RtlAnsiStringToUnicodeString, RtlInitAnsiString, wcsrchr, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwOpenSection, ZwCreateSection, ObfReferenceObject, KeClearEvent, IoCreateSynchronizationEvent, RtlRandom, ZwFlushVirtualMemory, _allrem, ZwWriteFile, KeTickCount, KeBugCheckEx, RtlUnwind, sprintf, strrchr, PsGetCurrentProcessId, strncpy, KeSetEvent, memset, SeTokenType, memcpy<br>> HAL.dll: KeQueryPerformanceCounter, KeGetCurrentIrql<br>> SCSIPORT.SYS: ScsiPortNotification, ScsiPortInitialize, ScsiPortLogError, ScsiPortGetSrb<br><br>( 0 exports ) <br>
fado97
Messages postés
110
Date d'inscription
mercredi 9 janvier 2008
Statut
Membre
Dernière intervention
23 avril 2016
14 oct. 2008 à 01:08
14 oct. 2008 à 01:08
Fichier svchosts.tbe reçu le 2008.10.14 01:06:38 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 -
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 -
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 -
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.14 Password-protected-EXE
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 -
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1722.1 2008.10.14 <Encrypted Archive>
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 56239 bytes
MD5...: 1e3013a4fe9f5ab192c99dca7ade2e44
SHA1..: fe374b9c37cbbeedafe3346d33ffbd9b542dd4b1
SHA256: e565451b8700410c1e3a1b4d1747cf2f8401eda26f33818473720be3789a3fab
SHA512: 82eb8a58f13067f9cd552a59ae4d95f25b4f43985173ee38ea5f22ef3c3ba8e5<br>1e0457e3cde1ede0046c267a2ef20b4930aedd578d772d41fa01fe877618c86d
PEiD..: -
TrID..: File type identification<br>ZIP compressed archive (100.0%)
PEInfo: -
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 -
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 -
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 -
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.14 Password-protected-EXE
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 -
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1722.1 2008.10.14 <Encrypted Archive>
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 56239 bytes
MD5...: 1e3013a4fe9f5ab192c99dca7ade2e44
SHA1..: fe374b9c37cbbeedafe3346d33ffbd9b542dd4b1
SHA256: e565451b8700410c1e3a1b4d1747cf2f8401eda26f33818473720be3789a3fab
SHA512: 82eb8a58f13067f9cd552a59ae4d95f25b4f43985173ee38ea5f22ef3c3ba8e5<br>1e0457e3cde1ede0046c267a2ef20b4930aedd578d772d41fa01fe877618c86d
PEiD..: -
TrID..: File type identification<br>ZIP compressed archive (100.0%)
PEInfo: -
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
464
14 oct. 2008 à 01:13
14 oct. 2008 à 01:13
très bien ...
le temps que tu faces USBFix , je te prépare la suite ...
le temps que tu faces USBFix , je te prépare la suite ...
fado97
Messages postés
110
Date d'inscription
mercredi 9 janvier 2008
Statut
Membre
Dernière intervention
23 avril 2016
14 oct. 2008 à 01:17
14 oct. 2008 à 01:17
-------------- UsbFix V1.095 ---------------
* User : Asus - ORGANIX
* Outils mis a jours le 13/10/2008 par Chiquitine29
* Recherche effectuée à 1:12:33 le 14/10/2008
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\vc9secs.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\Asus\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
E: - Lecteur fixe
G: - Lecteur amovible
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
RTHDCPL REG_SZ RTHDCPL.EXE
JMB36X IDE Setup REG_SZ C:\WINDOWS\RaidTool\xInsIDE.exe
36X Raid Configurer REG_SZ C:\WINDOWS\system32\xRaidSetup.exe boot
VC9Player REG_SZ C:\Program Files\Virtual CD v9\System\VC9Play.exe
OODefragTray REG_SZ C:\WINDOWS\system32\oodtray.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
I downloaded pirated Software from P2P REG_SZ Star Wars Empire at War Forces of Corruption
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Orange Desktop Search REG_SZ "C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" /tray
WindowsAPI32 REG_SZ C:\rmxgdx.exe
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1214440339-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1214440339-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1214440339-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
--------------- ! Fin du rapport ! ----------------
* User : Asus - ORGANIX
* Outils mis a jours le 13/10/2008 par Chiquitine29
* Recherche effectuée à 1:12:33 le 14/10/2008
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\vc9secs.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\Asus\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
E: - Lecteur fixe
G: - Lecteur amovible
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
RTHDCPL REG_SZ RTHDCPL.EXE
JMB36X IDE Setup REG_SZ C:\WINDOWS\RaidTool\xInsIDE.exe
36X Raid Configurer REG_SZ C:\WINDOWS\system32\xRaidSetup.exe boot
VC9Player REG_SZ C:\Program Files\Virtual CD v9\System\VC9Play.exe
OODefragTray REG_SZ C:\WINDOWS\system32\oodtray.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
I downloaded pirated Software from P2P REG_SZ Star Wars Empire at War Forces of Corruption
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Orange Desktop Search REG_SZ "C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" /tray
WindowsAPI32 REG_SZ C:\rmxgdx.exe
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1214440339-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1214440339-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1214440339-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
--------------- ! Fin du rapport ! ----------------
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
464
14 oct. 2008 à 01:27
14 oct. 2008 à 01:27
Très bien ...
-> refais un coup de CCleaner ( registre compris ) .
Et voilà la suite :
1-Crées un doc texte sur ton bureau :
pointes ta souris sur ton bureau , cliques droit : vas dans "nouveau" et choisis "document texte" .
Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :
2-Nettoyage :
!! Déconnectes toi, fermes toutes tes applications et désactives TOUTES TES DEFENSES ( tu les réactiveras après ) !!
--->Sur ton bureau, fais un glissé avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .
(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )
Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tapes 1 puis valide.
Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)
!! Ne touches à rien tant que le scan n'est pas terminé !!
Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.
Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...
( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )
-> refais un coup de CCleaner ( registre compris ) .
Et voilà la suite :
1-Crées un doc texte sur ton bureau :
pointes ta souris sur ton bureau , cliques droit : vas dans "nouveau" et choisis "document texte" .
Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :
Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "I downloaded pirated Software from P2P"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"="" [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winax77.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winbp55.sys] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\rmxgdx.exe"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsAPI32"=- File:: C:\WINDOWS\system32\rqrpnMEx.dll C:\WINDOWS\system32\iiFWnNDs.dll C:\WINDOWS\system32\pmnkkHxv.dll C:\WINDOWS\system32\mljJDUnK.dll C:\WINDOWS\system32\iiFyWolK.dll C:\WINDOWS\system32\fccbayyw.dll C:\WINDOWS\system32\tmp.reg C:\WINDOWS\DUMP6b3d.tmp C:\rmxgdx.exe C:\siggjefi.exe C:\Documents and Settings\Asus\iuns.exe C:\Program Files\serial.tde C:\Program Files\svchosts.tbe C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe Folder:: C:\VundoFix Backups C:\Program Files\pkjjpce C:\Documents and Settings\All Users\Application Data\ijqtyben C:\Documents and Settings\Asus\Application Data\5 C:\Program Files\Rapid Antivirus Driver:: winax77 winbp55 DirLook:: C:\Documents and Settings\Asus\Application Data\Petroglyph C:\Program Files\alaplaya
2-Nettoyage :
!! Déconnectes toi, fermes toutes tes applications et désactives TOUTES TES DEFENSES ( tu les réactiveras après ) !!
--->Sur ton bureau, fais un glissé avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .
(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )
Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tapes 1 puis valide.
Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)
!! Ne touches à rien tant que le scan n'est pas terminé !!
Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.
Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...
( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )
fado97
Messages postés
110
Date d'inscription
mercredi 9 janvier 2008
Statut
Membre
Dernière intervention
23 avril 2016
14 oct. 2008 à 02:06
14 oct. 2008 à 02:06
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:44:57, on 14/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\vc9secs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Virtual CD v9\System\VC9Play.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE
C:\Program Files\Virtual CD v9\System\VC9Tray.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [VC9Player] C:\Program Files\Virtual CD v9\System\VC9Play.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\vc9secs.exe
Scan saved at 01:44:57, on 14/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\vc9secs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Virtual CD v9\System\VC9Play.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE
C:\Program Files\Virtual CD v9\System\VC9Tray.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [VC9Player] C:\Program Files\Virtual CD v9\System\VC9Play.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\vc9secs.exe
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
464
14 oct. 2008 à 02:16
14 oct. 2008 à 02:16
Il me faut aussi le rapport de Combofix stp ...
C:\Combofix.txt
C:\Combofix.txt
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
464
14 oct. 2008 à 02:23
14 oct. 2008 à 02:23
re,
si il est trop long , postes le en plusieur fois pour qui passe ...
si il est trop long , postes le en plusieur fois pour qui passe ...